What is API Key?
A unique string used to identify and authenticate a client making API requests.
Definition
An API key is a unique identifier — typically a long random string — that a client includes in requests to authenticate with an API. API keys are simpler than OAuth tokens: they do not expire automatically and are not tied to specific user sessions. They are commonly sent as request headers (X-API-Key), query parameters, or in the Authorization header. CronJobPro supports including API keys in job request headers.
Simple Analogy
Like a library card — a unique identifier that grants you access to the library's resources. Anyone with the card can use it, which is why you keep it safe.
Why It Matters
API keys are the simplest way to secure cron job endpoints. Add a required X-API-Key header to your endpoint, configure CronJobPro to include it, and unauthorized requests are blocked. While simpler than OAuth or HMAC, API keys provide effective security for most cron job use cases.
How to Verify
Verify your endpoint rejects requests without a valid API key. Test with curl: `curl -H "X-API-Key: invalid" https://your-endpoint.com` should return 401. `curl -H "X-API-Key: valid-key" https://your-endpoint.com` should return 200. Check CronJobPro's job configuration to confirm the API key header is included.
Common Mistakes
Sending API keys as URL query parameters (they appear in server logs and browser history). Sharing one API key across all services (compromise of one compromises all). Not rotating keys when team members leave. Committing API keys to version control.
Best Practices
Send API keys in headers, not query parameters. Generate unique keys per integration. Rotate keys at least quarterly and immediately after team changes. Store keys in secret management tools, not source code. Monitor for unauthorized API key usage.
Security Documentation
Read security docs
Try it free →Frequently Asked Questions
What is API Key?
An API key is a unique identifier — typically a long random string — that a client includes in requests to authenticate with an API. API keys are simpler than OAuth tokens: they do not expire automatically and are not tied to specific user sessions. They are commonly sent as request headers (X-API-Key), query parameters, or in the Authorization header. CronJobPro supports including API keys in job request headers.
Why does API Key matter for cron jobs?
API keys are the simplest way to secure cron job endpoints. Add a required X-API-Key header to your endpoint, configure CronJobPro to include it, and unauthorized requests are blocked. While simpler than OAuth or HMAC, API keys provide effective security for most cron job use cases.
What are best practices for API Key?
Send API keys in headers, not query parameters. Generate unique keys per integration. Rotate keys at least quarterly and immediately after team changes. Store keys in secret management tools, not source code. Monitor for unauthorized API key usage.
Related Terms
Authentication
Verifying the identity of a user or system making a request to your endpoint.
Bearer Token
An access token sent in the Authorization header to authenticate HTTP requests.
Secret
Any sensitive credential — passwords, API keys, tokens — that must be protected from exposure.
Request Header
Key-value metadata sent with an HTTP request to provide context like authentication and content type.