What is API Key? — UK Software Development Guide

4 min readJune 2025ClickMasters Technical TeamReviewed by James Whitmore, CTO
what is an api key

Direct Answer

An API key is a unique identifier used to authenticate a client making API calls. It is typically a long random string that the API provider issues to an API consumer. API keys are simpler than OAuth 2.0 but less secure — they are often used for machine-to-machine communication where a single key identifies a specific application.

Api-key in the UK

API key management has direct UK GDPR and Cyber Essentials implications. API keys are credentials — they must be: stored securely (AWS Secrets Manager, Azure Key Vault, HashiCorp Vault — not hardcoded in source code), rotated regularly (Cyber Essentials secure configuration requirement), and never committed to Git repositories (a common UK software security incident). UK government API key management: HMRC MTD uses OAuth 2.0 (not API keys) for user-delegated access; Companies House and GOV.UK Notify use API keys for machine-to-machine access.

Related Glossary Terms

API

API explained for UK software developers and business owners. An API (Application Programming Interface) is a defined set of rules and protocols that allows different software system... UK context, examples, and related services.

Read Definition

Cyber Essentials

Cyber Essentials explained for UK software developers and business owners. Cyber Essentials is a UK government-backed cybersecurity certification scheme developed by NCSC (National Cyber Security... UK context, examples, and related services.

Read Definition

Microservices

Microservices explained for UK software developers and business owners. Microservices architecture is a software design approach where an application is built as a collection of small, indepen... UK context, examples, and related services.

Read Definition

Open Banking

Open Banking explained for UK software developers and business owners. Open Banking is the UK's implementation of PSD2 (Payment Services Directive 2) — a regulatory framework that requires th... UK context, examples, and related services.

Read Definition

Penetration-testing

Penetration Testing explained for UK software developers. Penetration testing (pen testing) is a simulated cyber attack against a software system, network, or application to disc... UK context and related services.

Read Definition

GRAPHQL

GraphQL explained for UK software developers. GraphQL is a query language for APIs and a server-side runtime for executing those queries, developed by Meta (Facebook)... UK context and related services.

Read Definition

Get Expert Advice on Api-key

Speak with our UK software development experts about Api-key. Free consultation, transparent pricing, no obligation.