Managing API Keys
Learn how to manage API keys in android.
API key
An API key is a long and unwieldy string that allows API servers to identify an application as an authentication token and grant it access to data. It’s usually generated by backend systems that unlock some security features.
API authentication tokens
API keys are mostly used to authorize and identify applications or projects rather than users. This allows the servers to distinguish between different client applications that are making request calls to the backend. They’re also used for verification and authorization to figure out whether an application has been granted access to the API or not. If not, the system’s authorization fails, and access is blocked.
Securing API keys in Android
API keys shouldn’t be made publicly available to everyone because this could compromise usage.This can result in unexpected charges to one’s account if the API isn’t free or depletes the maximum number of requests due to different applications using the same API key to make requests. As the developer, we’ll have no choice but to revoke the key and generate another one.
In our project, we’ll hide the API key in the gradle.properties
file. But before that, we’ll apply for an API key from the NewsAPI website.
Getting an API key
Register for an API key at the NewsAPI website by clicking the “GET API Key” button, and the API key will be generated.
Reading the API documentation
The more we understand the API we’re dealing with, the easier it will be to integrate it into our application without running into a 404 error status while testing requests and responses. To look at the documentation, click the “Documentation” tab at the top center of the website.
Get hands-on with 1400+ tech skills courses.