Another authentication method, particularly for machine-to-machine communication, is an API key. An API key is a string that the application will expect with each request from a particular client. The API key can be sent as a header, a cookie, or a query parameter.
<!-- TODO: currently we return 403 in the implementation! discuss with @tiangolo et al -->
If the API key is missing or invalid, the application returns an HTTP 401 "Unauthorized" error to the client.
/// warning
@ -11,6 +12,10 @@ unique API key for each client trying to authenticate.
///
/// tip
Please refer to the [API Reference](../../reference/security/index.md#api-key-security-schemes){.internal-link target=_blank} for specifics on the underlying security schemes used.
José Pacheco
1 month ago