Understanding API Key Handling in Spring Application

Introduction

Issue: Hardcoded API key in the code. This should be avoided as it can expose the API key publicly.
Proposed Solution: Move the API key to a configuration file (application.yaml or application.properties) and utilize it in the code.

Move API Key to Configuration File:
- Navigate to resources/application.yaml (or .properties).
- Add the API key:
```
weather.api.key: your_api_key_here
```
  or
```
weather.api.key=your_api_key_here
```
**Using the API Key in Code: **
- Use @Value annotation to inject the API key in your class.
```
@Value("${weather.api.key}")
private String apiKey;
```
- Ensure proper syntax for @Value annotation with ${} and correct property name.
- Note that if a static variable is used, Spring may not inject the value correctly. Instead, avoid static variables for such configurations.

Null API Key Issue:
- Ensure the correct syntax: Double-check if ${weather.api.key} is correct.
- If using static variables, remove the static modifier.
MongoDB Whitelist Error:
- If MongoDB connection fails due to whitelist issues, ensure the current IP is whitelisted in MongoDB Atlas.

Using Postman:
- After setting up the API key configuration, test your API calls using Postman to verify the setup.
- Use debugger to see the flow of API calls and ensure that the API key is correctly injected.

Avoid Hardcoding: Never hardcode sensitive information like API keys directly in the code.
Store Configurations Securely: Use configuration files or a secure vault for sensitive data.
Upcoming: Next, we will discuss how to store API keys and other sensitive configurations in a database securely.