Getting your dGC API keys¶
Following on from Getting Started, in which we signed up for the platform and created an application, now let's get an API key and start making queries to the API.
We will need an API key in order to authenticate that calls made to the API are valid. The API key is what allows us to validate that calls are genuine, and that you have enough quota (number of allowed calls per unit time, eg 250 calls per month) and you are not exceeding the rate limit (again, number of calls per unit time but over a shorter period, eg a maximum of X calls per hour).
API keys are secrets!
API keys identify you to the API, so they should be considered to be 'secrets' - this means that if someone else can access and use your API keys then they are effective 'you' as far as our servers are concerned. Hence you need to take care not to disclose the API keys, especially later on when you use the keys in a real application.
The commonest cause of accidental API key exposure is inadvertently committing a hard-coded API key to version control such as Git and then pushing it to a public site such as GitHub.
Many stategies are available to help you avoid this, one of the most common being to put 'secrets' in Environment Variables and use a
dotenv but it is available in many other languages too)
Obtaining API keys in the developer platform¶
Click on the 'Account' menu item to see your develop account.
You can see the details of each of the Applications you have created.
Click on the 'Show/Hide' link to reveal the actual API key code.
Copy this API key to the clipboard (Select it all with the mouse and then press Ctrl+C )