Comment by infecto

4 hours ago

Sometimes I wonder where I am when people are so shocked. I genuinely don’t understand who would think this is allowable? Is this simply a younger generation and I am old now? API keys vs the auth tokens smells the same as public vs private APIs, don’t be surprised you get shut off if you are using a private API.

5 comments

infecto

Reply
ndriscoll  2 hours ago

To the extent that that's true, it would be in the opposite direction? Auth tokens are meant to be used by the User Agent to effect the wishes of user, often encode permissions the user has, and are used with public APIs like those intended for web browsers. API keys are usually for private communication like server to server.

The usual expectation is you don't care what agent the user is running. You just care about what they're doing with it (permissions, rate limits, etc.).

  • infecto  2 hours ago

    Honestly that’s a detail far removed from the discussion. Folks are surprised they cannot use something that would obviously be against the T&Cs.

    • ndriscoll  2 hours ago

      Everyone knows no one reads terms and that it isn't feasible for a normal person to do so, so I don't know why it would "obviously" be against them to anyone. If you're paying for a subscription with known limits, you'd expect you can use up to those limits. It's no more obvious to me than if you used the API token and got banned for using another client, or if a website decided to ban Firefox users.

      2 replies →