Security Boulevard

API Keys vs. JWTs: Choosing the Right Auth Method for Your API

A developer needs to connect a service to an API. The documentation says to generate an API key, store it in an environment variable and pass it in a header. Five minutes later, the integration works.
Infosecurity Magazine

Google API Keys Quietly Gain Access to Gemini on Android Devices

A flaw in Google's API key system has reportedly exposed mobile applications to unintended access to its Gemini AI platform.
SlashGear

What Is The ChatGPT API Key And Where Do You Find It?

As ChatGPT rises in both complexity — not to mention popularity — more apps, websites, and services are starting to make use of its features. Certain websites allow you to ping ChatGPT's servers with ...
Bleeping Computer

Apps with over 3 million installs leak 'Admin' search API keys

Researchers discovered 1,550 mobile apps leaking Algolia API keys, risking the exposure of sensitive internal services and stored user information. Of those apps, 32 expose admin secrets, including 57 ...
Bleeping Computer

Over 3,200 apps leak Twitter API keys, some allowing account hijacks

Cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users' Twitter accounts that are ...