anonymous readonly api requests should not require an OAuth key
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Low
|
Leonard Richardson |
Bug Description
It's now possible for an api client to "log in anonymously" to get at public readonly objects, which is great. It would be nice if we took the next step and just let API GET methods be sent without requiring an OAuth token at all.
To reproduce:
GET https:/
What does happen:
> Request is missing an OAuth consumer key.
What should happen:
I get a json representation of that bug.
Why:
- This would make it a bit easier for people to write non-launchpadli
- It would help with interactive examination of the API (by posting things into a browser)
- It would cut a few roundtrips off startup time
- It might make it easier to pull json into other apps or mashups
- It may reduce pressure to do screenscraping
- The restriction seems pointless
We may want to encourage clients to send a meaningful User-Agent header, and to make it easier for launchpadlib users to specify a string to add to that (if they don't already.) Then we can track or throttle usage.
Arguably clients should check robots.txt before reading many files.
I'm told there's a workaround of adding '/api/beta' to the user-oriented url but I can't get that to work.
Related branches
- Guilherme Salgado (community): Approve
- Gary Poster (community): Approve
- Martin Pool (community): Approve
-
Diff: 141 lines (+88/-9)2 files modifiedlib/canonical/launchpad/pagetests/webservice/xx-service.txt (+70/-2)
lib/canonical/launchpad/webapp/servers.py (+18/-7)
Changed in launchpad-foundations: | |
importance: | Undecided → Low |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in launchpad-foundations: | |
status: | Fix Committed → Fix Released |
https:/ /api.launchpad. net/api/ beta/bzr/ +bug/98836/