API Keys by ekzyis · Pull Request #915 · stackernews/stacker.newsgithub.com/stackernews/stacker.news/pull/915
1133 sats \ 10 comments \ @ek 13 Mar meta
write
preview
related posts
100 sats \ 1 reply \ @beorange 13 Mar
great, this will unlock a ton of cool apps and tools.
reply
100 sats \ 0 replies \ @ek OP 15 Mar
Do you already have one in mind? :)
reply
100 sats \ 0 replies \ @WeAreAllSatoshi 13 Mar
Ooh I’m going to test this out as soon as it lands!
reply
25 sats \ 2 replies \ @WeAreAllSatoshi 13 Mar
By the looks of the modal, you're taking a similar approach to OAuth scopes where each API token is only granted specific permissions based on which APIs you intend to use? That's cool!
reply
0 sats \ 1 reply \ @ek OP 13 Mar
No, the questions are just out of interest. The API key would provide full access to your account as it's currently implemented.
reply
0 sats \ 0 replies \ @WeAreAllSatoshi 13 Mar
Ah, I see
ETA: Gosh darn it, I didn't wait 10 minutes to reply!
reply
0 sats \ 3 replies \ @anon 17 Mar
Hey I'm glad there's some sort of progress in the API arena, and I don't want to sound ungrateful, buuuut:
If you have to manually apply for access this is never going to take off. Why put a lot of effort into writing some SN-api-wielding software if every single one of its users has to beg and plead and make their case to you deities in order to use it?
Look man, this is how it's done: https://github.com/HackerNews/API
See that? Short, simple, sweet. No API keys, no "extract this kooky string from the dev tools in your browser". It just works.
PERMISSIONLESS
Lemme say that again, PERMISSIONLESS.
Look, I don't want to sound ungrateful and all. I assume the reason you can't throw the gates open is that your API is GraphQL, and because of that people can grind your server to a halt with complex queries. If that's the case, stop working on the API. Focus whatever time you have available for API stuff into a non-GraphQL interface. Don't worry about public API access until that's taken care of first.
Hope that didn't come across as too entitled. You are heroes, btw.
reply
0 sats \ 1 reply \ @anon 17 Mar
Also don't ever forget you have the world's most powerful anti-DoS tool already implemented: micropayments.
Why not just get rid of the API keys and charge users sats for API calls?
That would be so awesome.
reply
0 sats \ 0 replies \ @ek OP 17 Mar freebie
Also don't ever forget you have the world's most powerful anti-DoS tool already implemented: micropayments.
I agree it's a powerful anti-DoS tool but with great power comes great responsibility. We like to prioritize UX over "slapping fees on something and calling it a day". Micropayments are not our revenue. They only exist to enhance the SN experience.
Why not just get rid of the API keys and charge users sats for API calls?
This would only charge the users who don't know how to use the API for free like the frontend
0 sats \ 0 replies \ @ek OP 17 Mar freebie
Lower your time preference
Hope that didn't come across as too entitled.
No, only as impatient
You are heroes, btw.
Thanks