[openstreetmap/openstreetmap-website] Deprecate/Remove /api/0.6/changes endpoint (#2486)

Matt Amos notifications at github.com
Mon Dec 30 18:19:31 UTC 2019

> TODO: Check production log to identify any remaining users of this endpoint

I looked back over the past 19 days of logs, and saw what looks like one actual user, plus a bunch of other random requests.

## Random requests

* 7 web spiders (following a link [from the wiki](https://wiki.openstreetmap.org/wiki/Feeds#Editing_activity_in_the_map_data) - "List of slippy map tiles which have changed recently..."),
* 2 browser visits following the same link,
* 3 visits with a browser-like UA but no referer,

Only one of the above requests was made with any query parameters, suggesting to me that they're one-off experiments or links followed without knowing that they lead to an API rather than a web page.

## Single user

There was an hourly request from a single IP for the changes over the past hour. Sadly, I could not find any useful information about that IP; it did not reverse into anything useful and the `whois` result just returned a popular VPS company.

The requests are made with no User-Agent or Referer headers (so if this was a tile request then the policy would prohibit this use). The requests are made over `HTTP/1.0`, suggesting that this is perhaps an old script, one using an old HTTP library, or one that makes HTTP requests manually.

## What to do?

With the information available, it seems it would be difficult to figure out how to contact this user. A couple of options that occur to me:

1. Break or temporarily disable the API call, and hope the user notices and gets in touch with us, so that we can provide alternative methods of getting the same information.
2. Provide a legacy API capable of handling only the time-windowed kind of requests that are being made (i.e: providing `start` and `end` query parameters, but leaving everything else defaulted) based off the minute diffs and run that separately from the main website, allowing us to remove this API from the Rails code (and the function from the database).

As Simon points out, the former option is generally considered bad practice. However, it's the smallest amount of work :wink:

On the other hand, writing a small, self-contained `api/0.6/changes` server might be a fun exercise - is anyone interested?

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20191230/0b64ee34/attachment-0001.html>

More information about the rails-dev mailing list