API keys don't equal security. Here are 10 reasons why.
Bill Doerrfeld | May 22, 2026
My
latest on Nordic APIs looks at the core insecurities with API keys.
Minting and sharing API keys is a really easy way to share access to a system. However, it's not a very secure method if used alone.
API keys are long-lived, leaked constantly, easily reused by hackers, rarely cycled, and usually provide over-permissioned access.
We keep seeing API keys involved in major breaches. And I think a core reason is that API keys are often conflated with authentication and authorization — which they really aren't.
I walk through a lot of this on the Nordic APIs blog, looking at
10 major issues with API keys, and what API keys should be complemented with for actual API security.
Other Blog Posts
The yearly API conference, apidays New York, is a hotbed for solid discussion on what's top of mind in the API space, and as MC I had a front row seat.
My latest for CIO Online features real results form CIOs actively deploying AI agents to empower sales and revenue teams.
Reports say consumers are souring on AI everywhere, all the time. So, at the risk of losing trust, or even potential business, is adding AI to an existing product really worth it?
Cloudflare rebuilt Next.js over a weekend using agentic coding.
My InfoWorld feature reviews the key building blocks in agentic systems and with real-world examples from Shopify, Block, and others.
My latest InfoWorld feature explores what makes an enterprise MCP registry effective, from semantic discovery to governance and security for AI agents.
My first-ever contribution to CSO Online looks at the shifting landscape, from perimeter-based security to API security, and how CISOs are responding.
My latest feature for The New Stack looks into solutions being proposed to fix open source Slopmageddon.
My latest DirectorPlus looks at how agentic AI is reshaping platform engineering at Squarespace: less shared code and more developer experience focus.
Usage-based pricing is reshaping the API economy. Discover 5 API monetization success stories, including OpenAI, Plaid, and AssemblyAI.
