Skip to content
- Tutorials
- Python Tutorial
- Taking Input in Python
- Python Operators
- Python Data Types
- Python Loops and Control Flow
- Python Functions
- Python OOPS Concept
- Python Data Structures
- Python Exception Handling
- Python File Handling
- Python Exercises
- Java
- Java Programming Language
- Java Collections
- Java 8 Tutorial
- Java Programs
- Java Interview Questions
- Java Exercises
- Java Quiz
- Java Projects
- Advance Java
- Programming Languages
- System Design
- Interview Corner
- Computer Science Subjects
- DevOps
- Linux
- Software Testing
- Databases
- Android
- Excel
- Mathematics
- Python Tutorial
- DSA
- Data Structures
- Algorithms
- Analysis of Algorithms
- Searching Algorithms
- Sorting Algorithms
- Greedy Algorithms
- Dynamic Programming
- Graph Algorithms
- Pattern Searching
- Recursion
- Backtracking
- Divide and Conquer
- Mathematical Algorithms
- Geometric Algorithms
- Bitwise Algorithms
- Randomized Algorithms
- Branch and Bound
- Algorithms Tutorial
- DSA Tutorial
- Practice
- All DSA Problems
- Problem of the Day
- Company Wise Coding Practice
- GfG SDE Sheet
- Practice Problems Difficulty Wise
- Language Wise Coding Practice
- Curated DSA Lists
- Competitive Programming
- Company Wise SDE Sheets
- DSA Cheat Sheets
- Top Interview Questions
- Puzzles
- Data Science
- Web Tech
- Courses
-
Last Updated : 30 Sep, 2022
Summarize
Comments
Improve
After having so much discussion about API Keys and OAuth Credential, in this article, we will focus on which one is better from security and privacy point of view. But before proceeding further let’s first recall what does Authentication and Authorization means?
Authentication means to validate your identity by using credentials like User Id, Username, Password. It is concerned with determining whether you are what you say you are using credentials presented by you. A most general example is Login Form that we encounter almost on all the websites.
Authorization, on the other hand, aims at determining whether you are authorized to access the resources or not. After your identity is authenticated by the system, the next step comes to give you access to the resources based on your identity.
For example, If we take example of a Laptop. Suppose there are 2 users in a Laptop, One is Admin and Another one is ABC. ABC is not authorized to delete a file. ABC can only create a file, read a file, modify a file.
If a user has entered credential of Admin. The System will first match the credentials with the one in database to determine which user is this or for a case whether it is a legit user or not. After authenticating the credentials, System gets to know that it is Admin, so it will see the set of permissions for the Admin and grant only the privileges that are meant for Admin. Like Admin can delete a file also. But if it is user ABC, then it will only be able to create a file, read a file and modify a file, deletion will not be allowed. This is known is Authorization.After going through these differences we can easily understand the difference between API Key and OAuth. There are three types of security mechanism for an API –
- HTTP Basic Authentication: In this mechanism HTTP User Agent provides a Username and Password. Since this method depends only on HTTP Header and entire authentication data is transmitted on insecure lines, Thus, it is prone to Man-In-The-Middle Attack where a user can simply capture the HTTP Header and login using copy-cat Header and a malicious packet. Due to enforced SSL, this scheme is very slow. HTTP Basic Authentication can be used in situations like Internal Network where speed is not an issue.
- API Keys: API Keys came into picture due to slow speed and highly vulnerable nature of HTTP Basic Authentication. API Key is the code that is assigned to the user upon API Registration or Account Creation. API Keys are generated using the specific set of rules laid down by the authorities involved in API Development. This piece of code is required to pass whenever the entity (Developer, user or a specific program) makes a call to the API. Despite easy usage and fast speed, they are highly insecure.
Question still remains, WHY ??
