SyntaxFix

[api] What is an API key?

I see this word in almost every cross service application these days.

What exactly is an API key and what are its uses?

Also, what is the difference between public and private API keys.

This question is related to api security terminology api-key

The answer is

Think of it this way, the "Public API Key" is similar to a user name that your database is using as a login to a verification server. The "Private API Key" would then be similar to the password. By the site/databse using this method, the security is maintained on the third party/verification server in order to authentic request of posting or editing your site/database.

The API string is just the URL of the login for your site/database to contact the verification server.

API keys are just one way of authenticating users of web services.

Very generally speaking:

An API key simply identifies you.

If there is a public/private distinction, then the public key is one that you can distribute to others, to allow them to get some subset of information about you from the api. The private key is for your use only, and provides access to all of your data.

An API key is a unique value that is assigned to a user of this service when he's accepted as a user of the service.

The service maintains all the issued keys and checks them at each request.

By looking at the supplied key at the request, a service checks whether it is a valid key to decide on whether to grant access to a user or not.

It looks like that many people use API keys as a security solution. The bottom line is: Never treat API keys as secret it is not. On https or not, whoever can read the request can see the API key and can make whatever call they want. An API Key should be just as a 'user' identifier as its not a complete security solution even when used with ssl.

The better description is in Eugene Osovetsky link to: When working with most APIs, why do they require two types of authentication, namely a key and a secret? Or check http://nordicapis.com/why-api-keys-are-not-enough/

Source: Stackoverflow.com

Examples related to api

I am receiving warning in Facebook Application using PHP SDK Couldn't process file resx due to its being in the Internet or Restricted zone or having the mark of the web on the file Failed to load resource: the server responded with a status of 404 (Not Found) css Call another rest api from my server in Spring-Boot How to send custom headers with requests in Swagger UI? This page didn't load Google Maps correctly. See the JavaScript console for technical details How can I send a Firebase Cloud Messaging notification without use the Firebase Console? Allow Access-Control-Allow-Origin header using HTML5 fetch API How to send an HTTP request with a header parameter? Laravel 5.1 API Enable Cors

Examples related to security

Monitoring the Full Disclosure mailinglist Two Page Login with Spring Security 3.2.x How to prevent a browser from storing passwords JWT authentication for ASP.NET Web API How to use a client certificate to authenticate and authorize in a Web API Disable-web-security in Chrome 48+ When you use 'badidea' or 'thisisunsafe' to bypass a Chrome certificate/HSTS error, does it only apply for the current site? How does Content Security Policy (CSP) work? How to prevent Screen Capture in Android Default SecurityProtocol in .NET 4.5

Examples related to terminology

The differences between initialize, define, declare a variable What is the difference between a web API and a web service? What does "opt" mean (as in the "opt" directory)? Is it an abbreviation? What's the name for hyphen-separated case? What is Bit Masking? What is ADT? (Abstract Data Type) What exactly are iterator, iterable, and iteration? What is a web service endpoint? What is the difference between Cloud, Grid and Cluster? How to explain callbacks in plain english? How are they different from calling one function from another function?

Examples related to api-key

Adding an .env file to React Project Googlemaps API Key for Localhost Best practice for storing and protecting private API keys in applications Place API key in Headers or URL What is an API key?

Tags

Domaincontroller Dddd Color-codes Xmlstore Updatepanelanimationexte Netconnection Rhel5 Export-to-pdf Geckofx Iseries-navigator Maemo Submenu Shunting-yard Dangerous-request Strstr Pbxt Eventvalidation Slp Classwizard Fastcgi Nsundomanager Junit Input-method-kit Hdd Multiple-results Private-header Speex R5rs Basic-authentication Skeleton-code Compile-time-constant Sortable-tables Timelapse Gevent Runkit Pmd Limiting Spectrogram Union Mutators Valuestack Xml-deserialization Ometa Dll-injection Uploading Lds Database-testing Opc Public-key Web-user-controls Devpartner Flashlite Boyer-moore Jquery-forms-plugin Text-decorations Sql-smo Debuggervisualizer Nested Mutual-recursion Enterprise-library-5 At-command Kde4 Source-monitor Photo-management On-disk Declarative-services Log4j Gpsignaturefile Back Parsley Character-reference Wsat B2b Programmers-notepad Textfield Business-intelligence Targets Load-path Conky Uiactionsheet Osgeo User-administration Remote-forms Documentation-generation Masstransit Cx-freeze Textview Rowlex Mcl Nntool Weak-ptr Linkfieldvalue Sessionend Service-provider Y-combinator Foxpro Hackage Strict-aliasing Bitmapeffect Corruption