[Taginfo-dev] Identifying API users
Jochen Topf
jochen at remote.org
Wed Jan 23 14:06:46 GMT 2013
Hi!
Now that some more people start to use the taginfo API we should probably think
about how we can identify the software used in case there are any problems. I
don't see any problems at the moment, but sooner or later a script may run wild
and overload or break the server. And then I want to be able to find out easily
who is responsible so I can approach them to fix it.
The usual way is to give out API keys to people and allow API use only with
those keys. But I don't want to do that. It is just a hurdle I'd rather not
put in there.
I thought about just encouraging people to use good User-Agent headers, as they
will be logged anyway. But it turns out you can't change the User-Agent from
Javascript inside the browser. So that works for non-browser API users, but
not for iD for instance.
Maybe we should ask for some other header to be set? Or maybe this is overkill
and we can rely on User-Agent and Referer-Headers alone?
Ideas? Opinions?
Jochen
--
Jochen Topf jochen at remote.org http://www.remote.org/jochen/ +49-721-388298
More information about the Taginfo-dev
mailing list