What is the purpose of API keys when it comes to third party apis
Hello guys, sorry to disturb you all; I started to learn the concept of APIs etc and I'm pretty conformtable with that term now especially the request-respond cycle.
My question is, I saw that we have "API keys" what does that mean, when do we need them please. The idea of apis remain the same in the sense that it's just a request-respond cycle but what do we mean by "consume that api key" , then based on apis, we have documentations for specific one etc, I'm a bit confused here, how does it work, do we fetch the api from the back-end? Would really appreciate if someone can elaborate giving simple example please
10 Replies
Some apis allow us to interact with them directly without any keys while other don't. For e.g, if we use the api of openAI, why here we require a key please
With a key, you get your own "account", so they can block you when you are making too many requests, or they can have certain features that only paid customers can use etc..
It's basically a way to identify yourself, like logging in at a website
yeah I see, like the key offers more control to the person providing the service
Yes, it is a way to control who can use your api and how they can use it
an api key + domain limitations allow to control who uses the api
imagine someone gets your api key, and you didn't limit which domains can use it
now, the api you (potentially) paid for will be used by some freeloader/thief
and even in the case of a free api, others can use up your quota and you get nothing
which can also be used as a denial of service attack
ahhh I see
yep thanks !!
you're welcome
but everything that sleep twitch said is true too
but when we use api keys, the request is send from the front-end ?
depends on the api
you can implement a proxy, to keep the api key safe and implement a layer of cache for requests, to reduce costs/quota usage
yep I see, ty !