The problem is, API Key is a method of Authentication, not Authorization. They are like username and password, Thus providing entry into the system. In general, API Keys are placed at the following places: Authorization Header, Basic Auth, Body Data, Custom Header, Query String.Anytime while making a request we need to send an API Key by placing it in any of the above places. Thus if at any point of time network is compromised, then the entire network gets exposed and API Key can be easily extracted.
Once an API Key is stolen, it can be used for indefinite amount of time. Unless and until the project owner revokes the API Key and generate a new one. - OAuth: OAuth is not only a method of Authentication or Authorization, but it’s also a mixture of both the methods. Whenever an API is called using OAuth credential, user logs into the system, generating a token. Remember this token is active for one session only after which user has to generate a new token by logging again into the system. After submitting this token to the Server, User is authorized to the roles based on the credentials.
Now if take an example from Youtube Data API, First the user will authenticate itself by submitting credentials like username and password and then Submit the generated token to the server and authorize itself for the role.Images below shows how OAuth Credential works:
After successful login, a token is generated. This token when presented to the server decides the appropriate rights for the calling user and generates the results accordingly. The highlighted portion in the image represent the Authorization Token that was generated.
References:
- https://nordicapis.com/3-common-methods-api-authentication-explained/
- https://zapier.com/engineering/apikey-oauth-jwt/
- https://apifriends.com/api-security/api-keys-oauth/
- https://cloud.google.com/endpoints/docs/openapi/when-why-api-key
- https://nordicapis.com/why-api-keys-are-not-enough/
Please Login to comment...
Similar Reads
Difference Between Cyber Security and Information Security
Cyber security and information security are two ways to protect important information. Cyber security is about keeping computer systems and networks safe from bad people who try to break in or cause harm online. It deals with things like stopping hackers, fixing computer problems, and making sure websites work properly. Information security, on the
7 min read
Difference between Network Security and Cyber Security
In today’s global village the terms ‘Network Security’ and ‘Cyber Security’ are actually two sides of the same coin but they are different in some ways. It is important to note that although necessary for the security of information, both concepts are unique and perform different functions in the sphere of digital protection. Knowing the distinctio
5 min read
Difference between Information Security and Network Security
Security of the data and safe networks in the world which connects digitally is the most important step in today’s world for everyone. Hence, it is crucial to pinpoint differences between the various aspects of security due to the constant developments of cyber threats. Two major concepts are often mentioned in this regard and they are Information
7 min read
Principle of Information System Security : Security System Development Life Cycle
INTRODUCTION: The Security System Development Life Cycle (SSDLC) is a framework used to manage the development, maintenance, and retirement of an organization's information security systems. The SSDLC is a cyclical process that includes the following phases: Planning: During this phase, the organization identifies its information security needs and
7 min read
Generating API Keys For Using Any Google APIs
Like most software giants, Google provides its enthusiastic developers community with its APIs, SDKs and Services. These APIs from Google are hosted on their cloud platform, popularly known as Google Cloud Platform (GCP). Software such as Google Maps, YouTube, Gmail, etc., use the same APIs and now are available for the public for implementation at
3 min read
How to Use API Keys authentication in Postman
Postman is an API(application programming interface) development tool that helps to build, test and modify APIs. In this tutorial, we will see how to use API Keys authentication in Postman. The API key is a unique identifier that authenticates requests and if several users are there, their username or email id can be joined with the current date a
2 min read
How to hide your API keys from public in ReactJS?
