0

Is it a bad idea to build an API without a key / other authentication requirements?

Upsides:

  • Simpler to implement
  • Simpler to use

Downsides:

  • Potential it might get overused
  • ... leading to having to add a key later and annoy users

I'm not building the next Facebook here, just a simple data service. I don't expect to have to support tons of users, and my data's static.

Given the above, is it bad practice to build an API without requiring a key, or will I get away with it?

Improve this question

1 Answer 1

Reset to default
1

With REST-APIs you use HTTP authentication, there are no keys required.

You only need to authenticate your users if there is content on your site that should not be seen by any user.

You can start without it and if at some point you feel you need to protect your site (or individual resources) from the public, you simply implement HTTP Authentication by sending a 401 status codes if no Authenticate header is present in the request. HTTP clients understand that out of the box, so nothing changes for your users.

Implementation-wise authentication is often just an independent layer or phase in the request handling, so you won't need to rip apart all you code.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks. So... why do some APIs require keys? (Like Google Maps v2 API did.) I assumed it was to prevent or track heavy usage?
I suppose it is to identify the user. And it is likely a left-over from the SOAP-days where you cannot leverage HTTP auth.
A bit late, @Richard, but Google's Map API used public API keys, totally in the open, and used in JavaScript for requests made by browsers. HTTP Auth uses secrets, and cannot be used to authenticate the website owner to some third-party service when using JavaScript.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.