Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Implementing API keys for my API

Tags:

java

javascript

node.js

spring

api-key

I have created an api and I want to have some control over who uses it, how often etc. I want to have an API key strategy so that the users must provide the key in order to use the API. However i don't know how to implement it. The users are registered with username and password. What i thought of was to assign a UUID when the user logs in and store it in a table in the database. Then each request includes this uuid and it is checked on each request at the server.

However this does not seem right. Could someone explain the steps in order to create an api key like, dropbox, twitter, facebook etc. does? I want to try to implement this myself.

like image 965
LuckyLuke Avatar asked Jan 03 '13 23:01

LuckyLuke

People also ask

Where should I put my API keys?

Don't store your API key directly in your code. Instead, store your API key and secret directly in your environment variables. Environment variables are dynamic objects whose values are set outside of the application. This will let you access them easily (by using the os.

How do I use API key in REST API?

Using an API key with REST You can pass the API key into a REST API call as a query parameter with the following format. Replace API_KEY with the key string of your API key. Alternatively, you can use the x-goog-api-key header to pass in your key. This header must be used with gRPC requests.

Do you need an API key to use an API?

However, without a valid API key, Google won't answer your request. You need special permission. The API key lets Google know who you are and whether you have the right to access their map service. This is called authentication (as opposed to authorization, which we discuss later in the article.)

1 Answers

Could someone explain the steps in order to create a api key like, dropbox, twitter, facebook etc. does? I want to try implement this myself.

Generating The API Key

  1. choose some encryption / decryption method you'd like to use
  2. choose a salt that you will add to the data before encryption
  3. decide what data you want inside the encrypted string: timestamp, Uid, roles, etc. The timestamp is the most useful part of this, because using the timestamp, you can restrict requests that come from a key older than some time, thus requiring a new key to be generated.
  4. bundle it in something you can parse later once decrypted. Some people use json objects, some do char-delimited strings

Note: if you don't want it to be a decryptable key, as in, it is hashed and thus infinitely more difficult to crack, then you can simply follow this stratgey: make a set of steps to form your unhashed data string: sha1("some-secret"."some-other-bit-of-info"."etc"."etc") and then the API consumer has the onus on them to generate their own key. Thus, they have access only if they have the necessary parts / info needed to construct it.

Consuming the API

Take Stripe's API as a decent example:

  1. make authorization request: an API key is returned. "curl uses the -u flag to pass basic auth credentials (adding a colon after your API key will prevent it from asking you for a password)." --Stripe Docs

  2. send that key along with all further requests.

like image 102
Kristian Avatar answered Oct 02 '22 10:10

Kristian
Sign in to Comment

Related questions

Java URLDecoder throws exception when used with a string containing a %
Cron Job in play framework 2.0 [closed]
Generate unit tests for hashcode,equals and toString methods
Get a array of class files inside a package in Java [duplicate]
How to use automatic proxy configuration script in Java
Java: efficiently store boolean[32]?
Specify Cipher.getInstance() arguments?
Why is it not good to write to static field from instance method in Java?
Eclipse Juno - why no warning on unused annotated private field?
Verifying a signature with a public key
ScrollView contents update
Search file in only one project in Eclipse
Clojure deftype: how to constrain field types?
Equivalent of the Scala IDE worksheet in other languages?
Verifying that two apk files are signed with the same signature
Java double and working with really small values
Does anyone know a library containing all localized country names in java? [duplicate]
Save java.awt.Image to disk
Browse for image file and display it using Java Swing
Java: Alternative to passing "this" as constructor argument in order to reference creating object

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!