| Google "is a cookie an API key" and the first result is this: https://news.ycombinator.com/item?id=39094541 Which says: > A login cookie isn't an API key. If the first result is authoritative then I guess that sorts it. But your link was from this site: https://www.fortinet.com/resources/cyberglossary/api-key Which is confusing because it also says: > API keys cannot be used for secure authorization because they are not as secure as authentication tokens. Instead, they identify an application or project that calls an API. > API keys are generated by the project making a call but cannot be used to identify who created the project. > API keys are used to identity projects, not the individual users that access a project. Which certainly implies that API keys identify applications or projects. But it's not that confusing because when the first definition says "user" what it means in context is the application developer. Using the same definition out of context would lead you to believe that, for example, your browser's user agent string is an API key. It's a code (i.e. symbols) that identifies an application or user (browser fingerprinting) and is used for authentication in computer applications (some sites may require you to authenticate again if your browser fingerprint changes too much). So clearly that definition is too broad without context. If you allow a loose enough definition of "code" it would make your screen resolution an API key because it can be used for fingerprinting in the same way. |
> A login cookie isn't an API key.
You.... googled your own comment, and cited it as evidence that my google result was wrong?
I guess I'm done here.