API security and api_key

January 12, 2013 2.8k views
Hello, I'm wondering if the choice of placing the api_key in the api URL requests is a good one. Is that insecure since this is not passed within a POST body? Shouldn't this be a secret encrypted in the body using HTTPS?
4 Answers
Both the website and the API are served via HTTPS only and we are integrating API keys into the API to launch new servers, and will also integrate adding / removing SSH keys as well.

That should be ready by late January or February.
The URL path and parameters are all sent encrypted.
Here is a link to more information on HTTPS.

Have another answer? Share your knowledge.