API security and api_key

Posted January 12, 2013 5.5k views
Hello, I'm wondering if the choice of placing the api_key in the api URL requests is a good one. Is that insecure since this is not passed within a POST body? Shouldn't this be a secret encrypted in the body using HTTPS?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
4 answers
Both the website and the API are served via HTTPS only and we are integrating API keys into the API to launch new servers, and will also integrate adding / removing SSH keys as well.

That should be ready by late January or February.
The URL path and parameters are all sent encrypted.
Here is a link to more information on HTTPS.