I have several RESTful APIs that uses multiple API keys for authentication via HTTP Basic. My questions are, what is best practice for supporting API key authentication for multiple APIs? Should I use one key for all APIs or one key to one API or even several keys per API? Security is key to the APIs so, is one API key sufficient if i choose to go with one key for all APIs?
1 Answer
Assuming I understand your scenario correctly, this article makes a good case for using multiple keys. By allowing multiple keys you have more room for manoeuvre should one become compromised.
1 Comment
codeimust
Thanks @rogersillito for the link. The article is very informative. I ended up choosing to use multiple active API keys per because its easy to de-activate an individual key if its compromised.