Introduction to API Keys

API Keys are used to authenticate a caller triggering a HTTP or API Trigger that is using API Key authentication. One API Key is valid only for a specific Environment which means you need to create unique API Keys for each Environment. API Key access rights are determined by the Rulesets applied to it.

One API Key can be shared by several API clients, but usually it is best to create unique API Keys for each API client or party needing access to an API or a set of APIs.

API Keys are much like door keys. The holder of the key can open all doors which the key is able to open. The holder of an API Key can access all the APIs the API Key provides access to. For this reason it is important to make sure API Keys are stored in a secure way in the API clients and to use secure HTTPS protocols when making API requests.

In Frends, in addition to API Keys, you also need to define Rulesets. An API Key defines who or what party is accessing the API and finally the Rulesets linked to the API Key define which APIs and which operations the API Key has the right to access.

This picture illustrates how the API Keys and the Rulesets together define access to the Frends APIs:

The next article is Introduction to Defining the use of API Keys on OpenAPI Specification