← Back to Topics

API Key Security Concerns

The cluster focuses on user concerns about the security risks of entering personal API keys into third-party websites or apps, including fears of key theft or logging, and discussions of alternatives like OAuth or bring-your-own-key (BYO) options.

➡️ Stable 0.7x Security
2,362
Comments
19
Years Active
5
Top Authors
#7447
Topic ID

Activity Over Time

2008
4
2009
21
2010
36
2011
54
2012
76
2013
128
2014
113
2015
86
2016
101
2017
122
2018
110
2019
82
2020
105
2021
128
2022
182
2023
381
2024
260
2025
339
2026
34

Top Contributors

tptacek (15) simonw (15) ezekg (14) e12e (6) detaro (6)

Keywords

BYO node.js scriptable.run HN REST GET chromium.org omnara.com GPT credentials.json api api key keys key auth authentication credentials service private rest api

Sample Comments

shortrounddev2 Dec 10, 2023 View on HN

This sounds like a cool idea but there's no way I'm putting my API key into this site

themoonisachees Apr 17, 2024 View on HN

Even if they auth every user, what's stopping me from making my own API key and feeding it to my favorite app?

pachico Nov 26, 2024 View on HN

Hmm, so this is expecting me to upload a personal API Key...

redeyedtreefrog Jul 29, 2025 View on HN

What security features are in place to ensure nothing is capturing or logging user API keys?

wdb Aug 31, 2023 View on HN

yeah, and you cant have something like api keys

minimaxir Nov 23, 2013 View on HN

Isn't including your own client and secret API keys not a good idea?

account-5 Dec 1, 2023 View on HN

Is it normal to have to paste a private API key into a random website to use it?

lostmsu Jun 19, 2014 View on HN

What are the alternatives? You have to ship secret keys with your app to be able to access public APIs

davefp May 28, 2013 View on HN

Does this service require me to give up my private key for a given API? Seems like a huge security risk to me.

fleur-de-lotus Apr 28, 2023 View on HN

Wait, they ask for your api key and they promise not to store it !