Hi Husky,
As far as i know these requests can't be authenticated (giving a 'token' parameter doesn't work). I did add the Api-User-Agent header, but i've seen the dreaded HTTP 429 error also after adding those headers.
My understanding of OAuth is superficial, but it should be possible to authenticate API requests using the user's credentials, see https://www.mediawiki.org/wiki/OAuth/For_Developers#OAuth_2. Thumbnail images are another can of worms though.
Maybe one solution would be to move unauthenticated requests to the backend (the PHP API layer) as well because then it's clear that they're coming from toolforge.org? But that would unfortunately require a lot of refactoring of this app, and many older ones which i doubt still have maintainers.
Also, you would basically be running an open proxy now, that could be abused by scrapers to access the API. If the kind of access is restrictive enough this could be a viable work-around, but you'd have to keep an eye on it to spot abuse.
-- Daniel Kinzler Principal Software Engineer MediaWiki Engineering Group Wikimedia Foundation
_______________________________________________ Wikitech-l mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
