LOGBOOK

HELP

Quiz Entry - updated: 2026.06.23

What is an API key, and what do you have to consider when using one?

An API key (sometimes called a token) is a unique string that identifies and authenticates your application to an external API — usually sent as a query parameter or an HTTP header.

You typically get a key by registering with the provider; the key then ties every request back to your account:

https://api.example.com/data?key=YOUR_API_KEY

Because the key is your identity, the provider uses it to enforce a few things you must plan for:

  • Cost — many APIs charge per request, so compare the price against the volume you actually need.
  • Rate limits / quotas — keys come with caps (e.g. requests per minute or per day); exceed them and you get rejected.
  • Security — the key is effectively a password for the API. A key embedded in frontend JavaScript is visible to every user, who could copy it and run up your bill, so secret keys belong on the server side.

Warning: Treat an API key like a credential. Only put a key in client-side code if it's meant to be public and abuse is impossible; otherwise keep it on the backend.

From Quiz: WEBT / External Webservices | Updated: Jun 23, 2026