Most APIs require tokens to track who uses which and map usage per account if it reaches limit or not. Only limits excess usage to accounts with that token. Well, this is business-case, depending on paid access I get more bandwidth/usage or if free I get less. But my point is on abuse, or DDoS, maybe simultaneous and repeated requests haunts the API. :D
We are not in a business case and our API is free to use. Adding userid/token will add burden on both side.
We prefer to keep it simple and throttle requests/usage globally at the server side.
And if we change our mind, we can still implement it 😉
what for?
Most APIs require tokens to track who uses which and map usage per account if it reaches limit or not. Only limits excess usage to accounts with that token. Well, this is business-case, depending on paid access I get more bandwidth/usage or if free I get less. But my point is on abuse, or DDoS, maybe simultaneous and repeated requests haunts the API. :D
We are not in a business case and our API is free to use. Adding userid/token will add burden on both side.
We prefer to keep it simple and throttle requests/usage globally at the server side.
And if we change our mind, we can still implement it 😉