I have came across lots of articles and many suggesting to use OAuth over API Key. From my understanding, in OAuth, we are finally getting access token and it is valid for many days. One example is, QuickBooks online OAuth token is valid for 6 months.
So, access token is equivalent to API Key. Whoever gets it, should have it secure similar like API Keys. And OAuth calls should be made via HTTPS similar to API Key based calls.
Another advantage over OAuth is Authorization. But we can do the same with API Key model. For example, we can define rules in our database like these API keys can access these APIs.
Now, What is the real advantage of OAuth? If we implement OAuth, we have to ask all our clients to install OAuth supporting libraries in their server. And it is a complex task for them and also for us. Whereas in API Key model it is a simple web call with no other additional libraries and complexities.
My intention is just to understand OAuth better and not compare & argue with API Key model.
Note:
I'm not talking about Google & LinkedIn kind of model where users have to see and give permissions. I'm just talking about APIs that we provide to our own customers.
Thanks for your help in advance.
