As the first phase of my flatiron experience comes to an end, I'm finding myself excited by the amount of information and technology that there is to learn. At the same time, it is incredibly intimidating, and I have come to accept that it is impossible to learn everything that there is to know. Instead, I must focus on learning on what I need to know, and what peaks my curiosity. This blog post is inspired by what I needed to learn: API keys.
When searching for APIs I could use for my project, I kept coming across public APIs that required I register for an API key to access and use their information. At first, I was confused by this, why make the data public, but require developers to register for its usage?
The answers to this question is quite simple:
- to track what each developer is requesting from the API
- it's an easy way for to ensure user authentication
- to monitor if the user making the call to the API has authorization to do so
The use of API keys are common when there is a desire to block anonymous usage of the API. It is also very handy for when you wish to limit the number of calls users can make to your API. This can help reduce traffic to your API.
However, it is worth mentioning that API keys are not meant for secure authorization. Instead, it is recommended to use TLS (Transport Layer Security).
Top comments (0)