Securing API Keys
Protect credentials.
What Is an API Key
An API key is a secret string that identifies and authorizes a client calling an API.
Whoever holds the key can act as that client, so keys must stay secret.
Keys Are Like Passwords
Treat an API key with the same care as a password.
A leaked key lets an attacker make requests, run up costs, and access data, all while appearing to be a trusted client.
All lessons in this course
- API Attack Surface
- Broken Authorization
- Rate Limiting and Abuse
- Securing API Keys