An API key is a unique identifier used to authenticate requests sent to an API. It allows the server to identify the application or user making the call.
What is an API Key?
An API key is a unique string of characters that serves as an identifier to authenticate requests sent to an application programming interface (API). It acts as a "password" between your application and the remote service.
How does an API key work?
When you make an API call, you include your key in the HTTP request, typically via a header like X-Api-Key or Authorization: Bearer. The server checks this key to:
- Identify who is making the request
- Authorize access based on associated permissions
- Track usage for rate limiting and billing
Security best practices
- Never expose an API key in client-side code (front-end JavaScript)
- Store keys in environment variables
- Use different keys per environment (dev, staging, production)
- Immediately revoke a compromised key
API Keys in AILabsAudit
AILabsAudit uses API keys in the format aila_... to authenticate REST and MCP calls. You can create and manage them from the API & Integrations page in your account.