Which one of the following is not a best practice for API security?

Question

Which one of the following is not a best practice for API security?
Group of answer choices

Never store API keys in unencrypted form.

Ensure that API keys are removed from code placed in public repositories.

Use the same API keys for different users, applications, and services.

Limit exposure of API keys to the smallest set of individuals possible.

GPT-4o mini · Answer

The option that is **not** a best practice for API security is: **Use the same API keys for different users, applications, and services.** This practice is insecure because it increases the risk of unauthorized access and makes it difficult to manage permissions and track usage effectively. Each user, application, or service should ideally have its own API key to enhance security and control access.