← Back to GlossaryFAQ

Category: APIs

API Key

An API key is a credential used to authenticate requests and associate them with an account or application.

Also known as: token, access key

Expanded definition

API keys identify who is calling an API and what they are allowed to do. They are typically sent in headers or as tokens.

API keys should be treated like passwords. Do not embed them in client-side code that ships to browsers unless the service explicitly supports public keys with tight restrictions.

If an API key is exposed, the usual response is to rotate it, restrict usage by IP or domain where supported, and review logs for abuse.

Related terms

Rate Limit

A rate limit restricts how many requests an API accepts in a time window to protect stability and fairness.