You can embed the keys instead of keeping them in plain site. check this session I think you will find some useful stuff: http://tv.adobe.com/watch/360flex-conference/encrypting-flex-protecting-revenue-by-andrew-westberg/
C ________________________________ From: Haykel BEN JEMIA <hayke...@gmail.com> To: flexcoders <flexcoders@yahoogroups.com> Sent: Monday, September 26, 2011 12:00 PM Subject: [flexcoders] Restrict access to an API to only allowed applications Hi, I'm looking for the best and most secure way to restrict access to a web API to only allowed applications. The best option I found is to use 2-Legged OAuth where applications would get a consumer key and a secret key. The problem here is that SWF files can be easily decompiled and the keys extracted. My questions here are: * Does anybody know a way to protect the keys? * Is there another authorization mechanism that is better suited for such client applications in general (Flash, JavaScript ...) Thanks. Haykel Ben Jemia Allmas Web & RIA Development http://www.allmas-tn.com