Talk:API key
This article is rated Stub-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | |||
|
Untitled
[edit]This article is erroneous - a UUID by definition must have 32 characters. Many API keys have 10-12-etc. Something as long as 32 would be an exception in my experience.
--
Additionaly, it is not clear how an API key is supposed to work on the server side or what benefits it provides..! — Preceding unsigned comment added by 2001:980:E8E5:1:8D1A:115E:35C9:A790 (talk) 02:32, 28 September 2015 (UTC)
- UUIDs are no longer mentioned. On the server side, API keys work like passwords. I'll try to add something about the benefits. Rol8Weber (talk) 07:05, 25 December 2019 (UTC)
API Keys vs. Passwords
[edit]I've been reading up on API keys lately. I interpret them as secondary passwords to a personal or technical user account, with inherent restrictions. The actual password is to authenticate the user, and login might require multi-factor authentication. But automated tasks like a CI/CD pipeline can't do MFA. An API key allows single-factor authentication to an API on behalf of the user. API keys cannot be used to login to the user interface. Some implementations, like the Personal Access Tokens of source code hosters, allow for managing multiple API keys per account, with restrictions according to the task for which the key gets generated. JFrog Artifactory for example has only a single API key per account. Rol8Weber (talk) 07:49, 25 December 2019 (UTC)
- I'll have to broaden my view. The references to Google Cloud and RapidAPI suggest use cases where API keys are not necessarily kept secret, but can still be used for identifying the projects or applications calling an API. Usage scenarios for authentication and identification might have to be distinguished in the article. Rol8Weber (talk) 16:50, 25 December 2019 (UTC)
Missing Info, Possibly Crucial; Beyond My Education on the Subject.
[edit]Here I am being asked to generate an apeeyikee- sorry an "API key", and so I come here to try to figure out what in tarnation that is. And reading the opening sentence I catch this (reformatted from the article for the purposes of this illustration:
"An application programming interface (API) key is a unique identifier used to authenticate a user, developer, or calling program to an However, they are..."
We seem to be missing something here, and I'd fill it in if I could, but I came here to (struggle to) learn the subject, so I have no idea what's supposed to fall between an and However,. I hope this post calls this to the attention of someone with the knowledge to plug that gap.