info Open to new work opportunities! Contact me
Daniel Hladik AI Automation Engineer

← All terms

API Key

A secret identifier that authorizes your application to call an external API and allows the provider to track usage.

What is an API key?

An API key is a unique secret string of characters that acts as a password for accessing an API. You attach it to every request - the external system recognizes who is requesting data or an operation and can track and bill access accordingly.

How API keys work

  1. You register with an API provider (e.g., OpenAI) and generate a key.
  2. You attach the key to every HTTP request in the header (Authorization header).
  3. The server verifies the key and either fulfills or rejects the request.

API key security

  • Never embed an API key directly in code - use environment variables
  • Never share a key publicly (GitHub, chat)
  • Immediately deactivate a compromised key and generate a new one
  • Set key permissions to the minimum required scope