2009/9/21 Karl Fogel <[email protected]>: > Max Bowsher <[email protected]> writes: >> Quoting https://dev.launchpad.net/API: >> >> """ >> Authenticated Access Only >> >> By design, there is no anonymous access through the API. You can do >> read-only access (through a read-only token) but not anonymous access. >> All API use is accounted to a person. >> """ >> >> Why? >> >> Please feel free to respond in the form of a wiki edit :-)
As it happens I coincidentally made that edit before seeing this thread, pointing to <https://bugs.launchpad.net/launchpad-foundations/+bug/385517> > I'll answer here, and see if anyone follows up with more (or more > correct) information, before we put this in the wiki. > > My understanding is that it's a way to have some safeguard against > [possibly accidental] DoS. If all accesses are authenticated, then if > someone does something that causes a problem, we can shut off just that > person's API access. (Presumably, we'd then try to contact them and > figure out a better solution.) I think that was the original intention. However, this was discussed before and I believe it was agreed that the restriction causes more trouble than it's worth. Trouble, because many interesting Launchpad clients only need anonymously readable data and inserting a human in the loop makes them harder to deploy. And not worth much because real blocking of abuse must happen at the IP, URL, or request-per-second level, and users can create as many accounts or tokens as they want. Therefore, that bug. That page also says that APIs are only available to beta-team members (which wgrant tells me is no longer true) and only on edge, which I guess is also not true. -- Martin <http://launchpad.net/~mbp/> _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
