What is API Key? — UK Software Development Guide
Direct Answer
An API key is a unique identifier used to authenticate a client making API calls. It is typically a long random string that the API provider issues to an API consumer. API keys are simpler than OAuth 2.0 but less secure — they are often used for machine-to-machine communication where a single key identifies a specific application.
Api-key in the UK
API key management has direct UK GDPR and Cyber Essentials implications. API keys are credentials — they must be: stored securely (AWS Secrets Manager, Azure Key Vault, HashiCorp Vault — not hardcoded in source code), rotated regularly (Cyber Essentials secure configuration requirement), and never committed to Git repositories (a common UK software security incident). UK government API key management: HMRC MTD uses OAuth 2.0 (not API keys) for user-delegated access; Companies House and GOV.UK Notify use API keys for machine-to-machine access.
Related Glossary Terms
API
API explained for UK software developers and business owners. An API (Application Programming Interface) is a defined set of rules and protocols that allows different software system... UK context, examples, and related services.
Cyber Essentials
Cyber Essentials explained for UK software developers and business owners. Cyber Essentials is a UK government-backed cybersecurity certification scheme developed by NCSC (National Cyber Security... UK context, examples, and related services.
Microservices
Microservices explained for UK software developers and business owners. Microservices architecture is a software design approach where an application is built as a collection of small, indepen... UK context, examples, and related services.
Open Banking
Open Banking explained for UK software developers and business owners. Open Banking is the UK's implementation of PSD2 (Payment Services Directive 2) — a regulatory framework that requires th... UK context, examples, and related services.
Penetration-testing
Penetration Testing explained for UK software developers. Penetration testing (pen testing) is a simulated cyber attack against a software system, network, or application to disc... UK context and related services.
GRAPHQL
GraphQL explained for UK software developers. GraphQL is a query language for APIs and a server-side runtime for executing those queries, developed by Meta (Facebook)... UK context and related services.
Get Expert Advice on Api-key
Speak with our UK software development experts about Api-key. Free consultation, transparent pricing, no obligation.