API Key
An API key is a unique identifier that authenticates requests to an API. It identifies who's making the request and what permissions they have.
Understanding the Concept
API keys serve two purposes: authentication (who are you?) and authorization (what can you do?). When you include your API key in requests, the server knows which account to attribute usage to and which features to allow.
Keep your API keys secret. Anyone with your key can make requests as you, use your quota, and potentially access your data. Never commit keys to public repos or share them in client-side code.
Best practice: use environment variables, rotate keys periodically, and use different keys for development vs production.
Real-World Example
You sign up for PRISM API and receive key "prism_sk_abc123". Every request includes this in the header: "Authorization: Bearer prism_sk_abc123". The server validates the key and tracks your usage against your account.
How PRISM Handles This
PRISM provides API keys through your dashboard. Create multiple keys with different permissions—read-only for analytics, full access for trading bots. Revoke compromised keys instantly. We support both header-based and query parameter authentication.
View API Docs