I have been doing courses for algorithmic trading this week and, as you to connect to an API, it is required to use an API Token together with the API URL.
The project works good, everything is ok. Nevertheless, I have seen that if you upload an archive and you call it secrets.py, the archive is hidden for the public on GitHub (I´m not sure about this but there should be a way to hide it).
The point is that I need to hide the API Token somewhere in the folder and them upload it, but when you call it secrets.py, what happens is that while calling it such as:
from secrets import API_Token
being API Token:
API_Token = 'stringthataccesstheAPI'
I expected to do all the imports properly but they threw an error due to their internal Script called secrets.py. It does not allow me to import the usual packages as the have the secrets.py file too.
For example, if I do the import above, and then bring this packages:
import numpy as np
import pandas as pd
Neither will be imported to the Notebook, because that file is already in the packages.
My solution has been to import the file changing it´s name to api_secrets.py and then, it works, but I don´t know how it will be hidden in GitHub, or how it will work if someone downloads it. This are my first projects with APIs so maybe I haven´t explained something well.
Never publish private API keys. Not to github, and not to any other online place. The only time you provide secrets to github is when you're using GitHub actions which need those API keys to perform the action, and GitHub provides a mechanism outside of the git repository proper to store secrets. Even then, take the time to think about whether you can avoid using the API key.
One place where you generally would think you need the API keys but often don't really do is testing. Some APIs, for example, might provide a test key which you can use for getting your tests to pass. In other cases you might be able to mock the APIs for testing.
It's difficult to understand, from your question, what exactly you are trying to do. My best guess is that you're publishing an IPython notebook or similar which has code which relies on an external API. Here, you have two options :
Publish the application to use your API key. When you do so, be aware of what you are doing and why. If the API key ends up being misused and the API provider cancels your access, it's your fault. You can do this sort of thing if you have other controls in place, such as you're publishing only on your local network with people you trust or your notebook is somehow well password protected with a limited number of trusted users. Even then, remember that the API token is generally best kept out of github, and provided to the code in other ways when it is deployed, such as environment variables, command line arguments, or private configuration files. Don't add the API keys to git or any hidden files thereof and think they are protected. They're not.
Write your code to accept the API key. Let the user enter it somewhere near the top of your notebook. This would be preferred way. The way it generally would look in code is :
...
# somewhere at the top
API_TOKEN = None
...
# where you need the token
def some_api_using_function():
if not API_TOKEN:
raise Exception("Please configure your API Token to use this function")
# ... actual API using code
(You'll need to modify this to adjust to your notebook format.)
On a related note, remember that git also has the whole history of your repository. If you ever had your keys in git, you should try to remove them. This is somewhat harder to do, but quite possible. If your API key provides access to private information or a resource you're going to pay for, then this is not an optional thing.