
Ask HN: Clever ways to handle API access but avoid signup? - dyml
I’m working on an API to make it easier to try&#x2F;adopt a certain technology.<p>I want to reduce friction and barriers to try the API.
I would like to avoid forcing the developer to sign up to get an API key.<p>Current ideas is to allow a developer to create there own API key on the first request, treating it like a secret.<p>However it would be good to have a way to contact the developer via email.<p>What are clever ways you’ve seen to reduce friction when trying an API?
======
bhargav
Reducing friction is a good idea but I would argue that asking folks to
generate and send you a secret is likely the same amount as them getting an
API key that you generate for them. You’ll also run into uncertainties in
secret key formats that are used by disparate clients.

If you really want to: One alternative would be to generate a random JWT while
the developers are on the website and ask them to secure a given JWT by adding
their email, doing on boarding that way.

Addendum: In terms of reducing friction, if this is going to be a paid API, I
would suggest adding a free tier that allows N requests before you either rate
limit or cut off, and send an email to ask for a conversion

~~~
dyml
Hmm.. you're right that it might introduce uncertainty about key formats,
allowed chars/length etc.

I'd like to avoid JWTs and use the simplicity of "Basic"
(username/password)... but borrowing your idea I could generate it clientside
on the website? Enter email and immediately display a API key (base64 of
email+random secret/guid) that is stored ("activated") when the first API call
hits the server.

If you try to call the API with same email but different secret, it's 401.

It's indeed going to have a free tier with throttling. A paid tier with other
rate limits and some premium features might come down the road.

------
zzo38computer
You could require (or just request, if wanted) a "From" header in the HTTP
request, perhaps, if you want to contact the user via email.

