247 ideas posted
API keys are a barrier to entry, and are somewhat pointless for web apps where anyone can view source and grab a key
Submitted by calvin.metcalf 1 year ago
These are mostly used for logging and reporting, they cannot be removed from our system.
Even if internally it requires one that doesn't mean it needs to externally require one, if they actually wanted to implement this they could always add a default id if one was omitted.
If that were the case, then you wouldn't be logging real-world data. Also the API is capable of serving more then just webapps, such as Android and IOS apps, both of which you can't just view source to obtain the key.
No you'd be logging real world data, just some of it would be missing a logging value.
It's a pain on the web is all I'm saying, Referer header might be a better way to track.
Thanks for your feedback. You're correct that key registration can be a barrier to entry which is probably why it is a debated topic among API developers both within the government and the private sector. The question is one of cost and benefit. We came to the conclusion that it is a relatively small cost to the user but a huge benefit to us in the form of analytics. Ultimately, it helps us make a better product.
With respect to the Referer [sic] header, it is almost always empty on queries from iOS and Android apps.
Submitted by dgcatanzaro 1 year ago
Submitted by bharper 1 year ago
Submitted by Community Member 8 months ago
Submitted by raymond.yee 1 year ago
Copyright © 2014
| Privacy & Comment Policy