I am a Developer Advocate for Security in Mobile Apps and APIs at approov.io.
Another passion is the Elixir programming language that was designed to be concurrent, distributed and fault tolerant.
Location
Scotland
Education
Self teached Developer
Work
Developer Advocate for Mobile and API Security at approov.io
Sessions can be reused by an attacker, but definitely it makes up for one more security layer to be bypassed, and I always recommend to use it when possible.
Other techniques exist to make them more difficult to abuse, but an API key on their own, can only be considered secure for authentication purposes when the communication is between 2 servers, and they are stored in both servers in a secure way.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Sessions can be reused by an attacker, but definitely it makes up for one more security layer to be bypassed, and I always recommend to use it when possible.
Other techniques exist to make them more difficult to abuse, but an API key on their own, can only be considered secure for authentication purposes when the communication is between 2 servers, and they are stored in both servers in a secure way.