
Ask HN: Would you add a Workshop/Class mode to your web API? - juliendorra
Hi, an Ask to web APIs maintainers!<p>I teach young interaction designers how to build things using web APIs. Many others also try to use web APIs to teach kids or adults.<p>It&#x27;s now a lot harder than a few years ago.<p>That&#x27;s because there&#x27;s very few unauthenticated endpoints left[1], and when authenticated there&#x27;s no API mode suitable for teaching the API to a class or workshop group.<p>I totally understand the need for control and limitations in web APIs.<p>I&#x27;m just asking: would you, web APIs maintainers, be open to have a workshop mode to help teach your APIs without compromising security and ressources ?<p>As an example:
Instagram was easy to use in a learning environment, one of the nicest API to teach a workshop: rich data, accessible, easily working client side in the browser and… cool for students ;-)<p>With recent restrictions to public content in sandbox mode, it&#x27;s now very hard:<p>- Sandbox mode is inadequate for a class (very restricted in term of public content, 10 users). It&#x27;s restricted in a way that students can&#x27;t build engaging demos. For example, most of my students don&#x27;t publish images they have empty accounts, and the sandbox restrict data to their own accounts.<p>- The Instagram App submission process doesn&#x27;t account for workshops and learning environnement. (Which makes sense!)<p>There&#x27;s similar issues with most APIs. (I use to use Twitter, but it became cumbersome for javascript client-side workshops)<p>Proposal:
It would be great to have an intermediary Workshop mode in web APIs, suitable for teaching and using the API in a workshop context.<p>As a starting point, it could<p>- allow access to public content, because it&#x27;s the easiest way for students to dive in an API.<p>- use an expiring shared token as auth (given by the teacher) so students don&#x27;t have to authenticate for most contents.<p>Would you pledge to implement such a workshop mode? :-)<p>[1] https:&#x2F;&#x2F;shkspr.mobi&#x2F;blog&#x2F;2016&#x2F;05&#x2F;easy-apis-without-authentication&#x2F;
======
cryptarch
You could host your own API's and whitelist the workshop's external IP(s) from
authentication?

Another option would be for you to create a "proxy API", which would use your
own auth credentials to connect to the API of your choice, but uses some
workshop-compatible auth means for requests to it.

I don't really think it's realistic to expect every API implementor to care
about workshops, and it's not so hard to get your own API even as a student.

~~~
juliendorra
Thanks for the feedback. Alas, a proxy API would not work in the case of
Instragram, for example. There is no case in their API model where it fits.
(Can't work in sandbox, isn't an allowed use case for submitted apps).

Of course I understand that at the moment web API maintainers don't care about
that use case, but I'd argue that it is an important use case (as in
"education is important " :-)

