We all have done it at one point or another. But if I am ever in the middle of a technical presentation and mention “API Keys”, I get all types of dirty looks from security.
Notice that Square for instance strongly discourages API Keys for production.
On the AWS side (where I work) we always discourage long term use of access key/secret keys for accessing resources even though I realize it’s necessary for some integrations. Even then, most organizations also put a condition that you can only use it from known IP addresses.
https://zapier.com/engineering/apikey-oauth-jwt/
https://cloud.google.com/endpoints/docs/openapi/when-why-api...
We all have done it at one point or another. But if I am ever in the middle of a technical presentation and mention “API Keys”, I get all types of dirty looks from security.
Notice that Square for instance strongly discourages API Keys for production.
https://developer.squareup.com/docs/build-basics/access-toke...
On the AWS side (where I work) we always discourage long term use of access key/secret keys for accessing resources even though I realize it’s necessary for some integrations. Even then, most organizations also put a condition that you can only use it from known IP addresses.