My colleague Hugh Carroll has a good piece in Business Review Canada today about protecting API keys. Be sure to check it out. API keys are just as important to protect as other keys (e.g. SSL keys) but have not got nearly the same amount of awareness from security folks. How long before there is a major publicized API key breach?