API Key
An API key is a secret token that identifies and authorizes a client when calling an API, controlling access and often rate limits and permissions.
API keys are a simple way to authenticate programmatic access. A client includes the key with each request, and the server validates it before serving data.
Keys are often scoped — a public 'anon' key for client-side access constrained by row-level security, and a secret service key for trusted server-side use that bypasses those restrictions.
Keys should be kept out of source control, rotated periodically, and paired with database-level access control so a leaked key has limited blast radius.
Related terms
See it in practice
Kolaybase gives you PostgreSQL, auth, storage, and a REST API in minutes.