Published: 16 May 2023
I think the pattern is very well explained in the book.
Known Uses
The Section 3.5 in “API Designrules Extensions” details the authentication and authorization protocol in the Dutch governmental sector (in English).
Discussion Input
In the case of authentication/authorization errors, the details of the error report should be carefully considered and minimized not to unveil any provider-side implementation security and privacy details. So the pattern API Key requires special implementation of Error Report; in that case, an API Key impacts the contents and message representation design of Error Report. This is all very well explained in the book, and it is also well-stated that an API Key is a “lightweight alternative to a full-fledged authentication protocol.” Despite all the concerns and ‘weaknesses’ one can argue that API Keys are a way to identify your consumers and build client communities to announce new releases and improve the client developer experience.
Read the complete pattern on api-patterns.org