Place API key in Headers or URL

rest http authentication url api-key

It should be put in the HTTP Authorization header. The spec is here https://www.rfc-editor.org/rfc/rfc7235


If you want an argument that might appeal to a boss: Think about what a URL is. URLs are public. People copy and paste them. They share them, they put them on advertisements. Nothing prevents someone (knowingly or not) from mailing that URL around for other people to use. If your API key is in that URL, everybody has it.

Related

Center an item with position: relative
Select Top 1 field and assign to local variable
Updating iOS badge without push notifications
Why is there no base class in C++?
Python 3.2 Unable to import urllib2 (ImportError: No module named urllib2) [duplicate]
Xcode UI test - UI Testing Failure - Failed to scroll to visible (by AX action) when tap on Search field "Cancel' button
What is the meaning of axis=-1 in keras.argmax?
How to get number of video views with YouTube API?
Fully change package name including company domain
Hyper-V: Create shared folder between host and guest with internal network
Is Grails worth it? [closed]
django 1.4 - can't compare offset-naive and offset-aware datetimes