3rd Party Dependencies
It's important to note that we currently rely on two separate third party APIs. One of which is Google and the other is Angel List. These keys are located in the min_bench/settings.py.
Just to give you some context, we use google's OAuth endpoint to allow users to login into our site with their Google credentials.
You'll notice we have both a client ID and client secret:
GAUTH_CLIENT_ID='...'
GAUTH_CLIENT_SECRET='..'These credentials are currently registered under Daniel Cadden ([email protected]). If you need to regenerate the key pairs for whatever reason, you can simply create a new client ID and secret under the [email protected] account.
We currently use Angel List to query investors for the Start Up Connector feature. For legacy reasons called VC Matcher in the codebase.
We also use it to query and generate tags for people to follow. All of our tags have a 1 to 1 relationship with Angelist.
Again, we have both a ID and secret:
ANGEL_LIST_ID='...'
ANGEL_LIST_SECRET='..'These credentials are currently registered under Daniel Alabi ([email protected]). If you need to regenerate the key pairs for whatever reason, you will need to reach out to Daniel Alabi to discuss how that is done.
We're currently given access to Angel List's API as a research project, however they are a bit volatile with how they treat new access to their API. They are currently not handing out access to their API to new users. So our access may have a shelf life to it in the future. If you ever find yourself deciding whether to remain integrated with Angel List, I'd recommend using services that are a bit more stable in the long run.
We also applied for Crunchbase API access as a research project and were approved. We currently don't use Crunchbase but had plans to. If you're looking to integrate Crunchbase and need API keys you will need to reach out to Daniel Alabi to discuss where to find them.
If you're planning to make Leanworkbench open source it should be pretty straightforward. However, you my recommendation to you is that you will need to generate brand new API keys for every service, then GPG encrypt the settings.py, and never commit the unencrypted file or GPG key. I would also investigate potentially deleting all of the repo history as an extra security measure, to make sure no keys that are still valid were ever leaked.