Hackathon Tutorial: How to Protect API Key in Your Hackathon Demo

Friday, August 18, 2023 by abdibrokhim
Hackathon Tutorial: How to Protect API Key in Your Hackathon Demo


Participating in hackathons offers an exhilarating opportunity to learn, collaborate, and potentially win prizes. These events immerse you in a whirlwind of innovation, where you develop and showcase your projects in a short span of time. While the rush to create a winning product demo is intense, it's crucial not to overlook the importance of security—especially when it comes to protecting sensitive data like your API key.

As you embark on your hackathon journey, envision creating a solution that can change the game. Whether you're building a cutting-edge app, a groundbreaking platform, or a transformative service, your product demo is the first glimpse into your idea's potential. However, the excitement of sharing your creation shouldn't overshadow the need to safeguard your API key from prying eyes. In this tutorial, we'll walk you through the process of securing your API key in your demo project, ensuring your efforts remain protected and focused on innovation.

Understanding the Risk: Why API Key Security Matters

Imagine: you've put countless hours into crafting a demo that utilizes an API to enhance its functionality. This API, powered by an API key, is the bridge connecting your project to a powerful external resource. But if your API key falls into the wrong hands, your vision could be derailed before it even gets off the ground.

Hackathons are exciting breeding grounds for talent, ideas, and networking opportunities. However, they're also environments where security vulnerabilities can be exploited. Failing to safeguard your API key exposes you to risks such as:

Data Breaches and Misuse

Unprotected API keys can be easily exploited, allowing malicious actors to gain unauthorized access to sensitive information or manipulate your demo's functionality for their gain.

Reputation Damage

A security breach can tarnish your reputation as a developer and compromise the trust you've built with potential users, mentors, and collaborators.

Idea Theft

In the competitive arena of hackathons, an unprotected API key can enable others to replicate or steal your innovative ideas and integrate them into their own projects.

Financial Implications

If your API key is misused to access premium services, you could be held responsible for unexpected expenses, disrupting your project's budget.

Let's get started

First thing first. Open Visual Studio Code and click Clone Repository.

Clone Repository
Clone Repository

Then, paste the repository URL PaLM2 Tutorial and hit Enter.

Clone Repository Input Field
Clone Repository Input Field

Alternatively, you can clone the repository using the command line. Open your terminal and run the following command.

git clone https://github.com/abdibrokhim/PaLM2-Tutorial

Then, go to the directory.

cd PaLM2-Tutorial

After, successfully cloning the repository open app.py file. Here you should see the following lines of code.

with st.sidebar:
    palm_api_key = st.text_input('PaLM API Key', key='palm_api_key')

What st.sidebar actually does? It creates a sidebar in the web app with input field, where everyone can input their own PaLM API key. It's a good practice to protect your API key in the demo product in the hackathons. You can see the sidebar in the following image.

Streamlit Sidebar for API Key
Streamlit Sidebar for API Key

Create a file named .env in your project's root directory and add:

palm_api_key = 'YOUR_API_KEY'

In your app.py file, add:

import os
palm_api_key = os.getenv('palm_api_key')

This way, you're retrieving the API key from a secure environment variable.

To prevent your .env file from being pushed to your GitHub repository, create a file named .gitignore in your project's root directory and add:


Conclusion: A Secure Path to Hackathon Success

In this tutorial, you've mastered the art of protecting your API key in hackathon demo projects. Your journey through the hackathon landscape is not just about innovation; it's about taking a comprehensive approach that includes security from the start. By safeguarding your API key, you're ensuring the integrity of your project, your reputation, and your hard work. As you venture forward, remember that while creativity is key, security is the lock that keeps your ideas safe.