Although if other HN users aren't having that trouble, maybe it's me, not you.
Do you essentially use this as a proxy, where your apps contact it, and it contacts the apis, so it can keep stats on your api use? That's what the three phrases on the home page sort of imply.
But then when I watch the video... it all goes by so fast, but it's giving me the idea that I had it wrong, and it's doing something else (CORS? What would CORS have to do with what I thought it was doing?)
Is it too much to ask for a couple sentences/paragraphs explaining what it does, instead of just a couple words and a video?
Being a developer who heavily utilizes internal and external APIs, I like the idea of a tool like this, however, I'm really hesitant to run all calls through a single 3rd party. Especially one this green.
The next question I have is, what about auth? It seems like it could get really messy / insecure using something like this.
Seems like a great project to open source and to run on your own hardware.
Another concern of mine is that now you're running all calls to an API through yet another service, increasing latency on potentially frequently-called methods.
It's certainly not for all API calls.
That seems... unsuitable for most non-public apis.
But you can do key mapping: if you pass your key it will transform it to the real one and if not, then it will just return 403.
Although, for the technical audience (and isn't a technical audience the only audience for this product?), actually using the word 'proxy' somewhere might help make it even more clear. Although I could be wrong, maybe I'm not representative, but it would make it clearer for me anyway.
Several things make me hesitant. And may not be enough to justify these features (at least for me).
1) Single point of failure. Let's say I use the Reddit API and the Facebook API. If one goes down I still have the other. If apitools goes down I lose both. And what's more likely? For either Facebook or Reddit to go down - or for apitools to go down?
2) API abuse. If an apitools user abuses an API, the apitools server will get blocked. And so other innocent users will also get blocked. Is there any plan to mitigate abuse? If that plan fails, how quickly can new IPs be allocated to get around any IP bans?
3) Security. PII is sent to APIs. How do I know this information isn't logged or otherwise accessible to other apitools users? The heart of the issue is trusting strangers running a new proxy service with sensitive info.
4) Security #2. SSL support? Looking at the following screen shot it appears that currently I'd be transferring PII and API keys in plaintext: http://docs.apitools.com/images/overview.png ("Apitools URL")
5) Price. How much will the service cost? If there's a free level, what are the limits?
6) Latency. Essentially doubles the number of API requests. Wouldn't this make my API requests twice as slow? More importantly, if apitools is under load and experiences longer response times, my site is going to run slower.
Even with these objections it looks like a great product. And these blockers may very well end up being irrelevant for most potential users. Best of luck!
2) AWS allows us to get new IP addresses quickly and APIs will ban rather the auth key than the IP address no? There are huge networks behind NAT like mobile and companies so providers has to count with that.
3) We enforce single point of entry to the Traffic Monitor through the generated unique URL and key we generated for you. The monitors are jailed on several levels, so they can't access outside resources.
4) We are having optional SSL now but enforcing it in next days.
5) We don't want to enforce any limits other than abusing the service.
Do you have any numbers to share? We were thinking about 10req/s should be enough for everyone.
6) It should not double the response time because we are not slow as the API you are asking. Of course it depends where is your client and how many request we will be having, but we have plan for spreading the load and moving monitors around. Also 1)(on premise) is in the works which should have almost 0 latency.
Thanks! If you are interested write us a mail and we can chat how to improve things.
I like the concept of this long term allowing me to specify a single url and toggle the environment of the API I'm hitting from a remote, secure web interface. What sort of uptime and scaling guarantees do you intend to provide?
(For the benefit of anybody whose first language is not English, "Anal" = "having to do with the anus")
There's a bit overlap but it's definitely worth checking out both!