Basic Authentication – Automated Hacks

API Keys Before They Were Called API Keys: Developer Access Control in Early Web APIs (1990–1994) — Chapter 20

From password-protected directories to CGI scripts that behaved like proto-APIs, the early Web (1990–1994) experimented with access control long before the industry standardized API keys and developer portals.

Chapter 19 (1990–1994): Before OAuth—How Early Web Servers Handled “API Authorization” Without APIs

In the early 1990s, the Web had HTTP requests and shared documents—but not “web APIs” or delegated authorization. This chapter traces the authorization reality of 1990–1994 and explains how those constraints foreshadowed OAuth 2.0.

Chapter 18 (1990–1994): The Web Is Born, HTTP Gets Practical, and the Earliest Clues of Delegated Authorization

Before OAuth 1.0 existed, the early Web (1990–1994) made key decisions—stateless HTTP, Basic Auth, CGI, and cookies—that eventually demanded delegated authorization for APIs.