You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the spec states that API keys are only required for the POST Service Request method, but it doesn't clearly say whether this is optional for other methods. It says that API keys are not required for other methods, but if an implementation wanted to require them for other methods, would this be acceptable or would it break compliance with the spec? This needs to be explained in the documentation.
Has anyone else thought about this? We would like to use the API key to throttle traffic and have insight into who is using the system. Without it we would need to use quotas against IPs or an alternate mitigation strategy.
Currently, the spec states that API keys are only required for the POST Service Request method, but it doesn't clearly say whether this is optional for other methods. It says that API keys are not required for other methods, but if an implementation wanted to require them for other methods, would this be acceptable or would it break compliance with the spec? This needs to be explained in the documentation.
http://lists.open311.org/r/post/5X71Jj9HSG1gOX8worgppv
The text was updated successfully, but these errors were encountered: