API keys and usage plans

API keys are a well-known concept. They are like gate passes for accessing a particular realm. They comprise the first level of access control that APIs impose.

Let's look at a real-world example. Suppose that Harry is a traveler that wants to travel to a particular location by plane. Harry needs to catch a flight from an airport.

For security reasons, the airport is a strictly access-controlled location. Only folks that have a valid ID card or passport and a plane ticket for that day are allowed to enter. There are further authentications and authorizations that the passenger has to undergo before boarding the flight, but none of them will occur if the passenger is not let on due to invalidity of his/her ID card ...

Get Hands-On Serverless Applications with Kotlin now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.