How should I handle API keys in a mobile application?
You shouldn’t store API keys in mobile applications. There are tools to extract data from mobile apps, so you should never hardcode any sensitive information. Additionally, your users might not update your application as often as you’d want. If you ever need to rotate an API key that you use in your mobile app, it will stop working for all users who don’t update.
Instead, we recommend fetching them dynamically from your application’s back end. There are many ways to do so, each depending on the specificities of your back end. You can find plenty of resources online, but here are some examples: