Quiz Entry - updated: 2026.07.14
What do real public-API request URLs look like, and how is the key passed in them?
Most public APIs are plain HTTP(S) URLs where the key rides along as a query parameter — but the parameter's name differs per provider (appid, key, token, access_key).
A useful thing to notice: there is no single standard name for the key. You have to read each provider's docs:
| Service | Example URL pattern | Key parameter |
|---|---|---|
| Weather (OpenWeatherMap) | api.openweathermap.org/data/3.0/onecall?lat=…&lon=…&appid=<KEY> |
appid |
| Geocoding (OpenCage) | api.opencagedata.com/geocode/v1/json?q=LAT+LNG&key=<KEY> |
key |
| SMS (smsup.ch) | api.smsup.ch/send?text=Hello&to=4178…&token=<KEY> |
token |
| Exchange rates | api.exchangeratesapi.io/latest?symbols=CHF&access_key=<KEY> |
access_key |
Each is just a GET request you could paste into a browser. Some providers prefer the key in an HTTP header instead of the URL — which is actually safer, since URLs end up in server logs and browser history.
Tip: When a call returns 401/403, the first suspect is the key parameter — wrong name, missing, or expired.