When dealing with APIs, you may encounter something called an API key. They’re sort of like passwords which let APIs confirm your identity. Once an API knows you’re legitimate, you can get through and use the API’s full set of features.
Example of an API key: 1f9ba190-c513-471b-a573-b8d008bb52fe
Usually, the API key is a single token that’s used to access the REST API. In the computing world, a token is an object that represents the right to perform an operation.
By putting two and two together, we can infer that an API key is a code that gives us the right to access an API.
Below is a technical definition of API keys taken straight from Wikipedia.
An application programming interface key (API key) is a unique identifier used to authenticate a user, developer, or calling program to an API. However, they are typically used to authenticate a project with the API rather than a human user. Different platforms may implement and use API keys in different ways.
– Application programming interface key, Wikipedia
Depending on your familiarity with APIs, this definition might not be the easiest thing to understand. So let’s try to break the definition down into something easier to digest.
There are 2 keywords here that will help us understand:
Identifiers are tokens, which are strings of alphanumeric sequences. In programming, these can take the form of words used in everyday conversation and are used to denote variables, types, labels, subroutines, and packages. But in the context of API keys, these are usually jumbles of numbers and letters.
Authentication is how computers can tell that you’re real (or “authentic”). There are various methods of authentication such as Firebase and Auth0. The API key is one of those methods. API keys are mostly used for project authentication rather than user authentication, but the usage varies.
Some APIs (such as these) are keyless, which means they don’t require authorization/authentication to use. That means you can access their endpoints right away.
Keyless APIs are great for testing since there’s no barrier to entry. Unlike with other APIs, you don’t need to add authorization/authentication headers just to send a request.
Usually, you’d need a third-party app like Apipheny to send API requests. But because of the lack of authentication/authorization in keyless APIs, you can send a request with just your browser’s address bar by typing in the URL.
Try sending a request with your browser: https://cat-fact.herokuapp.com/facts
The resulting data comes out a jumbled mess since browsers typically don’t convert API data into readable JSON or CSV — but it just goes to show how quick and easy it is to use keyless APIs.
Because of the existence of keyless APIs, it’s natural to question why API keys exist at all.
Think of API keys like driver’s licenses. In the context of authentication, driver’s licenses allow other people to confirm our identity (that is, that we are who we say we are). In the context of authorization, driver’s licenses tell other people that we indeed have the right to drive our vehicle.
API keys serve a similar role. A developer doesn’t want just anyone to use his API. Neither does he want people to abuse it. API keys help prevent these things.
Without an API key (or other forms of authentication), people could steal (or even modify) confidential information stored within the API.
But with keyless APIs, a lot of the data being transferred is public information, so there isn’t much risk if the data gets out.
Bottom line — API keys are used to prevent malicious use or abuse of the API.
The process of obtaining a unique API key depends on the owner of the API. Usually, you can find yours via the private interface shown to you while logging into the developer’s platform.
On Mailchimp, you can find your unique API key in Account > Extras > API Keys. After generating your API key, you can then use it to access the Mailchimp API’s various endpoints.
Sometimes it’s possible to perform actions like labeling or deactivating your existing API keys, but that depends on the API.
To use API keys in Apipheny, simply go to the Import tab and place your API key into the Headers field.
Do a lot of copy-pasting?
We used to, as well.
But it took up too much of our time.
Introducing Apipheny, a Google Sheets add-on that lets you import data directly into Google Sheets — and save up to an hour of your workday.
It lets you connect virtually any API to Google Sheets — in just a matter of seconds.
This means you can now import data directly from your favorite data sources — and finally stop switching between tabs with your fingers stuck on Ctrl + C and Ctrl + V.
Here’s Apipheny CEO & Co-Founder, Meelad, showing you just how easy it is to use the add-on.
Apipheny lets you do the following things:
Try it for free. No credit card needed.
Learn more about APIs in these related articles: