My question is about API keys. So as I understand it, they function as another means of authentication(instead of username and password). So I wonder if the database table of an API is just like the one used for logging in the users? The structure I can think of is something like this, please tell me if I’m wrong or incomplete:
Table: Users
Table Structure: [ **** id **** ip address **** api_key **** is_valid **** account_type **** created_at **** ]
So when a user sends a request, they must send their api_key as well, and then we check whether it exists and whether it’s valid(it’s not expired, it’s not exceeded the number of requests they were allowed to make and etc.).
Thank you in advance.
Essentially that.
Mind that restricting to an IP address only works for a small portion of users, as most (non-corporate) users use DHCP.
1 Like
Thank you. So what is used other than IP address?
Nothing. Just the API key.
1 Like
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.