Hi. We have slowly introduced API keys to the service over time, today taking this one step further. API keys are one way in which we prevent abuse of the system. With the service being under constant attack, this is unfortunately necessary.
All three of the API endpoints (search, submit and geolocate) take an API key in the same format, as now concisely described at http://mozilla-ichnaea.readthedocs.org/en/latest/api/index.html#api-access-keys The search and geolocate APIs have for the past months required an API key to be send. Starting today the API key must be one we have issued or know about, instead of an arbitrary value. The API keys for the official mozstumbler, f-droid mozstumbler build and the default key of geoclue are all whitelisted. We currently also accept a key called “test”, though this might change in the future. If you want to test our service inside Firefox Desktop, please refer to the updated docs at http://mozilla-ichnaea.readthedocs.org/en/latest/api/index.html#geolocate The submit API still continues to work with or without API keys, as the code in Firefox for Android (Fennec) hasn’t yet been updated to send API keys. This will change in the hopefully near future. We haven’t automated any sort of sign-up or issuing of API keys yet. If you want to get an official API key, please email me in person at [email protected] Currently we don’t have a formal definition of what constitutes abuse. But generally sending us many requests per second is probably abusive. If you want to test the service in any scripted way, or use it in a product, please talk to us first. I wish the internet would be a friendlier place, but unfortunately it isn’t. Cheers, Hanno _______________________________________________ dev-geolocation mailing list [email protected] https://lists.mozilla.org/listinfo/dev-geolocation
