Browse Definitions :
Definition

API key

An API key is a unique identifier used to connect to, or perform, an API call. API stands for application programming interface. API's are used for software applications to send and receive data. API's can also connect one program to another, to share functionality. In order to connect to or communicate with another API, an API key is necessary. API keys provide an initial step for cloud API security.

The API key process is similar to user authentication for web applications and mobile devices -- the API call starts with one API calling another, and then passing the API key to gain access.

The API key signifies that the connecting API has a "password" or key and a defined set of access rights. For example, an application that sends medical forms to patients would need to connect its own API to that of an application that stores medical forms. The owner of the medical forms API assigns an API key, which allows the first application to access medical forms and nothing else.

When to use API keys

API keys are used for authenticating a calling program to another API -- typically to confirm a project is authorized to connect. Project authorization rules are created and managed by the API owner or source. API keys may serve as an initial authentication or security step by passing a secure authentication token.

An API key may also be embedded in the software of nearly any type of coding language -- such as JavaScript, or Python. The coding language used will depend on the API the user is trying to connect to. For example, if a user wants to connect an application to use Google Maps, the user will need to get an API key from Google to access their maps API, using JavaScript. API key creation depends on which host the user is connecting to: Google Cloud Platform, Amazon Web Services (AWS), Microsoft Azure, or any number of other API creators or owners.

API keys are not used to access private data. API keys are typically used for web and mobile applications that don't have an attached back-end server. When a back-end server does not exist, the mobile or web apps rely on getting their data by connecting to APIs. The API key establishes the connection and may track access rates for billing purposes depending on the rules of the API owner.

Getting and using an API key

The use of an API key depends on the API being connected to. The rules around receiving a specific API key are up to the developer or publisher of the API. The steps below represent general steps common to most API providers:

  • Access the cloud-based console of the provider that owns the desired API. For example, if a user wants to use Google maps, they should connect to the Google Cloud Platform Console.
  • Select a project already offered or create a new project to request the API key.
  • The user should designate the desired API they want to connect to and define how they plan on using it. This establishes the specific access rights of the key which need to be accessed.
  • The user should restrict the use of their API key to ensure it remains secure. There are generally two types of restrictions: Application and API.
    • Application restriction means only a website (HTTP), a web server with an IP address or a mobile app (Android or iOS) is allowed to connect using the key.
    • API restriction limits the API key's use to only a defined set of APIs or SDKs. Requests to connect fail if undefined APIs or SDKs attempt to use the key to connect.

How do different platforms use API keys?

API keys are useful when connecting applications with each other to share data, or to connect to other systems that provide the data needed without creating the need for coding.

For example, to use Amazon Web Services to manage back-end servers, there's a series of APIs users can connect to on the cloud to perform those functions. Like many providers, simple API connections are free or require an agreement and a fee.

API usage is widespread and increasing, especially as device and application connectivity grows. For example, Google Maps is everywhere. Almost every mobile or web application uses Google Maps to provide address and location data. Where would food delivery businesses be without Google Maps?

API connections exist between government entities, healthcare systems and providers -- basically anywhere data sources can be shared securely.  Healthcare systems are able to share and exchange patient data currently because of API connections. Nearly any software development business has a library of APIs available, some available for free and some that require agreements and fees. API keys foster the connections that keep lives, devices and data linked together.

This was last updated in April 2020

Continue Reading About API key

Networking
Security
  • zero-day vulnerability

    A zero-day vulnerability is a security loophole in software, hardware or firmware that threat actors exploit before the vendors ...

  • DNS attack

    A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system.

  • malware

    Malware, or malicious software, is any program or file that's intentionally harmful to a computer, network or server.

CIO
  • data collection

    Data collection is the process of gathering data for use in business decision-making, strategic planning, research and other ...

  • chief trust officer

    A chief trust officer (CTrO) in the IT industry is an executive job title given to the person responsible for building confidence...

  • green IT (green information technology)

    Green IT (green information technology) is the practice of creating and using environmentally sustainable computing resources.

HRSoftware
  • diversity, equity and inclusion (DEI)

    Diversity, equity and inclusion is a term used to describe policies and programs that promote the representation and ...

  • ADP Mobile Solutions

    ADP Mobile Solutions is a self-service mobile app that enables employees to access work records such as pay, schedules, timecards...

  • director of employee engagement

    Director of employee engagement is one of the job titles for a human resources (HR) manager who is responsible for an ...

Customer Experience
  • digital marketing

    Digital marketing is the promotion and marketing of goods and services to consumers through digital channels and electronic ...

  • contact center schedule adherence

    Contact center schedule adherence is a standard metric used in business contact centers to determine whether contact center ...

  • customer retention

    Customer retention is a metric that measures customer loyalty, or an organization's ability to retain customers over time.

Close