When an API (Application Programming Interface) endpoint offers its services to a user via HTTP, it is said to be "exposed" to API requests. This means traffic can flow in or out of the API endpoints, including potentially malicious traffic. API authentication protects the user and the API developers from data loss, service outages, or plain foolishness. It also allows developers to know what endpoints are most trafficked by API calls, and throttle potential problem users who are making too many requests.
At its root, API authentication is about keys. You ask for a key, and the owner grants you an authentication token, or key. Your key is a long, unique string of numbers and letters. Once you have an API key, you are allowed to use the API, the owner also knows who you are and what you are doing in their API.
Getting a new API key is similar to signing up for any other service. We will use the Abstract API as an example. Go to the Abstract API and select **Create Your Free Account**. Enter your information and select **Sign Up**. You will receive a confirmation email after authenticating, with a link to your Abstract API dashboard. Navigate to any of the APIs listed, for example, the **Exchange Rates** API. This page displays your unique identifier for this specific API key, and has a host of console options for testing it out.
You can test this API key in two ways:
API authentication is based on an exchange of keys between the user and the API. The user applies for a key via email or an authentication service. They will get a public auth key and a private auth key. The public key is to be used in request headers and URLs (where they will be visible), and a private key, to be used in server-to-server communication. Some more secure methods of API keys are available:
The API key exchange is one of the cornerstones of API development. It's an interesting solution to the problem that was faced in web development of API security and password anti-patterns. Basically, ask for your key, receive your key, and get to work!