Over a million developers have joined DZone.

More Considerations When Providing An Anonymous App For Your API Service

When providing anonymous access to your API, you have to be careful that you don't get overwhelmed in its usage, especially by nefarious or automated services.

· Integration Zone

Learn how API management supports better integration in Achieving Enterprise Agility with Microservices and API Management, brought to you in partnership with 3scale

I wrote a post the other day about Postman.io having a limited, anonymous version of their API modeling tool. I stumbled across it while I was trying to upgrade my Stoplight.io account. Shortly after I tweeted out the blog post, John Sheehan (@johnsheehan) from Runscope chimed in with some wisdom on the subject.

@kinlane we had a ‘one-click trial’ 24-hour account once, no email required. i regret the hours i wasted building it.

— John Sheehan (@johnsheehan) August 19, 2016

@kinlane was basically just used for abusive cases. only one ever converted to a real user

— John Sheehan (@johnsheehan) August 19, 2016

@kinlane hurl.it and requestb.in have the same problem. have to hamper them (captcha, cloudflare) to keep up

— John Sheehan (@johnsheehan) August 19, 2016

@kinlane if it gets any popularity, you’re screwed

— John Sheehan (@johnsheehan) August 19, 2016

@kinlane so i love this idea but i will probably never have a no-signup-required service again

— John Sheehan (@johnsheehan) August 19, 2016

@kinlane pretty sure the example from your post could be used as an open proxy (like hurl.it was before recaptcha)

— John Sheehan (@johnsheehan) August 19, 2016

Definitely, something to consider. In the current online environment, it might become quite a pain in the ass to maintain an anonymous app, as John points out. This is one reason I work to publish my API tooling as standalone JavaScript applications, which run 100% on Github. First off they run on Github infrastructure, and use Github's bandwidth. Second, this type of app is forkable, and people can choose to run them wherever they desire — on GitHub, or any other site they wish.

I'll keep an eye out for other anonymous apps built on top of API service providers, or individual APIs — maybe there are other successful models out there, or maybe there is also some other cautionary tales we should hear.

Unleash the power of your APIs with future-proof API management - Create your account and start your free trial today, brought to you in partnership with 3scale.

api,rest,rest api

Published at DZone with permission of Kin Lane, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}