Quiz Entry - updated: 2026.06.23
What is an API key, and what do you have to consider when using one?
An API key (sometimes called a token) is a unique string that identifies and authenticates your application to an external API — usually sent as a query parameter or an HTTP header.
You typically get a key by registering with the provider; the key then ties every request back to your account:
https://api.example.com/data?key=YOUR_API_KEY
Because the key is your identity, the provider uses it to enforce a few things you must plan for:
- Cost — many APIs charge per request, so compare the price against the volume you actually need.
- Rate limits / quotas — keys come with caps (e.g. requests per minute or per day); exceed them and you get rejected.
- Security — the key is effectively a password for the API. A key embedded in frontend JavaScript is visible to every user, who could copy it and run up your bill, so secret keys belong on the server side.
Warning: Treat an API key like a credential. Only put a key in client-side code if it's meant to be public and abuse is impossible; otherwise keep it on the backend.