Authentication Security Best Practices
api-keys-in-query
general > api-keys-in-query
Guidance
Your API accepts API keys that are transported in query parameters over the network. Because the credentials are sent over
the network on each API call, they are repeatedly exposed to unauthorized attempts to retrieve them. Additionally,
the API key could become visible in the logs that web servers and proxies produce on URLs.
Applies to SecurityScheme