Blog post code snippets for: WHY DOES YOUR MOBILE APP NEED AN API KEY?

00-WHY-DOES-YOUR-MOBILE-APP-NEED-AN-API-KEY.md

WHY DOES YOUR MOBILE APP NEED AN API KEY?

The blog post can fe found here.

TLDR

Mobile apps are becoming increasingly important in the strategy of any company. As a result, companies need to release new application versions at a fast pace, and this puts developers under pressure with tight deadlines to complete and release new features very quickly.

Some developers may take shortcuts to achieve this delivery speed while being aware of the trade offs involved, but other less experienced developers will just fall into the trap of starting to code without doing their research first, regarding what are the best practices to develop and secure a mobile application and the API server that it communicates with.

To be able to understand why a mobile app needs an API key to identify itself to the API server, we need to be able to differentiate between WHO and WHAT is making the request to the API server and to understand what the difference is between public and private APIs.

01-hateoas-example.json

{
    "person": {
        "id": 1,
        "firstName": "test",
        "secondName": "one",
        "dateOfBirth": "01/01/0001 01:10",
        "profession": "im a test",
        "salary": 0
    },
    "_links": {
        "people": {
            "href": "http://localhost:8090/people"
        },
        "memberships": {
            "href": "http://localhost:8090/people/1/memberships"
        },
        "self": {
            "href": "http://localhost:8090/people/1"
        }
    }
}

02-api-key-in-request-url.txt

// some code using the api-key in the url:
https://example.com?api-key=some-secret-key

03-api-key-in-request-body.json

{
   "Api-key": "some-secret-key",
   "Data": {
       "key": "other data from your application here"
   }
}

04-api-key-in-request-header.txt

// some code using the api-key in the request header
X-api-key: some-api-key