API keys are used for authenticating requests to various online services and APIs. However, exposing these keys in your ReactJS application can lead to security risks, including unauthorized access and misuse. To protect your API keys, follow these best practices to keep them secure. Why Hiding API Keys is ImportantAPI keys are unique identifiers t
3 min read
Difference between REST API and SOAP API
There is no direct comparison between SOAP and REST APIs. But there are some points to be listed below which makes you choose better between these two web services. Here are: SOAP stands for Simple Object Access Protocol and REST stands for Representational State Transfer.Since SOAP is a protocol, it follows a strict standard to allow communication
2 min read
Difference Between REST API and RPC API
REST and RPC are design architectures widely used in web development to build APIs (Application Programming Interface). It is a set of instructions that permits two systems to share resources and services. The client creates a request to the server that responds to it with data in JSON or XML format. REST APIs It stands for Representational State T
3 min read
Know the Difference Between REST API and RESTful API
APIs (Application Programming Interface) act as an interface between two applications to interact and provide the relevant data. It uses a set of protocols using which the operation is done. Salesforce was the first organization to officially launch API, followed by eBay and Amazon. Also, 60% of transactions made on eBay use their APIs. If we talk
5 min read
How to Publish Any API on Rapid API Platform ?
The Rapid API Platform is a multi-cloud, customized hub to find, connect to, and share APIs. The API Platform improves the developer experience with integrated tools for designing, testing, monitoring, building, publishing APIs, and more. If you have any Rest API endpoints already built, you can easily list your API on the Rapid API platform. In th
2 min read
How to move an element to left, right, up and down using arrow keys ?
The task is to move an element to left, right, up and down using arrow keys in jquery, we can use the jQuery keydown() method along with the .animate() method. The keydown() method triggers the keydown event whenever User presses a key on the keyboard. Syntax: $(selector).keydown(function) Approach: The .keydown() method is to used check whether an
3 min read
How to iterate over the keys and values with ng-repeat in AngularJS ?
The task is to iterate over a JS object (its keys and values) using the ng-repeat directive. This can be done using parenthesis in the ng-repeat directive to explicitly ask for a key-value pair parameter from angularJS. Here the variable key contains the key of the object and value contains the value of the object. Syntax: <element ng-repeat="(k
3 min read
What are keys and its significance in Listing in React JS ?
Keys in React JS help to identify which items in the list have been changed, are removed, or are added. Keys are used as props to our map operator while iterating the list. We cannot use keys in React as props to the child component. It is mostly recommended to use Strings as unique keys. Below are the different ways to use keys let's see: Table of
3 min read
Difference between Object.keys() and Object.entries() methods in JavaScript
Object.keys() and Object.entries() are methods in JavaScript used to iterate over the properties of an object. They differ in how they provide access to object properties: Object.keys() returns an array of a given object's own enumerable property names, while Object.entries() returns an array of a given object's own enumerable string-keyed property
2 min read
Difference Between Object.keys() and Object.getOwnPropertyNames() in JavaScript
In JavaScript, Object.keys() and Object.getOwnPropertyNames() both retrieve properties of an object but differ in scope. Object.keys() returns an array of an object's own enumerable property names. In contrast, Object.getOwnPropertyNames() returns an array of all own property names, including non-enumerable properties. These methods are useful for
3 min read
Difference Between for...in and Object.keys() in JavaScript
The for...in and Object.keys() in JavaScript are used to iterate over the properties of an object. While they might seem similar at first glance they have distinct usage, behavior, and characteristics. This article will explore these differences in detail. These are the following topics that we are going to discuss: Table of Content What is for...i
3 min read
JavaScript Program to Split Map Keys and Values into Separate Arrays
In this article, we are going to learn about splitting map keys and values into separate arrays by using JavaScript. Splitting map keys and values into separate arrays refers to the process of taking a collection of key-value pairs stored in a map data structure and separating the keys and values into two distinct arrays. The map is a data structur
