What Are API Keys, And Why Are They So Important? | System Design Interview Basics

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

you probably have your own experience with api keys it's this massively long encrypted string which you add to your requests for certain apis but why is that and how does it work api key authentication is a technique that was invented to overcome the weaknesses of shared credentials which was a big problem in http basic authentication it was impossible for the server to tell apart different client applications when multiple of those clients used the same valid credentials so what are api keys doing in a nutshell in technical terms api keys provide two things first client app identification because they identify applications that making api calls to the server and second they also provide client app authorization because they check whether the calling applications actually have granted access to the api server let's talk through a couple of scenarios if the api key is invalid the server can simply block the access to the api if the api key can be validated by the server the key also acts as a unique identifier that allows to lock all activities and spot and counter malicious behavior for example the api provider can set a rate limit that restricts the amount of requests per minute that are allowed per individual client thereby api keys help to establish a first line of defense against attempted denial of service attacks let's answer a couple more hands-on questions for example where to even get such an api key from api key providers typically have a web application to manage your access to their api and that's where you also find a section where you can generate your api key then you add your api key into the header or the url of each of your requests and voila you're able to access their api if you work with api keys there are two real rookie mistakes that can blow up your whole application security but once you're aware of them it's pretty easy to avoid them first do never embed your api key directly into your code and also don't put it in any file within your application source tree both are very critical because it's almost certain once they ended up in your code or in your source tree that they will make their way onto github and then it's just a very small step into them becoming public it wouldn't be the first time that this happened to someone instead you should always store your api keys in environmental variables the second easy to avoid rookie mistake is to confuse api keys for user authentication api keys only identify applications for user authentication they're completely useless why is that well api keys can easily copy paste it straight from a dev console or sniffed from unencrypted network traffic and once that key is stolen it can basically used indefinitely because there is no expiration date in fact api providers could take counter measures to mitigate those issues but there's just way more effective methods for user authentication if you now want to integrate today's learnings into your own system design drafts i might can help you also with that i created a unique library with all the system design elements i use in my videos and courses if you want to use them too you can find a link in the video description below if you liked today's video and you want to see more of that content please hit that like button subscribe to the channel this is also helping me a lot to grow the channel create more and better videos and resources which again help you to land your dream job in bigtech you

Info

Channel: Big Tech Coach

Views: 47,200

Rating: undefined out of 5

Keywords: system design, interview question, amazon interview question, google interview question, system design interview, system design tutorial, technology, amazon, google, computer science, software engineer, software engineering, microsoft, coding interview, scalability, distributed systems, horizontal scaling, microsoft interview questions, what is scalability, scalability explained, system design interview questions, scalability basics, learn system design, API, API design, API keys

Id: sNn23dPRUS8

Channel Id: undefined

Length: 4min 21sec (261 seconds)

Published: Sun Mar 13 2022