API Keys / Key Rotation
How to find, create, and reset Rapid API keys. How to use external API keys.
How to find your API key
To connect an API to a project or application, you must have an Rapid API key to authenticate your request. Creating an app within Rapid generates an API key (X-RapidAPI-Key) specific to that app. You can view analytics based on the API calls you make using this app key.
PRO-TIP: If you generate a code snippet within the browser, your app key will automatically appear in the generated code. You can also find the API key on the Authorization page of your app on the Developer Dashboard (Apps).
Here is an example of using an API key with the Unirest Node.js library.
unirest.post({{API-URL}})
.header("X-RapidAPI-Key", {{API-KEY}})
You must have an app on the RapidAPI Developer Dashboard to access an API key. By default, an application will be created when you sign up. If you delete the application you must re-create at least one application.
Different API keys for multiple applications or separate analytics
Do you have multiple projects you're working on at once? You can add a new app for each project, which will generate a new API key as well! This means that each app will be more secure as it uses a different API key and you'll also be able to see separate analytics for each app.
App-specific API keys vs. account-wide subscriptions
If you opt to have multiple projects under a single Rapid account, keep in mind that pricing is based on account-wide usage. This means that if you're using the same API on two different projects, your billing/overage fees will be calculated using the usage of both apps.
Creating or rotating a Rapid API key
Rapid supports creating and rotating Rapid API keys for security purposes. You can use API key rotation to reset a compromised or inadvertently exposed API key without losing the application's analytics. You can create a new API key and delete the compromised one in a few steps from the Developer Dashboard:
-
Select the app where you would like to create a key or replace a compromised key.
-
Navigate to the Authorization page.
-
Click Add authorization. Add a name for your authorization.
-
To test the new API key, go to the API's Endpoints tab on the RapidAPI Hub listing and select the new API key from the X-RapidAPI-Key dropdown. Click the Test Endpoint button to ensure the new API key is working properly.
-
Update your project with the new API key.
-
(If necessary) Return to the application's Authorization page and delete the compromised API key.
External API keys & access tokens
Some APIs may require an API key or access token directly from their website to authenticate an account with the provider when making a request. Below is an example of Slack's createChannel endpoint, which requires an authentication token that is related to your Slack workspace.
Every API is different, but in most cases, you must visit the API provider's website to retrieve this token or key. There are instructions within the API's About page detailing how to get this token or key.
Passing an API key via a query parameter
Rapid supports passing the API key via a query parameter. You can do this by including the following syntax in the link:
https://example.p.rapidapi.com/?rapidapi-key=***************************
Please keep in mind that your Rapid key is used across your entire account. Be careful about exposing your key if the link is publicly accessible.
Updated over 1 year ago