5 min read
Dancing Keys Effect using HTML and CSS
The dancing keys effect is a type of text-animation effect that can be implemented using CSS. In this effect, each letter is given the form of a keyboard key and then animations are applied to move it along either X-axis or Y-axis. This effect is also known as the Jumping Key effect or Piano Key effect. It is generally used in educational websites
4 min read
JavaScript typedArray.keys() Method
The typedArray.keys() is an inbuilt function in JavaScript which is used to return a new array iterator containing the keys for each index of the elements of the given typedArray. Syntax: typedArray.keys() Parameter: This function does not accept anything as parameter. Return value: It returns a new array iterator object containing the keys for eac
1 min read
PHP | Ds\Map keys() Function
The Ds\Map::keys() function of PHP is used to get a set of keys of the current Map instance. The order of keys in the returned set is the same as that of the order of keys in the actual Map instance. Syntax: Ds\Set public Ds\Map::keys ( void ) Parameter: This function does not accepts any parameter. Return value: It returns a set of Ds\Set containi
1 min read
Node.js URLSearchParams.keys()
In URLSearchParams interface, the keys() method returns an Iterator which allows us to iterate through all the keys present in the object. Syntax: searchParams.keys(); Return:Returns an ES6 Iterator over the names of each name-value pair. Example 1: var searchParams = new URLSearchParams("keyA=valueA&keyB=valueB"); // Display the key/
1 min read
D3.js | d3.keys() Function
The d3.keys() function in D3.js is used to return an array containing the property names or keys of the specified object or an associative array. Syntax: d3.keys(object) Parameters: This function accepts single parameter object containing key and value in pairs. Return Value: It returns the keys of the given object. Below programs illustrate the d3
1 min read
D3.js | d3.map.keys() Function
The map.keys() function in D3.js is used to return an array of string keys for every entry in the created map. The order of the returned keys is arbitrary. Syntax: map.keys() Parameters: This function does not accept any parameters. Return Value: This function returns an array of string keys for every entry in the created map. Below programs illust
2 min read
How to get all property values of a JavaScript Object (without knowing the keys) ?
Method 1: Using Object.values() Method: The Object.values() method is used to return an array of the object's own enumerable property values. The array can be looped using a for-loop to get all the values of the object. Therefore, the keys are not required to be known to get all the property values. Syntax: let valuesArray = Object.values(exampleOb
2 min read
How to Sort/Order keys in JavaScript objects ?
Given an object and the task is to sort the JavaScript Object on the basis of keys. Here are a few of the most used techniques discussed with the help of JavaScript. Approach 1: By using .sort() method to sort the keys according to the conditions specified in the function and get the sorted keys in the array. To copy the whole object to that tempor
3 min read
Node.js Buffer.keys() Method
The Buffer.keys() method is used to return an iterator object, containing the key of every byte in a buffer object. Syntax: Buffer.keys() Parameters: This method does not accept any parameters. Return Value: It returns an iterator object having the keys of the buffer. Example 1: In this example, we will use the Buffer.keys() method C/C++ Code // No
1 min read
Node.js urlSearchParams.keys() Method
The urlSearchParams.keys() method is an inbuilt application programming interface of the URLSearchParams class within url module which is used to get the iterator object containing all the name entries only of URL search params object. Syntax: const urlSearchParams.keys() Parameter: This method does not accept any parameter. Return value: This meth
2 min read
HTML DOM NodeList.keys() Method
The NodeList keys() method returns an iterator allowing you to go through all keys contained in this object. The keys are unsigned integers. Syntax: NodeList.keys(); Parameters: This method takes no parameter. Return value: This method returns an iterator. Example: In this example, we will create a NodeList and hence will get an iterator to get all
1 min read
D3.js stack.keys() Method
The stack.keys() method makes an array of strings as an argument and returns the stack generator. Syntax: stack.keys([keys]) Parameters: This method accepts a single parameter as mentioned above and described below. domain: This parameter holds an array of strings as key arguments. Return Value: This method returns the stack generator. Example: C/C
1 min read
