GO BACK
Glossary
Last Updated Jul 06, 2021

API Security

Emma Jagger

Table of Contents:

Get your free
API
key now
4.8 from 1,863 votes
See why the best developers build on Abstract
START FOR FREE
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
No credit card required

What is API Security?

When an API endpoint offers its services to a user via HTTP, it is said to be "exposed". This means traffic can flow in or out of the API endpoints, including potentially malicious traffic. API security protects developers on both sides of an API from data loss, service outages, or plain foolishness. It also allows developers to know what endpoints are most trafficked, and throttle potential problem users who are making too many requests. There are a few methods of API security, and we'll outline them here.  

API Authentication

At its root, API authentication is about keys. You ask for a key, and the API owner grants you a key. Your key is a long, unique string of numbers and letters. Once you have an API key, you are allowed to use the API, and the owner also knows who you are (at least, which application is yours) and what you are doing in their API. There are many different API authentication methods, such as OAuth and HMAC, which you can read about in our API Authentication article.

API Credentials  

API credentials are unique identifiers that are required to access some API tools. Credentials are similar to API authentication, in that they provide a way for API owners to control who has access to their APIs, and they protect users from malicious usage. However, API credentials identify _who_ is using the software, which is an important distinction for security. Check out our API Credentials article to learn more.  

What's the Difference Between API Credentials and API Authentication?

API keys [authenticate an application accessing the API, without referencing an actual user, so the API approves access and knows the application, but doesn't know who the user actually is.  

API Gateway

An API gateway sits between the client service and the backend, effectively decoupling the client interface from your backend implementation. This security option can also provide API analytics and versioning as an API manager.

Conclusion

API security is a necessary part of web development, and API authentication is a really interesting solution to the problem of password anti-patterns. You don't need to know the cryptography behind authentication, but you should know how to get the keys you need, how to keep them safe, and where to use them in requests and URLs.

Related API Terms

PATCH

Everything you wanted to know about the PATCH operation as part of the REST Protocol, including examples and comparisons to PUT and POST.

GraphQL

Everything you wanted to know about GraphQL: what it is, what problems it solves, how and where it is used, and how it compares to REST architecture.

RapidQL

Everything you need to know about RapidQL. This short article will tell you about RapidQL Commands like Querying, Logging, HTTP Requests, and more.

Get your free
API
key now
4.8 from 1,863 votes
See why the best developers build on Abstract
START FOR FREE
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
No credit card required
abstract
APIs tO LOOK UP
Weather APIMarket Data APIExchange Rate API
IP Geolocation APIPublic Holidays APICompany Enrichment APITime, Date, Timezone APILanguage Translation API
APIs tO CREATE
User Avatar APIWeb Scraping APILink Shortener API
Image Processing APIWebsite Screenshot API
APIs tO VALIDATE
IBAN Validation APIEmail Validation APIPhone Validation API
VAT Validation & Rates API
RESOURCES
API GlossaryFull API ListAPI Guides & TipsEmail Regex GuideWhat's My IP Address?HTTP Status Code Guide
IntegrationsAboutContactIntegrationsLegalGDPR & CCPA
Status:
All systems normal
Abstract CSVAbstract PDFAbstract FilesAbstract Images
@2024 Abstract API Inc