Those services that have a public API
are required to register to receive a special key … that is, API Key
.. and this key must be passed on every request : site.ru/:5api_key} / {method} / ...
It is not clear why they do this, if, for example, I can take this key from someone without registering …
so what is this API Key
for? what’s the point?
Answer 1, authority 100%
API Key
is used as CSRF Token
– in order to send far away at once and without talking those who do not have it. If you received it and you do bullshit, you could withdraw it. That is, a quick moderation tool.
Keys can also perform the functions Access Token
– so who – something (service, user) can provide access to those resources to which access is denied (private messages, private information, etc.), without making the latter public.
It is, of course, possible to take a key from someone, only the owner of the key will bear responsibility for the actions (in some services, this is directly stipulated).
If the actions of not of the key owner are destructive, the administration will remove the owner (and, possibly, recall some paid paid services collected by the audience under the old key). The compromised key is sometimes given to recreate (SE API
), sometimes – only with the help of those. support.
Answer 2, authority 50%
Usually API key is used to identify the client by the service. And according to this key, the service determines what data can be given to a specific client.
Usually, authorization is also used and a token is issued, which must be transferred with each request to the server after authorization.
The owners of the service probably do not assume that someone will give you their api_key)