This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

why do i need API key

Posted on 03-10-2016 11:47 PM
Not applicable
Reply posted on --/--/---- --:-- AM

I am publishing few API via apigee .

I handle security at my own application server level .

Now why do i need api consumer key .I need valid use cases for that .Please tell me .

Solved Solved
0 2 127
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

Great Question,

For various reasons, find the list below.

  • Developer Access
    • Securely grant access to different developers who will be building apps consuming your APIs.
    • Revoke access when you find particular app using your APIs went crazy and started misusing your APIs.
  • API Resource Access
    • Let's say I want to provide access to path /x but not to path /y for a particular developer / developer app
    • Let's say I would like to provide GET access but not to POST / DELETE / PUT
  • Tracking Usage
    • Analytics

If you are the single consumer of your APIs may be apikey doesn't matter. But, APIs are all about building EcoSystem and integrations. API keys matter when you would like to on board several stakeholders like app developers, partners, internal teams to consume your APIs just like Facebook & Uber.

I am sure you can do all above things in your server level, but you will end up spending few years building same and few more years maintaining same. Don't reinvent the wheel 🙂

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

Great Question,

For various reasons, find the list below.

  • Developer Access
    • Securely grant access to different developers who will be building apps consuming your APIs.
    • Revoke access when you find particular app using your APIs went crazy and started misusing your APIs.
  • API Resource Access
    • Let's say I want to provide access to path /x but not to path /y for a particular developer / developer app
    • Let's say I would like to provide GET access but not to POST / DELETE / PUT
  • Tracking Usage
    • Analytics

If you are the single consumer of your APIs may be apikey doesn't matter. But, APIs are all about building EcoSystem and integrations. API keys matter when you would like to on board several stakeholders like app developers, partners, internal teams to consume your APIs just like Facebook & Uber.

I am sure you can do all above things in your server level, but you will end up spending few years building same and few more years maintaining same. Don't reinvent the wheel 🙂

Jump to Solution

Posted on --/--/---- --:-- AM
ceber
Staff
Reply posted on --/--/---- --:-- AM

Echoing Anil's answer I would simple add to think beyond immediate needs and consider what might need to be done in the future. It's a very low-impact feature to add if you are using an api management platform, and gives you flexibility to control access to your services based on a simple identifier. That control might be routing, filtering, throttling, etc. Hard to say what the future needs might be, but having some identifier for callers at end edge of your systems gives you a lot of flexibility.

Jump to Solution