100 sats \ 4 replies \ @ek 8 Dec 2023 freebie \ parent \ on: wen HN parity? i was told there would be a lambo API. meta
It's GraphQL. You don't need a browser. I said you can even use it from your browser.
The playground is there to make it easy to get into. To just play around initially.
If you want the GraphQL API schema in plaintext, it's here.
Now do some PoW or wait until we're ready :)
write
preview
1200 sats \ 1 reply \ @anon 8 Dec 2023
Now do some PoW or wait until we're ready :)
Speaking of which, if you're really determined to use GraphQL as your API, please be ready to charge a few sats per API call. Because if not some moronic idiot is going to think it's funny to flood the site with compute-expensive calls.
Every site I know of that exposes a GraphQL API is eventually forced to either (a) put users through CAPTCHA-hell (b) do browser fingerprinting, usually via cloudflare, (c) some kind of real-world identity linkage like SMS verification, or (d) some combination of the above.
I would hate to see that happen to SN.
I probably can't convince you that exposing GraphQL to anonymous callers is a bad idea, so hopefully I can convince you to be ready with something less awful than (a)(b)(c)(d) when the inevitable result occurs.
Thanks again for creating this awesome site.
reply
0 sats \ 0 replies \ @ek 8 Dec 2023 freebie
Speaking of which, if you're really determined to use GraphQL as your API, please be ready to charge a few sats per API call. Because if not some moronic idiot is going to think it's funny to flood the site with compute-expensive calls.
we've considered it. we're going to do it when it's needed :)
so enjoy the free ride as long as it's possible :)
I probably can't convince you that exposing GraphQL to anonymous callers is a bad idea, so hopefully I can convince you to be ready with something less awful than (a)(b)(c)(d) when the inevitable result occurs.
no, you can, you actually don't even have to because i already somewhat agree :)
we're aware that GraphQL is vulnerable to n+1 queries and some malicious actor ... not going to continue for hopefully obvious reasons :)
0 sats \ 1 reply \ @anon 8 Dec 2023
You don't need a browser
I sure looks like you do:
SN_AUTH_COOKIE must be set with a valid session cookie.
Some functions need authentication. Right now this is handled by pasting you session cookie into a .env file under SN_AUTH_COOKIE. How to Retrieve a Cookie from a Web Request: Open Developer Tools ...
reply
0 sats \ 0 replies \ @ek 8 Dec 2023
yes yes, you are right, i forgot about this :)
i think i am using ":)" so much it might actually start looking like i mean it in a "sarcastic way", lol
reply