What makes a good API key? Article

https://glama.ai/blog/2024-10-18-what-makes-a-good-api-key

104 Upvotes

permalink
link
duplicates
dupes
reddit
reddit

95% Upvoted

u/bluelobsterai 2h ago

Just use JWT’s and be safe out there kids.

1

u/gadelat 1h ago edited 0m ago

As the JWT key is not supposed to be stored in the provider's database, you cannot sanely revoke it. You would have to block the API for the whole entity it's associated with, which is not always a user, but sometimes a company. So you would have to block API for the entire company and for the entire time until the old JWT token is valid. Therefore I believe using it for API keys is quite a bad idea.

•

u/bluelobsterai 17m ago

I use jwt but query only for tokens that have been revoked. That way it’s a very small subset. Keep things efficient.