API Key
SecurityDefinition
An API key is a unique identifier string passed in requests to authenticate an application or user accessing an API. API keys are simpler than OAuth but provide less security — they are long-lived, not scoped per-user, and must be kept secret.
Related Tools
Frequently Asked Questions
Related Terms
JWT
JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. JWTs are self-contained tokens composed of three Base64URL-encoded parts: header, payload, and signature. Widely used for authentication and API authorization.
OAuth
OAuth 2.0 is an authorization framework that allows applications to obtain limited access to user accounts on HTTP services. OAuth enables "Login with Google/GitHub" flows where a third-party app is granted access to specific user data without receiving the user's password.
SSL/TLS
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that provide encrypted communication over the internet. TLS is used in HTTPS, email (SMTP/IMAP), VPNs, and any application requiring secure data transmission. SSL is deprecated; TLS 1.3 is current.
Certificate
An SSL/TLS certificate (X.509 certificate) is a digital document that binds a cryptographic public key to an identity (domain name, organization). Certificates are issued by Certificate Authorities (CAs) and enable HTTPS. Browsers trust certificates signed by recognized CAs.