Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

More Considerations When Providing An Anonymous App For Your API Service

DZone's Guide to

More Considerations When Providing An Anonymous App For Your API Service

When providing anonymous access to your API, you have to be careful that you don't get overwhelmed in its usage, especially by nefarious or automated services.

· Integration Zone ·
Free Resource

SnapLogic is the leading self-service enterprise-grade integration platform. Download the 2018 GartnerMagic Quadrant for Enterprise iPaaS or play around on the platform, risk free, for 30 days.

I wrote a post the other day about Postman.io having a limited, anonymous version of their API modeling tool. I stumbled across it while I was trying to upgrade my Stoplight.io account. Shortly after I tweeted out the blog post, John Sheehan (@johnsheehan) from Runscope chimed in with some wisdom on the subject.

@kinlane we had a ‘one-click trial’ 24-hour account once, no email required. i regret the hours i wasted building it.

— John Sheehan (@johnsheehan) August 19, 2016

@kinlane was basically just used for abusive cases. only one ever converted to a real user

— John Sheehan (@johnsheehan) August 19, 2016

@kinlane hurl.it and requestb.in have the same problem. have to hamper them (captcha, cloudflare) to keep up

— John Sheehan (@johnsheehan) August 19, 2016

@kinlane if it gets any popularity, you’re screwed

— John Sheehan (@johnsheehan) August 19, 2016

@kinlane so i love this idea but i will probably never have a no-signup-required service again

— John Sheehan (@johnsheehan) August 19, 2016

@kinlane pretty sure the example from your post could be used as an open proxy (like hurl.it was before recaptcha)

— John Sheehan (@johnsheehan) August 19, 2016

Definitely, something to consider. In the current online environment, it might become quite a pain in the ass to maintain an anonymous app, as John points out. This is one reason I work to publish my API tooling as standalone JavaScript applications, which run 100% on Github. First off they run on Github infrastructure, and use Github's bandwidth. Second, this type of app is forkable, and people can choose to run them wherever they desire — on GitHub, or any other site they wish.

I'll keep an eye out for other anonymous apps built on top of API service providers, or individual APIs — maybe there are other successful models out there, or maybe there is also some other cautionary tales we should hear.

With SnapLogic’s integration platform you can save millions of dollars, increase integrator productivity by 5X, and reduce integration time to value by 90%. Sign up for our risk-free 30-day trial!

Topics:
api ,rest ,rest api

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}