API access is the process of ensuring that calls with authenticated logins can enter APIs. This allows APIs to be both flexible and secure.
When an API endpoint offers its services to a user via HTTP, it is said to be "exposed". This means traffic can flow in or out of the API endpoints, including potentially malicious traffic. API access is granted based on the authentication process. This protects servers and users, and also allows developers to know what endpoints are most trafficked, and throttle potential problem users who are making too many requests.
At its root, API authentication is about keys. You ask for a key, and the owner grants you a key. Your key is a long, unique string of numbers and letters. Once you have an API key, you are allowed to use the API, the owner also knows who you are and what you are doing in their API. There are many different API authentication methods you can read about here.
Getting an API key is similar to signing up for any other service. We will use the Abstract API as an example. Go to the Abstract API and select **Create Your Free Account**. Enter your information and select **Sign Up**. You will receive a confirmation email with a link to your Abstract API dashboard. Navigate to any of the APIs listed, for example, the **IP Geolocation** API. This page displays your unique API key for this API, and has a host of console options for testing it out.
You can test this API key in two ways:
Another way to control API access is with API management, which provides a developer portal, an API gateway, API lifecycle management, analytics capabilities, and support for API monetization. For example, you can keep a suite of APIs behind a single a single static IP or domain and control access with keys.
API access requires authentication for users to interact with the API's endpoints. Once access is provided in the form of an authentication key, users can call the API, and the API's owners know who is using their product, and how.