Get Started with Zuplo Free - https://portal.zuplo.com/signup
Many public APIs choose to use API keys as their authentication mechanism, and with good reason. In this video, we’ll discuss how to approach API key security for your API, including:
* why you should consider API key security
* design options and tradeoffs
* best practices of API key authentication
* technical details of a sound implementation
This video is based on this blog post: https://zuplo.com/blog/2022/12/01/api-key-authentication
If you like this, be sure to checkout a similar video on rate limiting https://www.youtube.com/watch?v=gO5e9GdvuT0
▬▬▬▬▬▬ T I M E S T A M P S ▬▬▬▬▬▬
00:00 - Where our best practices came from
00:40 - Why do the world's best API-first companies use API Keys?
06:30 - GitHub Secret Scanning program
07:05 - Retrievable or Irretrievable?
10:36 - Rolling transition period
11:53 - Show the created date
12:37 - Checksum Validation
14:44 - Support Secret Scanning
16:44 - Minimize Latency
18:49 - Hide Keys Until Needed
20:00 - Copy Pasta
20:50 - Label your Keys
22:36 - Canonical Implementation Flow
See also: https://zuplo.com/blog/2022/05/03/you-should-be-using-api-keys/
GitHub's secret scanning partner program: https://docs.github.com/en/developers/overview/secret-scanning-partner-program
