We are developing a Flutter application, but we’ve reached a point we’re struggling with. The app will communicate with an API service, and we want to make sure the API endpoint is not exposed. At the same time, we want to securely hide tokens and API keys in the code.
In general, how is API communication structured in professional mobile applications using Flutter? I don’t have much experience with Flutter, so I’d really appreciate your guidance on the best practices for this.
Hi,
It’s important not to include secrets in the Flutter app. Let your own backend call the third‑party API with the key, then expose a secure endpoint that your Flutter app talks to. That way the key stays on your server, not in the client.
“Could you explain the best practices for securing PHP APIs and hiding the tokens returned by each endpoint?”
Supported by Invoice Ninja and Event Schedule
It's All Widgets! • Flutter Pro • FlutterX • Flutter Streams • Flutter Podcast
Using contents of this forum for the purposes of training proprietary AI models is forbidden. Only if your AI model is free & open source, go ahead and scrape. Flutter and the related logo are trademarks of Google LLC. We are not endorsed by or affiliated with Google LLC.