Those services that have an open API are required to register in order to receive a special key ... that is, an API Key .. and this key must be transmitted with each request: site.ru/{api_key}/{method}/...
It is not clear why they do this, if I can, for example, take this key from someone without registering ...
so why do we need this API Key ? What's the point?
API Key used as a CSRF Token - in order to send far away without talking to those who do not have it. If you received and create garbage - you could withdraw. That is, a quick moderation tool.
Also, keys can perform Access Token functions — in this way, someone (service, user) can provide access to those resources that are denied access (private messages, private information, etc.) without making the latter public.
Of course, it is possible to take the key from someone, only the owner of the key will have to bear responsibility for the actions (in some services, this is directly stipulated).
If the actions of the non- owner of the key are destructive, the administration will remove the owner (as well as, possibly, will withdraw some paid paid services, the collected audience under the old key). A compromised key is sometimes allowed to re-create ( SE API ), sometimes only with the help of those. support
Typically, the API key is used to identify the client service. And according to this key, the service determines which data can be given to a specific client. Usually, authorization is still used and a token is issued, which needs to be re-trusted with each request to the server after authorization.
The owners of the service certainly do not assume that someone will give you their api_key)
Source: https://ru.stackoverflow.com/questions/523911/
All Articles