Vote up to Idea Remove the API Key Requirement Vote down to Idea Remove the API Key Requirement

Rank52

Idea#136

This idea is active.
Feature Requests »

Remove the API Key Requirement

API keys are a barrier to entry, and are somewhat pointless for web apps where anyone can view source and grab a key

Comment

Submitted by calvin.metcalf 1 year ago

Vote Activity

  1. Approved
    1 year ago
  2. Approved
    1 year ago

Events

  1. The idea was posted
    1 year ago

Comments (5)

  1. These are mostly used for logging and reporting, they cannot be removed from our system.

    1 year ago
    1. calvin.metcalf Idea Submitter

      Even if internally it requires one that doesn't mean it needs to externally require one, if they actually wanted to implement this they could always add a default id if one was omitted.

      1 year ago
    2. If that were the case, then you wouldn't be logging real-world data. Also the API is capable of serving more then just webapps, such as Android and IOS apps, both of which you can't just view source to obtain the key.

      1 year ago
    3. calvin.metcalf Idea Submitter

      No you'd be logging real world data, just some of it would be missing a logging value.

      It's a pain on the web is all I'm saying, Referer header might be a better way to track.

      1 year ago
  2. Thanks for your feedback. You're correct that key registration can be a barrier to entry which is probably why it is a debated topic among API developers both within the government and the private sector. The question is one of cost and benefit. We came to the conclusion that it is a relatively small cost to the user but a huge benefit to us in the form of analytics. Ultimately, it helps us make a better product.

    With respect to the Referer [sic] header, it is almost always empty on queries from iOS and Android apps.

    1 year ago