I am writing a Python program which uses an API Key to access data from an external service. The program makes a call to this service with the key hard coded in my Python script. Is there a method of somewhat protecting this key (not something that is irreversible, but a method preventing people copying the key straight out of the script)? Should the program request the key from my server? Perhaps a C library?
If you want to protect yourself from "Hackers", it is impossible, since if python script has access to your API, then this same script can be modified to do nasty things with the access it possesses. You will have to find another solution there.
If you want to protect yourself from "shoulder surfers" (People who look at your monitor while they pass by), then base64.b64encode("key") and base64.b64decode("a2V5==") should be enough.