We have what is effectively an API broker or proxy tool between our Appian instance and an API we consume. The broker/proxy requires API Authentication to properly identify our system and allow access to the API's that it brokers. It does not however leverage it's own API keys to the services it represents. As a result, we have to pass a second API key through as a header.However, I have security concerns about the storage and security of this second key.
Has anyone had experience and advice to secure this secondary key? It appears as clear text in the request headers, must be available in the integration or connected system (unlike the primary API key - which is masked and unreadable in the Connected System), and I cannot use the secure credential store to secure it. Even if I store it in a constant, I'm concerned about the potential security.
Advice greatly appreciated.
Discussion posts and replies are publicly visible