Are you confused on what API key is ? Don't Worry this Blog will help you to better understanding what API Key is....
What is API?
API is Application Programming Interface. API helps in connecting two different application.
We required API keys to have communication between the both applications
What is API Key?
API Keys is a token (like a Username Or password) to go into a particular project to do API calls. This also knows as giving authorization for the provided project.
In order to connect with other API, an API Key plays very important role It acts as a secret code or authentication token as well as a unique identifier. Different platforms may implement and use API Keys in different ways.
API Keys are free of charge so we can generate easily and quickly
Now let’s see how to generate the code and as well how to use it …,
Why API Key required?
API Keys is secure for identifying the calling users and will also check and verify that it has permission to call API, the API server decides on authorizing a API request
Who to create API Key?
Project authorization rules are created and managed by the API owner or source
How API Key look like?
API key are string of characters.
How to create API Keys: I am using the postman tool to create API Keys but there are as well other ways to generate API keys, Please find the below screenshot where to go and what button to click to do this action
Click on Manage Accounts
Once you click on this Manage Accounts, you will land on to the below screenshot page
On the left side menu at last we can see API keys when we click on that we land on below screenshot page
Once you come to this page we need to do some settings like API Keys settings and choose from the radio button whichever is appropriate to your project for example Never expire API Keys or API keys expire after 30 or 60 or 180 days. Once you selected the required radio button save the API keys settings.
After saving the API Keys setting ,On the top right corner click on Generate API Keys, you get this below pop-up on the screen
Name your key and Generate the API Key, see the below screenshot once you have given details
Always make sure to save the token by copy to the clipboard and also saving it somewhere to use in the future.
After all, these steps see below screen shot how it looks
there we created our API keys for our project to use further to give requests and get a response from our APIs
How to use this API Keys? In the Postman tool go to collections, in collections when we add a request there, we need to give Authorization, see the below screenshot for a better understanding
In the above drop-down click on API Key, you can see the below screen shot
Give the keys (the name you gave while generating the token) and value (the token which you copied and saved it). In case you forgot to save the token we can also regenerate it as well to use. That’s it… now you are ready to use the API Keys
If you do not want to expose the API keys in Postman we can also store them in environmental variables and we can use that variable.
Now lets see how it works in Rest Assure Automation: While doing Rest Assure Automation we can use this code in the given() method and pass this API Keys and value as a header request.
Below is the example of Rest Assure code
In Rest Assure while doing coding we can also hide the API Keys by blacklist method, the purpose of doing this is for the safety measure and as well if we dont want to share the API Key we can hide.
Here,is the code in Rest Assure Automation how to mask API keys using Blacklist method
Once in header request if we blacklist the API Keys, Please find the below console what happence
Just observe the code above in Headers the API Key is Blacklisted means we hidden the secret code
Not only API keys we can hide any headers data by Blacklisted, if it is single we can hide directly by calling Blacklisted. If it is multipe data we can hide by creating collection method too.....
How to do the multiple data hide? By create a collection String we can achieve this ........
Main agenda of API Keys are it secure the server, control the traffic, it will keep track and control how API used and prevent the malicious use or abuse of the API
Usually in Organization we get all the information how to test API's as a API documentation (this document is contract between client and coustomer ) which we need to follow. Get API key in that document, write a request to an endpoint there we go connect with API
I hope that this blog helped you to understand what API key is !!
Happy coding :)