API Learnings

APIs

apiExplore
- API Providers
- API Resources

API Governance

API Solutions

design_servicesServices
- All Services
constructionTools
- All Tools

API Discovery

searchDiscovery
- Inbox
- Bing
- Google
- GitHub
fingerprintEvidence
- Inbox
- Bookmarks

API Building Blocks

API Evangelist LLC

OWASP API2 2023 No API Keys in URL

API Keys are passed in headers, cookies or query parameters to access APIs. Those keys can be eavesdropped, especially when they are passed in the URL as logging or history tools will keep track of them and potentially expose them.

Message: API Key MUST NOT be passed in URL (path or query parameters).

#OWASP #Security #API Keys #OpenAPI

← Back to all Rules