Browse Definitions :
Definition

API key

An API key is a unique identifier used to connect to, or perform, an API call. API stands for application programming interface. API's are used for software applications to send and receive data. API's can also connect one program to another, to share functionality. In order to connect to or communicate with another API, an API key is necessary. API keys provide an initial step for cloud API security.

The API key process is similar to user authentication for web applications and mobile devices -- the API call starts with one API calling another, and then passing the API key to gain access.

The API key signifies that the connecting API has a "password" or key and a defined set of access rights. For example, an application that sends medical forms to patients would need to connect its own API to that of an application that stores medical forms. The owner of the medical forms API assigns an API key, which allows the first application to access medical forms and nothing else.

When to use API keys

API keys are used for authenticating a calling program to another API -- typically to confirm a project is authorized to connect. Project authorization rules are created and managed by the API owner or source. API keys may serve as an initial authentication or security step by passing a secure authentication token.

An API key may also be embedded in the software of nearly any type of coding language -- such as JavaScript, or Python. The coding language used will depend on the API the user is trying to connect to. For example, if a user wants to connect an application to use Google Maps, the user will need to get an API key from Google to access their maps API, using JavaScript. API key creation depends on which host the user is connecting to: Google Cloud Platform, Amazon Web Services (AWS), Microsoft Azure, or any number of other API creators or owners.

API keys are not used to access private data. API keys are typically used for web and mobile applications that don't have an attached back-end server. When a back-end server does not exist, the mobile or web apps rely on getting their data by connecting to APIs. The API key establishes the connection and may track access rates for billing purposes depending on the rules of the API owner.

Getting and using an API key

The use of an API key depends on the API being connected to. The rules around receiving a specific API key are up to the developer or publisher of the API. The steps below represent general steps common to most API providers:

  • Access the cloud-based console of the provider that owns the desired API. For example, if a user wants to use Google maps, they should connect to the Google Cloud Platform Console.
  • Select a project already offered or create a new project to request the API key.
  • The user should designate the desired API they want to connect to and define how they plan on using it. This establishes the specific access rights of the key which need to be accessed.
  • The user should restrict the use of their API key to ensure it remains secure. There are generally two types of restrictions: Application and API.
    • Application restriction means only a website (HTTP), a web server with an IP address or a mobile app (Android or iOS) is allowed to connect using the key.
    • API restriction limits the API key's use to only a defined set of APIs or SDKs. Requests to connect fail if undefined APIs or SDKs attempt to use the key to connect.

How do different platforms use API keys?

API keys are useful when connecting applications with each other to share data, or to connect to other systems that provide the data needed without creating the need for coding.

For example, to use Amazon Web Services to manage back-end servers, there's a series of APIs users can connect to on the cloud to perform those functions. Like many providers, simple API connections are free or require an agreement and a fee.

API usage is widespread and increasing, especially as device and application connectivity grows. For example, Google Maps is everywhere. Almost every mobile or web application uses Google Maps to provide address and location data. Where would food delivery businesses be without Google Maps?

API connections exist between government entities, healthcare systems and providers -- basically anywhere data sources can be shared securely.  Healthcare systems are able to share and exchange patient data currently because of API connections. Nearly any software development business has a library of APIs available, some available for free and some that require agreements and fees. API keys foster the connections that keep lives, devices and data linked together.

This was last updated in April 2020

Continue Reading About API key

Networking
  • network traffic

    Network traffic is the amount of data that moves across a network during any given time.

  • dynamic and static

    In general, dynamic means 'energetic, capable of action and/or change, or forceful,' while static means 'stationary or fixed.'

  • MAC address (media access control address)

    A MAC address (media access control address) is a 12-digit hexadecimal number assigned to each device connected to the network.

Security
  • Evil Corp

    Evil Corp is an international cybercrime network that uses malicious software to steal money from victims' bank accounts and to ...

  • Trojan horse

    In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, ...

  • quantum key distribution (QKD)

    Quantum key distribution (QKD) is a secure communication method for exchanging encryption keys only known between shared parties.

CIO
  • green IT (green information technology)

    Green IT (green information technology) is the practice of creating and using environmentally sustainable computing.

  • benchmark

    A benchmark is a standard or point of reference people can use to measure something else.

  • spatial computing

    Spatial computing broadly characterizes the processes and tools used to capture, process and interact with 3D data.

HRSoftware
  • learning experience platform (LXP)

    A learning experience platform (LXP) is an AI-driven peer learning experience platform delivered using software as a service (...

  • talent acquisition

    Talent acquisition is the strategic process employers use to analyze their long-term talent needs in the context of business ...

  • employee retention

    Employee retention is the organizational goal of keeping productive and talented workers and reducing turnover by fostering a ...

Customer Experience
  • BOPIS (buy online, pick up in-store)

    BOPIS (buy online, pick up in-store) is a business model that allows consumers to shop and place orders online and then pick up ...

  • real-time analytics

    Real-time analytics is the use of data and related resources for analysis as soon as it enters the system.

  • database marketing

    Database marketing is a systematic approach to the gathering, consolidation and processing of consumer data.

Close