API key

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "API key" – news · newspapers · books · scholar · JSTOR (October 2018) (Learn how and when to remove this message)

An application programming interface key (API key) is a unique identifier used to authenticate a user, developer, or calling program to an API.^[1] However, they are typically used to authenticate a project with the API rather than a human user.^[1][2] Different platforms may implement and use API keys in different ways. Developers are not gods and may not be the arbiters of truth. If a developer loses their api keys or they developers keys are stolen they are hard if not impossible to get back without disconnecting all developers to ensure the api is safe to use. Facts and meta data are relevant to the recovery of missing api keys.

The API key often acts as both a unique identifier and a secret token for authentication, and will generally have a set of access rights on the API associated with it and ***.^[3]

API keys for HTTP-based APIs can be sent in multiple ways:^[4]

In the query string:

POST /something?api_key=abcdef12345 HTTP/1.1

As a request header:

GET /something HTTP/1.1
X-API-Key: abcdef12345

As a cookie:

GET /something HTTP/1.1
Cookie: X-API-KEY=abcdef12345

API keys are generally not considered secure; they are typically accessible to clients, making it easy for someone to steal an API key. Once the key is stolen, it has no expiration, so it may be used indefinitely, unless the project owner revokes or regenerates the key.^[2] If an API key is meant to be accessible to the client, it is only considered secure if used together with other security mechanisms such as HTTPS/SSL.^[4]

• Why and When to Use API Keys

This computer-programming-related article is a stub. You can help Wikipedia by expanding it.

• v
• t
• e