# Where Do I Store An API Key in WordPress?

Where can I safely store an API Key in WordPress and not expose it to the public or in the code? In this post, I'll show you two ways.

Two ways to store an API key in WordPress:

1. In wp-config.php

Define the API key in the wp-config.php file. For example:

```php define( 'API_KEY', 'ieifkasdfasdf939390' ); ```

This definition can be used anywhere without resorting to a global variable.

So when you need to use it just:

```php echo API_KEY; ```

Or simply use it as a variable where needed. For example:

```php $MailChimp = new \DrewM\MailChimp\MailChimp(API_KEY); ```

To further secure your wp-config.php file overall, check out my post on this: How to Easily Secure your wp-config.php File.

2. In the database

So for this example, I'll create an option in the WordPress admin for us to enter/update the API key to store in the database. In the end, it will look like this:

In the following code we will:

Create an API Keys under the Tools section
Create an admin page containing our form to enter they key
The submit functionality to send the value to the options table

```php // Creates a subpage under the Tools section

My API Keys Page

Simply put, add_option adds our key to the database and update_options updates it when we already have a value there.

Now whenever we need to get access to the api key on our site we use:

```php get_option('api_key'); ```

What about encryption?

Shouldn't we encrypt this key when we insert it into the database and decrypt it when we retrieve it?

We probably should, however, it's beyond the scope and purpose of this tutorial. If you'd like an example, let me know down in the comments below and I'll do a follow up post.

Conclusion

And there you have two ways to store an API key in WordPress.