Article Tags :
Trending in News
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
'); $('.spinner-loading-overlay').show(); jQuery.ajax({ url: writeApiUrl + 'create-improvement-post/?v=1', type: "POST", contentType: 'application/json; charset=utf-8', dataType: 'json', xhrFields: { withCredentials: true }, data: JSON.stringify({ gfg_id: post_id, check: true }), success:function(result) { jQuery.ajax({ url: writeApiUrl + 'suggestions/auth/' + `${post_id}/`, type: "GET", dataType: 'json', xhrFields: { withCredentials: true }, success: function (result) { $('.spinner-loading-overlay:eq(0)').remove(); var commentArray = result; if(commentArray === null || commentArray.length === 0) { // when no reason is availaible then user will redirected directly make the improvment. // call to api create-improvement-post $('body').append('
'); $('.spinner-loading-overlay').show(); jQuery.ajax({ url: writeApiUrl + 'create-improvement-post/?v=1', type: "POST", contentType: 'application/json; charset=utf-8', dataType: 'json', xhrFields: { withCredentials: true }, data: JSON.stringify({ gfg_id: post_id, }), success:function(result) { $('.spinner-loading-overlay:eq(0)').remove(); $('.improve-modal--overlay').hide(); $('.unlocked-status--improve-modal-content').css("display","none"); $('.create-improvement-redirection-to-write').attr('href',writeUrl + 'improve-post/' + `${result.id}` + '/', '_blank'); $('.create-improvement-redirection-to-write')[0].click(); }, error:function(e) { $('.spinner-loading-overlay:eq(0)').remove(); var result = e.responseJSON; if(result.detail.non_field_errors.length){ $('.improve-modal--improve-content .improve-modal--improve-content-modified').text(`${result.detail.non_field_errors}.`); jQuery('.improve-modal--overlay').show(); jQuery('.improve-modal--improvement').show(); $('.locked-status--impove-modal').css("display","block"); $('.unlocked-status--improve-modal-content').css("display","none"); $('.improve-modal--improvement').attr("status","locked"); $('.improvement-reason-modal').hide(); } }, }); return; } var improvement_reason_html = ""; for(var comment of commentArray) { // loop creating improvement reason list markup var comment_id = comment['id']; var comment_text = comment['suggestion']; improvement_reason_html += `
${comment_text}
`; } $('.improvement-reasons_wrapper').html(improvement_reason_html); $('.improvement-bottom-btn').html("Create Improvement"); $('.improve-modal--improvement').hide(); $('.improvement-reason-modal').show(); }, error: function(e){ $('.spinner-loading-overlay:eq(0)').remove(); // stop loader when ajax failed; }, }); }, error:function(e) { $('.spinner-loading-overlay:eq(0)').remove(); var result = e.responseJSON; if(result.detail.non_field_errors.length){ $('.improve-modal--improve-content .improve-modal--improve-content-modified').text(`${result.detail.non_field_errors}.`); jQuery('.improve-modal--overlay').show(); jQuery('.improve-modal--improvement').show(); $('.locked-status--impove-modal').css("display","block"); $('.unlocked-status--improve-modal-content').css("display","none"); $('.improve-modal--improvement').attr("status","locked"); $('.improvement-reason-modal').hide(); } }, }); } else { if(loginData && !loginData.isLoggedIn) { $('.improve-modal--overlay').hide(); if ($('.header-main__wrapper').find('.header-main__signup.login-modal-btn').length) { $('.header-main__wrapper').find('.header-main__signup.login-modal-btn').click(); } return; } } }); $('.left-arrow-icon_wrapper').on('click',function(){ if($('.improve-modal--suggestion').is(":visible")) $('.improve-modal--suggestion').hide(); else{ $('.improvement-reason-modal').hide(); } $('.improve-modal--improvement').show(); }); function loadScript(src, callback) { var script = document.createElement('script'); script.src = src; script.onload = callback; document.head.appendChild(script); } function suggestionCall() { var suggest_val = $.trim($("#suggestion-section-textarea").val()); var array_String= suggest_val.split(" ") var gCaptchaToken = $("#g-recaptcha-response-suggestion-form").val(); var error_msg = false; if(suggest_val != "" && array_String.length >=4){ if(suggest_val.length <= 2000){ var payload = { "gfg_post_id" : `${post_id}`, "suggestion" : `
${suggest_val}
`, } if(!loginData || !loginData.isLoggedIn) // User is not logged in payload["g-recaptcha-token"] = gCaptchaToken jQuery.ajax({ type:'post', url: "https://apiwrite.geeksforgeeks.org/suggestions/auth/create/", xhrFields: { withCredentials: true }, crossDomain: true, contentType:'application/json', data: JSON.stringify(payload), success:function(data) { jQuery('.spinner-loading-overlay:eq(0)').remove(); jQuery('#suggestion-section-textarea').val(""); jQuery('.suggest-bottom-btn').css("display","none"); // Update the modal content const modalSection = document.querySelector('.suggestion-modal-section'); modalSection.innerHTML = `
Thank You!
