XApiKey - Infinite Lexicon - Infinite Lexicon

XApiKey

XApiKey refers to an API authentication mechanism that uses an HTTP header, commonly named X-Api-Key, to pass a secret key that identifies and authenticates a client to an API service. The key is issued by the service and stored by the client, and the server validates the key against a secure store for each request.

In typical use, a client sends a request with a header such as X-Api-Key: 12345-ABCDE. The server

Security considerations are central to its use. Keys should be transmitted only over TLS to prevent interception.

Implementation notes typically involve validating the key against a secure datastore, handling missing or invalid keys

See also: API key, Bearer token, OAuth 2.0.

case-insensitive

a

a

authentication.

service-to-service

application-level

authentication;

authentication,

per-application