15
I’m seeing this word in almost every service application..
What a KEY API really is and what its uses are?
How it really works?
Also please, if possible, explain the difference between public and private Keys API.
4 answers
13
API Keys are access credentials provided in order to authorize the use of specific API features. There are several types of implementations.
- Web Applications: Keys API can be provided as JSON Web Tokens (JWT) via cookies or HTTP headers; in back-end operations, may be part of the original request URI.
- Desktop Applications: Keys API can be used to access the functionality of a third-party library.
The sense of public or private API key also depends on the implementation. For example, you may have a public key issued to your client (say www.app.com) that allows access to a specific API (api.servico.com), which is then used by your browser. However server-to-server calls use another private key for more sensitive operations such as authentication and credential validation.
9
API
Basically an API is a set of routines and programming standards for access to a software application or web-based platform. The acronym API refers to the English term "Application Programming Interface" which means "Application Programming Interface" translating into Portuguese.
API is usually developed when a software company intends for other software creators to develop products associated with its service. There are several companies that provide their codes and instructions to be used on other sites in the most convenient way for their users. There is Youtube, Google Maps, Facebook, Twitter; which are great examples in the area of Apis. Through its original code, many other websites and applications use the data to adapt it in the best way to use these services.
Why expose the data?
For some specific reasons, exposing certain data and resources is a business strategy and innovation very well thought out. It is important to think of some reasons for this data exposure. Keep these aspects in mind:
- Integrate your platform with partners; Drive innovation about your own data in a way you couldn’t do alone;
- Generate development of your own platform in new media; Generate more market and expand the target audience;
- Organization of the IT sector, where consumers of the Apis are the other internal teams of the company, and the exposed Apis function as portals for data exchange between sectors.
- Therefore, the API is an interface to the assets (data) of the company, but at the same time it bars abusive uses of these assets.
Key
From the English free translation, "Key". Reference to the meaning of the Portuguese we have, which is a metal utensil that is inserted into the lock to which it belongs to move the tongue, and which makes it possible to open or close doors, covers, padlocks etc.
Considering this, the KEY API, this often acts as a unique identifier and a secret key for authentication, and usually have a set of access rights to API associated with him. A KEY API can be based on the UUID system is the English acronym for Universally Unique Identifier, which translates into English becomes Universal Unique Identifier, to ensure that it will be unique to each user. It’s very simple to understand because the self-explanatory name, but the concept of UUID is something more complex and very functional.
In the case of Google Map, your 'KEY API' is based on a short form of your application’s digital certificate, known as fingerprint SHA-1. To display the fingerprint SHA-1 of your certificate, first make sure you are using the correct certificate, being a certificate of debugging and publishing.
Keep your secret key and access tokens private. You can share them with an agent who is operating on your app, if he sign a confidentiality agreement.
The Facebook KEY API is a sequence of randomly generated numbers that creates each time a person registers their application through the website. Always fully numerical in nature and consists of 15 characters. But it is only for this case, because each company has its policy for creating keys, being numerical, only letters, etc.
API keys allow you to generate an authentication credential that is separate from your username and password in some cases. Create unique API keys for each of your applications or servers so that you can easily revoke them without interrupting other systems if necessary.
More details
5
That’s a very broad question...
The exact function of a key API depends heavily on the entity that generated it and for what purpose.
Generally, a KEY API is the name given to a secret token that is sent within a request for a webservice, in order to identify and often authenticate the user who is calling the service.
The key can also be included as part of a request in order to verify its content and prevent attacks such as replay and man-in-the-Middle
Also, in cases where you need to authenticate the user before they can access a feature of your webservice, there is a great advantage to using a KEY API. This type of key/token enables a form of authentication stateless where you do not need to create sessions, make use of cookies or any other conditional/temporary state that would require additional calls and session control mechanisms.
On the other hand, if you have a pair of keys (public and private) then we are talking about some form of asymmetrical cryptography. The techniques involving this type of encryption are more complex and more secure to positively identify the origin and authenticity of a message, while protecting it from changes.
-
sorry for the links in English, but I believe you can access the Portuguese version by the wikipedia itself
4
API Keys, as it once was said, are access credentials provided in a manner that authorizes the use of specific API features and are used to monitor and control how the API is being used, for example to prevent misuse or abuse of the API.
API Keys allow you to generate an authentication credential that is separate from your username and password. They are independent of each other and are easily disposable. You must create single Key API for each of your applications or servers so that you can easily revoke them without interrupting other systems if necessary.
In that website, in English, shows the top 6 reasons to use a key API and how to use them.
Public API, as its name says, this key is public and can be seen by anyone who does not compromise the security of the information. The toilet should be kept completely private and safe, as consultations can be made with it that compromise security. Depends on the implementation.
References:
Browser other questions tagged api security-guard api-key
You are not signed in. Login or sign up in order to post.
it has nothing more... the name can be "token", "code", "id", "serial"... the term "key" seems more appropriate so it is usually the term that is used...
– Daniel Omine