Comments (5)
Yes I think that’s a good way to go. I’m ok with building that. I’ll ping here when it’s ready. Give me some time, I’m pretty backed up atm.
from docs-api.
I've pondered this myself, with no good conclusion yet. It seems unavoidable for a no-server app. My best advice currently, would be to use a proper User-Agent header, and make sure you aren't exposing a read-write key.
The keys serve two functions at present. As a way to pinpoint something abusive and kill it. And, to restrict functionality with permission levels, like write access. When talking about read-only keys, it's not hurting us really. It's just the risk that if someone started hammering the API with your key and we block it, it would hurt you by accident.
This is a good question for the larger group, since it's a "problem" I'd like a solution for. I'll leave this issue open for a while, if anyone wants to chime in. I'm open to any ideas...
from docs-api.
Related issue:
How if I am developing a self-hosted open source podcast player? It seems silly to me to ask users to set up their own API key.
Possible issues with including a read-only API key in the (open) source code are, as you mention, someone taking that key and starting to hammer the API resulting in you guys blocking the key. Honestly, I don't see why anyone would do that, except as a way to annoy users of my app (which are none at the moment), but it does seem like a potential issue and it would be nice to have a way to deal with it.
Anyway, no big deal, I guess, but I thought I'll mention it here.
from docs-api.
Yeah, it’s still an issue really. I’m open to any ideas you might have.
from docs-api.
Would it be possible to include in apps/software a system that automatically requests and gets assigned a read-only API secret? It could be stored in the app/software and reused. That secret could have a special status so it gets deleted e.g. 12 months after not being used (or 24 months after creation) to keep the key list somewhat clean. (As it's assigned per-user, it wouldn't be good for privacy per se, but I guess it's acceptable.)
Btw I believe that for AntennaPod the secret is hard-coded for free builds so that F-Droid can pick it up (not sure about this one). And we have not yet had to rest the secrets because of misuse.
from docs-api.
Related Issues (20)
- Multiple type issues HOT 1
- document optional properties HOT 1
- Podcasts byFeedId Endpoint bug HOT 4
- How to query episode based upon podcast? HOT 1
- Authenticate-free way of getting a feed and item information by GUID? HOT 2
- Podcasts By Feed ID endpoint `/podcasts/byfeedid` accepts non-numeric ids HOT 4
- Are URLs to podcasting platforms returned from the API? HOT 1
- Feature request: trailers API endpoint
- Feature request: add pagination for loading episodes
- Blocked by Cloudflare HOT 2
- Sorting of `/search/byterm` endpoint
- new endpoint: recent/modifiedfeeds HOT 7
- New Feeds endpoint returns feeds that By Feed ID endpoint does not recognize HOT 3
- Include socialInteract (comments) data on the episodes returned by the API HOT 5
- Pagination in search endpoint HOT 5
- Recent feeds not returning all expected feeds HOT 5
- Order `/episodes/live` by `datePublished` rather than `id` HOT 1
- Wrong schema description and example for /search/byperson HOT 2
- Type inconsistency for the /podcasts/bytag endpoint HOT 4
- Strange issue with /search/byperson HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docs-api.