api-key

I'm building an Electron application that uses Google's YouTube Data API v3. For accessing the API, I decided to use the standard API key (instead of OAuth, since I am not going to be accessing any personal data). But the problem is, I cannot hide the API key in my app, and I also cannot use referrer restrictions (referrer restrictions allow you to filter which web sites can use your API key (by HTTP address)), since this is an Electron app. So basically, if someone looks at the source code (or even just at the developer tools), they can see the key, and use it freely. Any advice on what to do

I have a web service I'm offering to users to tap into my applications database and get some info. Users have to register for an API key and provide that when making requests. Everything works fine but how do I check if the users who registered for a key is actually making the request and not somebody else who he might have given the key to? I've been thinking for the last two days to come up with a solution but nothing so far. You need to use signed requests. Basically it works like that: You give your user an API key and a "secret" (a random string) that only you and the client know.

I'm looking for suggestions about a RESTful API design. I've read a lot about REST API schemes, ways of authentication/authorization etc. What I can't decide is if I really need to use API keys. From what I understand using API keys is useful if you want to monitor the usage, limit each application's requests and for statistical data. What I want to avoid is having to create additional web interfaces for adding/managing/removing applications and adding/removing application administrators. Maybe there's a simpler way to do the API key distribution. Or do I really need those? I mean, monitoring

I'm trying to hide my API Key for when I commit to github, and I've looked through the forum for guidance, especially the following post: How do I hide API key in create-react-app? I made the changes and restarted yarn. I'm not sure what I'm doing wrong––I added an .env file to the root of my project (I named it process.env ) and in the file I just put REACT_APP_API_KEY = 'my-secret-api-key' . I'm thinking it might be the way I'm adding the key to my fetch in App.js, and I've tried multiple formats, including without using the template literal, but my project will still not compile. Any help

I have an API key I'm using in my Node.js application. Currently, I keep it stored in a text file and put it in a global variable when my application starts up. Sooo basically it's just: var key = getKey(); useKeyGetData(key); I don't like having this global variable, and it's a pain to pass between files. Is there a better way to get my key where/when I need it? Is there some standard for doing so? The conventional alternative to what you're doing, especially when pertaining to API keys, is to use environment variables . This is an operating system-level configuration facility. Each process

So with lots of different services around now, Google APIs, Twitter API, Facebook API, etc etc. Each service has an API key, like: AIzaSyClzfrOzB818x55FASHvX4JuGQciR9lv7q All the keys vary in length and the characters they contain, I'm wondering what the best approach is for generating an API key? I'm not asking for a specific language, just the general approach to creating keys, should they be an encryption of details of the users app, or a hash, or a hash of a random string, etc. Should we worry about hash algorithm (MSD, SHA1, bcrypt) etc? Edit: I've spoke to a few friends (email/twitter)

I came across many APIs that give the user both an API key and a secret . But my question is: what is the difference between both? In my eyes, one key can be enough. Say I have a key and only I and the server know it. I create a HMAC hash with this key and do an API call. On the server, we create the HMAC hash again and compare it with the sent hash. If it's the same, the call is authenticated. So why use two keys? Edit: or is that API key used to lookup the API secret? SALMAN Secret key cryptography relies on using the same key to encode and then later decode a message. Thus, only those who