I'm building a Web API that will require a developer or API key for access. Is it better to require the API key be in the querystring or in the request headers?
ASP.NET Web API 4
I'm building a Web API that will require a developer or API key for access. Is it better to require the API key be in the querystring or in the request headers?
ASP.NET Web API 4
In general I think a request header is optimal, but if you're planning to have your API called from a browser you should use a request parameter: it is often harder to do request headers from browser code than from server side code.
In my opinion is cleaner to use HTTP headers for this. It allows you to keep the url only for identifying the resource to access while you use headers for protocol and access control.