Plain definition: An API key is a unique code — usually a long string of letters and numbers — that you include with requests to an API to prove you are an authorized user. It works like a password for software-to-software communication.

In plain terms

Think of an API key as a keycard for a building. Every time your software wants to enter and use the service, it shows the keycard. The service checks it, confirms it’s valid and hasn’t been revoked, and lets the request through. If someone steals the keycard, they can get in too — which is why treating API keys like passwords is important.

Why it matters for operators

When you connect AI tools, automation platforms, or any third-party service to your systems, you’ll typically need to generate an API key and paste it into your settings. A few important practices: never share an API key publicly or put it in a document others can see; generate separate keys for different tools so you can revoke access to one without disrupting others; and delete keys for services you no longer use.

Example

A business owner connects their Make automation to OpenAI by generating an API key in their OpenAI account and pasting it into Make’s settings. Every time the automation runs and sends a request to OpenAI, the key identifies the account to bill and confirms the request is legitimate.