Secret tokens used to authenticate and authorize access to cloud services and APIs. Like a password for software applications, API keys identify the calling application and control what actions it can perform. AWS uses Access Keys and Secret Keys, Azure provides Subscription Keys and Service Principal credentials, GCP uses API Keys and Service Account Keys, and OCI uses API Signing Keys.
A mobile app uses an API key to access a weather service. The key identifies the app, tracks usage for billing, and can be revoked if compromised without affecting other applications.
All four clouds support key-based credentials, but they’re used differently: AWS IAM access keys and OCI API signing keys authenticate programmatic access to the cloud account; GCP API keys typically identify a calling app to Google APIs (often paired with restrictions); Azure subscription keys are commonly used to authenticate callers to APIs published through Azure API Management.