API Key
   HOME

TheInfoList



Click Here for Items Related To - API Key
OR:
API Key on:   [Wikipedia]   [Google]   [Amazon]

An application programming interface (API) key is a unique identifier used to authenticate a user, developer, or calling program to an
API An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software Interface (computing), interface, offering a service to other pieces of software. A document or standa ...
. However, they are typically used to authenticate a ''project'' with the API rather than a human user. Different platforms may implement and use API keys in different ways.


Usage

The API key often acts as both a unique identifier and a secret token for authentication, and will generally have a set of access rights on the API associated with it.


HTTP APIs

API keys for HTTP-based APIs can be sent in multiple ways: In the
query string A query string is a part of a uniform resource locator (URL) that assigns values to specified parameters. A query string commonly includes fields added to a base URL by a Web browser or other client application, for example as part of an HTML, cho ...
: POST /something?api_key=abcdef12345 HTTP/1.1 As a request header: GET /something HTTP/1.1 X-API-Key: abcdef12345 As a
cookie A cookie is a baked or cooked snack or dessert that is typically small, flat and sweet. It usually contains flour, sugar, egg, and some type of oil, fat, or butter. It may include other ingredients such as raisins, oats, chocolate chips, n ...
: GET /something HTTP/1.1 Cookie: X-API-KEY=abcdef12345


Security

API keys are generally not considered secure; they are typically accessible to clients, making it easy for someone to steal an API key. Once the key is stolen, it has no expiration, so it may be used indefinitely, unless the
project owner In project management, an executive or project executive is a person who has ultimate responsibility for a project, and is a role defined in the recognized project management framework PRINCE2. It is appointed by the customer during the start of th ...
revokes or regenerates the key. If an API key is meant to be accessible to the client, it is only considered secure if used together with other security mechanisms such as HTTPS/SSL.


Incidents

API keys of Android apps were leaked due to having been hardcoded into apps.


References


Book sources

*


External links


Why and When to Use API Keys
Application programming interfaces {{compu-prog-stub