Jump to content

Talk:API key

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Amakuru (talk | contribs) at 16:22, 20 June 2022 (Amakuru moved page Talk:Application programming interface key to Talk:API key: Requested by PhotographyEdits at WP:RM/TR: API key is the WP:COMMONAME for this subject, comparable to VPN service.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
WikiProject iconComputing: Software Stub‑class Low‑importance
WikiProject iconThis article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing
StubThis article has been rated as Stub-class on Wikipedia's content assessment scale.
LowThis article has been rated as Low-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Software (assessed as Low-importance).

This article is erroneous - a UUID by definition must have 32 characters. Many API keys have 10-12-etc. Something as long as 32 would be an exception in my experience.

--

Additionaly, it is not clear how an API key is supposed to work on the server side or what benefits it provides..! — Preceding unsigned comment added by 2001:980:E8E5:1:8D1A:115E:35C9:A790 (talk) 02:32, 28 September 2015 (UTC)[reply]

UUIDs are no longer mentioned. On the server side, API keys work like passwords. I'll try to add something about the benefits. Rol8Weber (talk) 07:05, 25 December 2019 (UTC)[reply]

API Keys vs. Passwords

I've been reading up on API keys lately. I interpret them as secondary passwords to a personal or technical user account, with inherent restrictions. The actual password is to authenticate the user, and login might require multi-factor authentication. But automated tasks like a CI/CD pipeline can't do MFA. An API key allows single-factor authentication to an API on behalf of the user. API keys cannot be used to login to the user interface. Some implementations, like the Personal Access Tokens of source code hosters, allow for managing multiple API keys per account, with restrictions according to the task for which the key gets generated. JFrog Artifactory for example has only a single API key per account. Rol8Weber (talk) 07:49, 25 December 2019 (UTC)[reply]

I'll have to broaden my view. The references to Google Cloud and RapidAPI suggest use cases where API keys are not necessarily kept secret, but can still be used for identifying the projects or applications calling an API. Usage scenarios for authentication and identification might have to be distinguished in the article. Rol8Weber (talk) 16:50, 25 December 2019 (UTC)[reply]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:API_key&oldid=1094077977"