What is an API key

Question

I see this word in almost every cross service application these days   What exactly is an API key and what are its uses   Also  what is the difference between public and private API keys

User · Accepted Answer

What  exactly  an API key is used for depends very much on who issues it  and what services it s being used for  By and large  however  an API key is the name given to some form of secret token which is submitted alongside web service  or similar  requests in order to identify the origin of the request  The key may be included in some digest of the request content to further verify the origin and to prevent tampering with the values   Typically  if you can identify the source of a request positively  it acts as a form of authentication  which can lead to access control  For example  you can restrict access to certain API actions based on who s performing the request  For companies which make money from selling such services  it s also a way of tracking who s using the thing for billing purposes  Further still  by blocking a key  you can partially prevent abuse in the case of too-high request volumes   In general  if you have both a public and a private API key  then it suggests that the keys are themselves a traditional public private key pair used in some form of asymmetric cryptography  or related  digital signing  These are more secure techniques for positively identifying the source of a request  and additionally  for protecting the request s content from snooping  in addition to tampering

User · Answer

It looks like that many people use API keys as a security solution  The bottom line is  Never treat API  keys as secret it is not  On https or not  whoever can read the request can see the API key and can make whatever call they want  An API Key should be just as a  user  identifier as its not a complete security solution even when used with ssl    The better description is in Eugene Osovetsky link to  When working with most APIs  why do they require two types of authentication  namely a key and a secret  Or check http   nordicapis com why-api-keys-are-not-enough

User · Answer

An API key is a unique value that is assigned to a user of this service when he s accepted as a user of the service   The service maintains all the issued keys and checks them at each request   By looking at the supplied key at the request  a service checks whether it is a valid key to decide on whether to grant access to a user or not

User · Answer

Think of it this way  the  Public API Key  is similar to a user name that your database is using as a login to a verification server   The  Private API Key  would then be similar to the password   By the site databse using this method  the security is maintained on the third party verification server in order to authentic request of posting or editing your site database   The API string is just the URL of the login for your site database to contact the verification server

User · Answer

Very generally speaking    An API key simply identifies you     If there is a public private distinction  then the public key is one that you can distribute to others  to allow them to get some subset of information about you from the api   The private key is for your use only  and provides access to all of your data

User · Answer

API keys are just one way of authenticating users of web services

[api] What is an API key?

Examples related to api

Examples related to security

Examples related to terminology

Examples related to api-key