Your suggestions are valuable to us.
You can now also contribute to the GeeksforGeeks community by creating improvement and help your fellow geeks.
`; }, error:function(data) { jQuery('.spinner-loading-overlay:eq(0)').remove(); jQuery('#suggestion-modal-alert').html("Something went wrong."); jQuery('#suggestion-modal-alert').show(); error_msg = true; } }); } else{ jQuery('.spinner-loading-overlay:eq(0)').remove(); jQuery('#suggestion-modal-alert').html("Minimum 5 Words and Maximum Character limit is 2000."); jQuery('#suggestion-modal-alert').show(); jQuery('#suggestion-section-textarea').focus(); error_msg = true; } } else{ jQuery('.spinner-loading-overlay:eq(0)').remove(); jQuery('#suggestion-modal-alert').html("Enter atleast four words !"); jQuery('#suggestion-modal-alert').show(); jQuery('#suggestion-section-textarea').focus(); error_msg = true; } if(error_msg){ setTimeout(() => { jQuery('#suggestion-section-textarea').focus(); jQuery('#suggestion-modal-alert').hide(); }, 3000); } } document.querySelector('.suggest-bottom-btn').addEventListener('click', function(){ jQuery('body').append('
'); jQuery('.spinner-loading-overlay').show(); if(loginData && loginData.isLoggedIn) { suggestionCall(); return; } // load the captcha script and set the token loadScript('https://www.google.com/recaptcha/api.js?render=6LdMFNUZAAAAAIuRtzg0piOT-qXCbDF-iQiUi9KY',[], function() { setGoogleRecaptcha(); }); }); $('.improvement-bottom-btn.create-improvement-btn').click(function() { //create improvement button is clicked $('body').append('
'); $('.spinner-loading-overlay').show(); // send this option via create-improvement-post api jQuery.ajax({ url: writeApiUrl + 'create-improvement-post/?v=1', type: "POST", contentType: 'application/json; charset=utf-8', dataType: 'json', xhrFields: { withCredentials: true }, data: JSON.stringify({ gfg_id: post_id }), success:function(result) { $('.spinner-loading-overlay:eq(0)').remove(); $('.improve-modal--overlay').hide(); $('.improvement-reason-modal').hide(); $('.create-improvement-redirection-to-write').attr('href',writeUrl + 'improve-post/' + `${result.id}` + '/', '_blank'); $('.create-improvement-redirection-to-write')[0].click(); }, error:function(e) { $('.spinner-loading-overlay:eq(0)').remove(); var result = e.responseJSON; if(result.detail.non_field_errors.length){ $('.improve-modal--improve-content .improve-modal--improve-content-modified').text(`${result.detail.non_field_errors}.`); jQuery('.improve-modal--overlay').show(); jQuery('.improve-modal--improvement').show(); $('.locked-status--impove-modal').css("display","block"); $('.unlocked-status--improve-modal-content').css("display","none"); $('.improve-modal--improvement').attr("status","locked"); $('.improvement-reason-modal').hide(); } }, }); });