Where do we store username/password/endpoint...in Salesforce?

We have a web application developed in Salesforce (apex classes/ triggers and visualforce pages). This web application is talking to our APIs externally using endpoint urls with username and password. As of right now these password/username and endpoint url are being stored in apex classes as constant strings.

In an ASP.Net application or we would usually store the credential/endpoint url in a web.config file. But in Salesforce where do we store these?

Solution

You should use either a protected Custom Setting in managed package (you would have to create this similar to creating an object, I would use the List type and try to make it as generic as possible to support many use cases) or Named Credentials, or possibly a Custom Metadata type, definitely not in code

Authenticate Salesforce community user using rest api in connected App
How to package a Custom Metadata Type in a Salesforce 2GMP (Second Generation Managed Package)?
Dynamic form fields on lightning record page is not working
INTERNAL ERRORS Bigquery Data Transfer Services for Salesforce
Netsuite Salesforce Integration ESB vs Prebuilt Connectors
Trying to unformatted phone number from (999) 777-8888 this to this 9997778888 format
Upload a file to Salesforce using multipart-form
String to byte Array without encoding in Java
How to and why to use Salesforce and Zksforce for iOS development
How to bulk create/import users in Azure AD so that all of them can have single sign on to my SF sandbox?
How to query more than 200 field; Salesforce SOQL Fields
Salesforce apex/visualforce - how do you process and open base64 encoded PDF data?
How to disable options when radio/check is selected in LWC?
Migrating Copado Deployment Process from GitHub to Azure DevOps with Multiple Projects and Shared QA/Prod Environments
PMD Salesforce Code Analyzer error "invalid type" for custom object
Mulesoft Mule 4 Error Handling - where are the headers?
Error when deleting partner event source in aws EventBridge
What are the API names for Address' compound fields that are not Mailing/Billing/Etc.? Salesforce
Salesforce Integration INVALID_SESSION_ID using Postman
How to call https.patch in Netsuite to update Salesforce record?
DocuSign Apex Toolkit - Get PDF byte stream of envelope documents
How can I track which fields have been edited in Netsuite when syncing NetSuite sales orders to Salesforce?
Automated upload of a Salesforce file to Box.com record-linked folder
Hard delete custom field in Salesforce
Salesforce API - Query of Change Data Capture's Selected Entities jsforce
Unable to fetch payload.access_token value after hitting salesforce using http connector. how to extract access_token value?
Cometd/bayeux client + salesforce streaming API issue
Salesforce apex how to save checkbox multiple values in database
Anytime Platform API Manager Alerts for Response Codes won't work. Not getting alert emails for response codes
Getting error unable to get local issuer certificate in Bruno