Authentication

API key is not restricted to APIs

Platform(s)
Compliance Frameworks

Brazilian General Data Protection (LGPD), CCM-CSA, CCPA, CPRA, Data Security Posture Management (DSPM) Best Practices, GCP CIS, GDPR, HITRUST, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, mpa, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, PDPA, UK Cyber Essentials

Description

API keys are used for authentication, they are simple encrypted strings that identify an application without any principal. API key '{GcpApiKey}' is not restricted only to required APIs. In order to reduce attack surfaces by providing least privileges, API-Keys can be restricted to use (call) only APIs required by an application