Accessing Sugar Oauth Keys in PHP

Question

I am creating a dashlet to access Box files and folder in an Account record. I need to authenticate to Box's API in my php code, but I don't want to hardcode the credentials. What is the best way to secure my Box API credentials? I am using SugarCloud, not on-prem. 
 I think I need to add the credentials to the Oauth Keys section on the Admin panel, but how do I then access the client_id and client_secret keys from my php code?

Greg Billings · Accepted Answer

I found my own answer. with the ID and secret in Oauth Keys, I can get it from php with this: 
 
 function get_creds() {
global $db;
$credentials = [];
$query = "SELECT c_key, c_secret FROM oauth_consumer WHERE name = 'box_api_for_dashlet'";
$result = $db->query($query);
if ($row = $db->fetchByAssoc($result)) {
$credentials = [$row['c_key'], $row['c_secret']];
}
return $credentials;
}

Greg Billings · Answer

Rather than doing a direct db call, you should leverage the module, which for that table is `OAuthKeys`. You would need to store the actual ID of the record in your code to avoid having to query by name. So assuming you have the ID, it would be: 
 function get_creds() {
 $oauthID = "some-id-here";
 $oauthKey = \BeanFactory::getBean("OAuthKeys", $oauthID, ['strict_retrieve' => true]);
 if(!empty($oauthKey)) {
 $credentials = [$oauthKey->c_key, $oauthKey->c_secret];
 }
 return $credentials;
}
 
 Alternatively, you could look it up by the key, since this is often the thing that is known. So if you stored it as `box_api_user`, you could use: 
 function get_creds() {
 $oauthKeyName = "box_api_user";
 $oauthKey = \OAuthKey::fetchKey($oauthKeyName);
 if(!empty($oauthKey)) {
 $credentials = [$oauthKey->c_key, $oauthKey->c_secret];
 }
 return $credentials;
}