API keys don't equal security. Here are 10 reasons why.

Bill Doerrfeld | May 22, 2026

My latest on Nordic APIs looks at the core insecurities with API keys.

Minting and sharing API keys is a really easy way to share access to a system. However, it's not a very secure method if used alone.


API keys are long-lived, leaked constantly, easily reused by hackers, rarely cycled, and usually provide over-permissioned access.


We keep seeing API keys involved in major breaches. And I think a core reason is that API keys are often conflated with authentication and authorization — which they really aren't.


I walk through a lot of this on the Nordic APIs blog, looking at 10 major issues with API keys, and what API keys should be complemented with for actual API security.

Read: 10 Security Issues With API Keys

Other Blog Posts

By Bill Doerrfeld June 25, 2026
Agentic coding tools have become the default. "When we've taken that away accidentally from people, they scream."
By Bill Doerrfeld June 17, 2026
My latest for LeadDev considers how engineering leaders should respond in the wake of uncertainty in the AI model market.
By Bill Doerrfeld June 10, 2026
I'm working with Zuplo on some new content around their MCP Gateway release. First up: a deep comparison of MCP gateways on the market!
By Bill Doerrfeld June 10, 2026
The constant barrage of AI layoffs is overshadowing the economic reasons behind these cuts, as well as the net-positive talent redistribution happening at large.
By Bill Doerrfeld June 8, 2026
My latest for InfoWorld reviews MCP servers and agent-ready tools for connecting AI agents with popular database styles.
By Bill Doerrfeld May 29, 2026
For my latest DirectorPlus edition, Joel Carusone from NinjaOne shares how engineering leaders can build the muscle for making tough calls.
Close-up of a glowing laptop keyboard in blue light, viewed at an angle with the screen above
By Bill Doerrfeld May 25, 2026
My latest InfoWorld feature explores how Model Context Protocol (MCP) supports context engineering for AI-assisted coding.
By Bill Doerrfeld May 18, 2026
The yearly API conference, apidays New York, is a hotbed for solid discussion on what's top of mind in the API space, and as MC I had a front row seat.
By Bill Doerrfeld May 13, 2026
My latest for CIO Online features real results form CIOs actively deploying AI agents to empower sales and revenue teams.
By Bill Doerrfeld May 12, 2026
Reports say consumers are souring on AI everywhere, all the time. So, at the risk of losing trust, or even potential business, is adding AI to an existing product really worth it?