What are the API keys used for?

Internet API - what is it actually?


After the Cambridge Analytica scandal, many Facebook users are concerned about their private data. Facebook reacts with a limitation of the API, so that user data is better protected against the access of external apps. But what exactly is an API?

What is an API

The acronym API stands for "Application programming interface". An API is an interface that is made available to programmers to interact with a service (such as Facebook). There can be several reasons why an API is developed. Facebook, for example, has many different reasons Apps (Games, chats, eCommerce, ...) that rely on the API. For example, if an app wants to publish something on your wall or to know who your friends are, it needs yours on the one hand authorization, and on the other Access to the Facebook API. As a rule, these accesses are also in your interest, because the apps depend on the API in order to function.

How does an API work?

When a new app is created, you often have to register it with the operator of the API. For example, every Facebook app has to have its own API key, so one Authentication key, request. This API key is sent to the API server with every request. The purpose of this authentication is to ensure that only registered apps have access to the API. If an app sends a request to the API server, for example to publish a post, the API server first checks the API key and then whether the app has received the appropriate authorization from you. If this is the case, the app is allowed to act on your behalf, otherwise the Access denied.

What are the dangers of an API?

Despite the many useful features that an API brings with it, there are times when it becomes a threat to users. Often users are not fully aware what exactly they allow an app and what not. Most of the time, you quickly click through the terms and conditions and the authorizations in order to use the new functions as quickly as possible. If you accidentally catch a black sheep among the apps, you grant third parties control over all of your Facebook activities and data. How exactly the malicious app works is of course up to the developer - the trend seems to be to collect data. This has already gone so far that Facebook offers rewards for reports of data abuse.

How can I protect myself?

Of course, personal protection depends heavily on the service used. With Facebook, it is definitely advisable to exercise caution when choosing an app. Only use apps that you trust. Another option is to protect data by deactivating the app integration. In general, it is advisable to be sparing with any data transfer and to take a look at the countless Facebook settings that are supposed to protect your privacy. Here we give you further tips on how to protect your Facebook account: How to secure your data.