How do I store API keys securely?
So instead of storing the key in plain text (bad) or encrypting it, we should store it as a hashed value within our database. A hashed value means that even if someone gains unauthorised access to our database, no API keys are leaked and it's all safe.
Are API keys sensitive?
API keys are generally not considered secure; they are typically accessible to clients, making it easy for someone to steal an API key. Once the key is stolen, it has no expiration, so it may be used indefinitely, unless the project owner revokes or regenerates the key.
Can someone else use your API key?
There are certain scenarios where it may be appropriate to share your API key with other people or businesses. For example, if you are working with a partner on a project, you may need to give them access to your APIs for them to be able to work on the project.