ShieldKey provides information about api security glossary. Comprehensive glossary of API security terms including API keys, encryption, access control, compliance, and more. Written for developers by the team behind ShieldKey.

AES-256-GCM encrypted Zero-knowledge architecture We never see your keys Read security model

API Security Glossary

48 terms covering credentials, encryption, access control, compliance, and more.

Architecture

12-Factor App

12-Factor App is a methodology for building SaaS applications that recommends storing configuration (including secrets) ...

 Access Control

Access Revocation

Access Revocation is the immediate removal of a user's ability to access a system, API, or credential....

 Cryptography

AES-256-GCM

AES-256-GCM is an authenticated encryption algorithm that provides both confidentiality and integrity using a 256-bit ke...

 Monitoring

Anomaly Detection

Anomaly Detection is the automated identification of patterns in API usage that deviate significantly from established b...

 Breaches

API Abuse

API Abuse is the unauthorized or excessive use of an API, including data scraping, resource exhaustion, privilege escala...

 Architecture

API Gateway

API Gateway is a server that acts as a single entry point for API requests, handling authentication, rate limiting, rout...

 Credentials

API Key

API Key is a unique identifier passed in API requests to authenticate the calling application and track usage....

 Breaches

API Key Leak

API Key Leak is an incident where an API key is unintentionally exposed to unauthorized parties, typically through sourc...

 Credentials

API Key Rotation

API Key Rotation is the practice of periodically replacing active API keys with new ones and decommissioning the old cre...

 Cryptography

Argon2id

Argon2id is a memory-hard password hashing algorithm that won the Password Hashing Competition in 2015, combining resist...

 Monitoring

Audit Log

Audit Log is a chronological record of security-relevant events that tracks who did what, when, and from where within a ...

 Protocols

Bearer Token

Bearer Token is an access credential sent in the Authorization HTTP header that grants the holder ("bearer") access to a...

 Breaches

Blast Radius

Blast Radius is the scope of damage that results from a security incident, measured by the number of systems, data, and ...

 Breaches

CI/CD Secret Exposure

CI/CD Secret Exposure is the unintentional leaking of credentials through continuous integration and deployment pipeline...

 Access Control

Contractor Offboarding

Contractor Offboarding is the process of revoking a contractor's access to all systems, credentials, and data when their...

 Breaches

Credential Stuffing

Credential Stuffing is an automated attack that uses stolen username/password pairs from previous data breaches to gain ...

 Cryptography

CSPRNG

CSPRNG (Cryptographically Secure Pseudo-Random Number Generator) is a random number generator that produces output suita...

 Access Control

Dead Man's Switch

Dead Man's Switch is a security mechanism that automatically triggers a protective action (like key revocation) when a c...

 Architecture

Defense in Depth

Defense in Depth is a security strategy that layers multiple protective controls so that if one layer fails, subsequent ...

 Architecture

dotenv

dotenv is a convention and library for loading environment variables from a .env file into a process, popularized by the...

 Cryptography

Encryption at Rest

Encryption at Rest is the practice of encrypting stored data so it remains unreadable without the decryption key, even i...

 Architecture

Environment Variable

Environment Variable is a dynamic-named value stored outside the application code that configures behavior at runtime, c...

 Architecture

Ephemeral Decryption

Ephemeral Decryption is the practice of decrypting sensitive data only in volatile memory for the brief duration needed ...

 Monitoring

GitHub Secret Scanning

GitHub Secret Scanning is GitHub's built-in feature that detects known credential patterns in repository content and ale...

 Breaches

Hardcoded Credentials

Hardcoded Credentials is the anti-pattern of embedding API keys, passwords, or other secrets directly in application sou...

 Cryptography

HSM

HSM (Hardware Security Module) is a dedicated physical device that generates, stores, and manages cryptographic keys in ...

 Monitoring

Incident Response

Incident Response is the organized approach to addressing and managing the aftermath of a security breach or cyberattack...

 Access Control

IP Allowlisting

IP Allowlisting is a security control that restricts API access to requests originating from pre-approved IP addresses o...

 Protocols

JWT

JWT (JSON Web Token) is a compact, URL-safe token format that encodes claims as a JSON payload, signed to ensure integri...

 Cryptography

Key Derivation

Key Derivation is the process of generating one or more cryptographic keys from a source of key material (such as a pass...

 Architecture

Key Vault

Key Vault is a centralized secrets management service that stores, manages, and controls access to encryption keys, API ...

 Access Control

Least Privilege

Least Privilege is the security principle that users, programs, and systems should only have the minimum access rights n...

 Monitoring

MTTD

MTTD (Mean Time to Detect) is the average time it takes to discover that a security incident has occurred....

 Monitoring

MTTR

MTTR (Mean Time to Respond/Remediate) is the average time it takes to contain and resolve a security incident after it h...

 Protocols

OAuth Token

OAuth Token is an access credential issued through the OAuth 2.0 authorization framework that grants delegated access to...

 Compliance

PCI DSS Key Management

PCI DSS Key Management is the set of requirements defined by the Payment Card Industry Data Security Standard for the ge...

 Architecture

Proxy Architecture

Proxy Architecture is a design pattern where an intermediary server (proxy) sits between clients and upstream services, ...

 Access Control

Rate Limiting

Rate Limiting is a technique that controls the number of API requests a client can make within a specified time window....

 Access Control

RBAC

RBAC (Role-Based Access Control) is an authorization model where permissions are assigned to roles, and users are assign...

 Protocols

SAML

SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication and authorization data ...

 Monitoring

Secret Scanning

Secret Scanning is the automated detection of credentials, API keys, and other secrets in source code, repositories, log...

 Breaches

Secret Sprawl

Secret Sprawl is the uncontrolled proliferation of secrets (API keys, tokens, passwords) across an organization's codeba...

 Credentials

Shield Token

Shield Token is a revocable proxy credential issued by ShieldKey that grants scoped access to an encrypted API key witho...

 Compliance

SOC 2

SOC 2 is a compliance framework developed by the AICPA that evaluates an organization's controls for security, availabil...

 Protocols

SSO

SSO (Single Sign-On) is an authentication scheme that allows users to log in once and gain access to multiple related ap...

 Breaches

Supply Chain Attack

Supply Chain Attack is an attack vector that targets the less-secure elements in a software supply chain — dependencies,...

 Access Control

Token Expiration

Token Expiration is a security mechanism that automatically invalidates a credential after a predetermined time period, ...

 Architecture

Zero Trust

Zero Trust is a security framework that requires strict identity verification for every person and device attempting to ...