# What Are API Keys?

<div className="not-prose">
  <h1 className="akg-hero-title">API Keys</h1>
  <div className="akg-hero-lede">
    The missing guide to securing, implementing, and managing API key authentication.
  </div>
  <div className="akg-hero-sub">
    No RFC defines how API keys should work. Every provider invents their own approach.
    This open-source guide documents the best practices that have emerged, so you don't
    have to learn them the hard way.
  </div>
  <KeyAnatomy />
</div>

## Definition

An API key is a unique identifier (typically a long string of characters) that a client includes in API requests so the server can identify who is making the call. Think of it as a lightweight credential: it tells the API provider _which_ application or account is responsible for a given request, without necessarily proving _who the end user is_.

API keys are one of the oldest and most widely deployed authentication mechanisms on the web. Nearly every major API provider, from Stripe to Google Maps, issues API keys as the primary way developers connect to their services.

<SectionGrid />
<HomeCTA />