一些API提供商为什么需要API密钥? [英] Why do some API providers require an API key?
问题描述
几个Web服务API中有你的API密钥注册。例如,UPS的Web服务需要一个键,它包括在呼叫他们的服务 - <青霉>除了用户名和密码的
Several web service APIs have you sign up for an API key. For example, UPS Web services requires a key, which is included in calls to their service -- In addition to the username and password.
什么是由提供者使用此键?也许UPS是要求既API密钥和用户名/密码只有一个?
What is this key used for by the provider? Perhaps UPS is the only one to require both API key and username/password?
一个想法是,他们用它来限制或测量API的使用,但在我看来,在用户配置文件的设置可以很容易地做同样的事情 - 尤其是因为您通常需要得到一个帐号瓦特/用户名和密码来获取API中的首位。
One idea is that they use it to limit or measure API usage, but it seems to me that a setting in the users profile could easily do the same thing -- especially since you generally have to get an account w/ username and password to get the API in the first place.
推荐答案
有两种predominant用例。首先是测量,跟踪和限制API使用。如果有人正在建立一个服务,它允许第三方访问它,服务提供商可能希望控制(或至少知道)谁有权访问,使他们能够尝试和prevent之类的拒绝服务攻击。在测量和轨道边,可以作为了解哪些应用程序是流行的接入服务或设有人使用最多的获取感兴趣的信息等。
There are two predominant use cases. The first is to measure, track and restrict API usage. If someone is building a service that allows third parties to access it, the service provider may want to control (or at least know) who has access so that they can try and prevent things like denial of service attacks. On the measure and track side, interesting information can be obtained such as knowing which applications are popular for accessing the service or which features people use the most.
其他的用例是有关安全和认证。这是不明智的服务提供商有第三方应用程序和服务要求用户放弃自己的用户名和密码的主要服务。这是一个巨大的曝光。这就是为什么许多服务都在协议如 OAuth的,它提供了通过授权用户的数据进行委托授权访问的标准化。虽然并非万无一失,它绝对是preferable分发到用户凭据未知的,不可信的,当事人
The other use case is related to security and authentication. It is unwise for a service provider to have third party applications and services require users to give up their username and password for the primary service. This is a huge exposure. That is why many services are standardizing on protocols such as OAuth, which provides delegated access via authorization to a user's data. While not foolproof, it is definitely preferable to distributing user credentials to unknown, and untrusted, parties.
这篇关于一些API提供商为什么需要API密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
