What are API Keys?
An API keys are a unique combination of letters and numbers used to identify and authenticate an application or user. An API Key is provided by a client when an API needs to be called. Keys are sent through query strings.
A key’s “exact” use depends very much on who issues it and what service it’s used for. As a general rule, however, an API key refers to some kind of secret token submitted alongside web service requests (or similar requests) to identify the origin of the request. To verify the origin and prevent tampering with the values, the key may be included in some digest of the request content.
It usually serves as a form of authentication if you can positively identify the source of a request, and that can facilitate access control. For example, you can restrict access to certain API actions based on who’s performing the request. In addition, being able to track users for billing purposes is also beneficial to companies who sell such services. Additionally, you can partially prevent abuse by preventing too-high request volumes by blocking the key.
A public API key and a private API key, taken together, indicate they are a traditional public/private key pair used for asymmetric cryptography or digital signing. They extend the security of authentication, and also provide a means of protecting the content of a request from both snooping and tampering.
Some different types of API Keys include:
- Private API Key
- Public API Key
Learn more about an API.« Back to Glossary Index