Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify whether the server can require API keys for different resources #33

Open
philipashlock opened this issue Jun 4, 2013 · 1 comment
Open

Clarify whether the server can require API keys for different resources #33

philipashlock opened this issue Jun 4, 2013 · 1 comment
Assignees
@philipashlock
Labels
C: GeoReport API P: major T: defect
Milestone
GeoReport API v2.1

Comments

@philipashlock
Copy link
Member

Currently, the spec states that API keys are only required for the POST Service Request method, but it doesn't clearly say whether this is optional for other methods. It says that API keys are not required for other methods, but if an implementation wanted to require them for other methods, would this be acceptable or would it break compliance with the spec? This needs to be explained in the documentation.

http://lists.open311.org/r/post/5X71Jj9HSG1gOX8worgppv
@ghost ghost assigned philipashlock Jun 4, 2013
@antony-lovric
Copy link

Has anyone else thought about this? We would like to use the API key to throttle traffic and have insight into who is using the system. Without it we would need to use quotas against IPs or an alternate mitigation strategy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@philipashlock philipashlock

Labels
C: GeoReport API P: major T: defect
Projects
None yet
Milestone
GeoReport API v2.1
Development

No branches or pull requests
2 participants
@philipashlock @antony-lovric