Hooded person uses two laptops, looking dodgy
Hooded person uses two laptops, looking dodgy
Photo by Azamat E on Unsplash

It’s very easy to shoot yourself in the foot, and not only accidentally make it easy for hackers to hack the authentication mechanism, but also make it easier for them to find out the API key!

This can be especially
problematic if the API key controls access to some potentially expensive resource, so by acquiring the API key
the hacker can make you rack up quite a bill.

When a back end developer writes an API, sometimes they need to authenticate the requestor. The server needs to figure out who made the request, so that it can authorize or deny…


Authentication is something most non-trivial web applications need to tackle, and there are a lot of (conflicting) opinions about how it should be done.
Lets look at some approaches to the problem, with links to further details.

When I just started programming, I worked at a tiny start-up.
Our CTO lead the software architecture, and delegated to us lowly juniors many of the code-writing responsibilities.
When building our product, we needed to authenticate our users (like the majority of applications do these days).

Authentication is proving the identity of a user. …

Ivan Rubinson

Full stack web application developer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store