More Considerations When Providing An Anonymous App For Your API Service

I wrote a post the other day about Postman.io having a limited, anonymous version of their API modeling tool. I stumbled across it while I was trying to upgrade my Stoplight.io account. Shortly after I tweeted out the blog post, John Sheehan (@johnsheehan) from Runscope chimed in with some wisdom on the subject.

@kinlane we had a ‘one-click trial’ 24-hour account once, no email required. i regret the hours i wasted building it.

— John Sheehan (@johnsheehan) August 19, 2016

@kinlane was basically just used for abusive cases. only one ever converted to a real user

— John Sheehan (@johnsheehan) August 19, 2016

@kinlane hurl.it and requestb.in have the same problem. have to hamper them (captcha, cloudflare) to keep up

— John Sheehan (@johnsheehan) August 19, 2016

@kinlane if it gets any popularity, you’re screwed

— John Sheehan (@johnsheehan) August 19, 2016

@kinlane so i love this idea but i will probably never have a no-signup-required service again

— John Sheehan (@johnsheehan) August 19, 2016

@kinlane pretty sure the example from your post could be used as an open proxy (like hurl.it was before recaptcha)

— John Sheehan (@johnsheehan) August 19, 2016

Definitely, something to consider. In the current online environment, it might become quite a pain in the ass to maintain an anonymous app, as John points out. This is one reason I work to publish my API tooling as standalone JavaScript applications, which run 100% on Github. First off they run on Github infrastructure, and use Github's bandwidth. Second, this type of app is forkable, and people can choose to run them wherever they desire — on GitHub, or any other site they wish.

I'll keep an eye out for other anonymous apps built on top of API service providers, or individual APIs — maybe there are other successful models out there, or maybe there is also some other cautionary tales we should hear.