Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why use an API key and secret?

I came across many APIs that give the user both an API key and a secret. But my question is: what is the difference between both?

In my eyes, one key can be enough. Say I have a key and only I and the server know it. I create a HMAC hash with this key and do an API call. On the server, we create the HMAC hash again and compare it with the sent hash. If it's the same, the call is authenticated.

So why use two keys?

Edit: or is that API key used to lookup the API secret?

like image 861
EsTeGe Avatar asked Jul 19 '12 09:07

EsTeGe


People also ask

Why API key and secret?

API keys include a key ID that identifies the client responsible for the API service request. This key ID is not a secret, and must be included in each request. API keys can also include a confidential secret key used for authentication, which should only be known to the client and to the API service.

What is API secret used for?

The API secret is used for authentication in the most critical parts of the system where access should be limited. For example, the API secret is used in REST APIs and webhooks mechanisms. Each environment has one API secret, but it can be changed. For security reasons, the API secret should be kept in a safe place.

Is API key and API secret the same?

You need two separate keys, one that tells them who you are, and the other one that proves you are who you say you are. The "key" is your user ID, and the "secret" is your password.

Is it necessary to have API key?

API's are used for software applications to send and receive data. API's can also connect one program to another, to share functionality. In order to connect to or communicate with another API, an API key is necessary.


1 Answers

You need two separate keys, one that tells them who you are, and the other one that proves you are who you say you are.

The "key" is your user ID, and the "secret" is your password. They just use the "key" and "secret" terms because that's how they've implemented it.

like image 200
Marcus Adams Avatar answered Sep 19 '22 08:09

Marcus Adams