Another authentication method, particularly for machine-to-machine communication, is an API key. An API key is a string that the application will expect with each request from a particular client. The API key can be sent as a header, a cookie, or a query parameter.
Another authentication method, particularly for machine-to-machine communication, is an API key. An API key is a string that the application will expect with each request from a particular client. The API key can be sent as a header, a cookie, or a query parameter.
<!-- TODO: currently we return 403 in the implementation! discuss with @tiangolo et al -->
If the API key is missing or invalid, the application returns an HTTP 401 "Unauthorized" error to the client.
If the API key is missing or invalid, the application returns an HTTP 401 "Unauthorized" error to the client.
/// warning
/// warning
@ -11,6 +12,10 @@ unique API key for each client trying to authenticate.
///
///
/// tip
Please refer to the [API Reference](../../reference/security/index.md#api-key-security-schemes){.internal-link target=_blank} for specifics on the underlying security schemes used.
José Pacheco
1 month ago