Security Boulevard

API Keys vs. JWTs: Choosing the Right Auth Method for Your API

A developer needs to connect a service to an API. The documentation says to generate an API key, store it in an environment variable and pass it in a header. Five minutes later, the integration works.
Dark Reading

Lockr: Hosted API & Encryption Key Management for Secure Website Content

TACOMA, WA--(Marketwired - Jan 26, 2016) - Lockr, the first key management service for modern content management systems, is now available for Drupal and WordPress, allowing developers, agencies and ...
InfoWorld

How to improve API security in ASP.NET Core

Take advantage of authentication and authorization, API keys, rate limiting, CORS, API versioning, and other recommended practices to build secure and robust APIs in ASP.NET Core. Because our APIs ...
heise online

Google's unprotected API keys a security and cost risk due to Gemini AI

Google is working to fix a problem with its API keys after security researchers pointed out possible misuse. This is because the keys for accessing Google's cloud services, such as Maps or Firebase, ...
Bleeping Computer

GitHub can now auto-block commits containing API keys, auth tokens

GitHub has announced on Monday that it expanded its code hosting platform's secrets scanning capabilities for GitHub Advanced Security customers to block secret leaks automatically. Secret scanning is ...

Security study finds thousands of API credentials exposed on the web for years

Researchers scan 10 million websites and uncover thousands of exposed API keys quietly granting access to cloud systems and critical infrastructure ...
TechCrunch

Sumo Logic urges customers to reset API keys following security breach

Sumo Logic, a U.S.-based cloud data analytics and log analysis company, is urging users to reset API keys after discovering a security breach. In a security notice published this week, Sumo Logic ...