More Considerations When Providing An Anonymous App For Your API Service
When providing anonymous access to your API, you have to be careful that you don't get overwhelmed in its usage, especially by nefarious or automated services.
Join the DZone community and get the full member experience.Join For Free
I wrote a post the other day about Postman.io having a limited, anonymous version of their API modeling tool. I stumbled across it while I was trying to upgrade my Stoplight.io account. Shortly after I tweeted out the blog post, John Sheehan (@johnsheehan) from Runscope chimed in with some wisdom on the subject.
@kinlane we had a ‘one-click trial’ 24-hour account once, no email required. i regret the hours i wasted building it.— John Sheehan (@johnsheehan) August 19, 2016
@kinlane was basically just used for abusive cases. only one ever converted to a real user— John Sheehan (@johnsheehan) August 19, 2016
@kinlane hurl.it and requestb.in have the same problem. have to hamper them (captcha, cloudflare) to keep up— John Sheehan (@johnsheehan) August 19, 2016
@kinlane if it gets any popularity, you’re screwed— John Sheehan (@johnsheehan) August 19, 2016
@kinlane so i love this idea but i will probably never have a no-signup-required service again— John Sheehan (@johnsheehan) August 19, 2016
@kinlane pretty sure the example from your post could be used as an open proxy (like hurl.it was before recaptcha)— John Sheehan (@johnsheehan) August 19, 2016
I'll keep an eye out for other anonymous apps built on top of API service providers, or individual APIs — maybe there are other successful models out there, or maybe there is also some other cautionary tales we should hear.
Published at DZone with permission of Kin Lane, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.