Many web service APIs are you signing up for an API key. For example, UPS web services require a key , Which is included in the call for their service - In addition to the username and password .
Is this key provider? Maybe UPS requires both an API key and a username / password?
One idea is that they use it to limit or measure API usage, but I think a setting in the user profile will do the same thing easily - especially since you first To obtain the API, the account w / username and password are required to be received.
Two major uses are to measure, track, and restrict the first API usage. If someone is building a service that allows third parties to access it, then the service provider can use it (or at least know) to control such things as denial of service attacks. Try to stop and try to stop. Interestingly, interesting information can be found on the measurement and track, such as which applications are popular to access the service or the people who use it the most.
Other uses relate to case security and authentication. It is not stupid for service providers for third party applications and services that users need to leave their username and password for primary service. This is a big exposure, this is why many services are standardizing on the protocol, such as providing delegated access through user authorization for data. Do not hesitate, it is definitely better to distribute user credentials to unknown, and unreliable parties.
Comments
Post a Comment