# API Keys An API key is a code that is passed in by a client to access a protected resource on an API (Application Programming Interface). The API key acts as a unique identifier that identifies the client making the API request and grants them access to the resources they are authorized to access. The API key is typically passed in as a request header or query parameter. API keys are commonly used for authentication and authorization in APIs, and are simple to implement, but they are generally considered less secure than other authentication methods, such as OAuth and JWT. This is because API keys can be easily shared or leaked, allowing unauthorized access to protected resources. To enhance security, it is recommended to use API keys in combination with other authentication methods, such as OAuth or JWT, or to implement rate limiting, IP whitelisting, and other security measures to limit the risk of unauthorized access to protected resources. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://hanfak.gitbook.io/workspace/secruity/api-keys.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.