It's a fair complaint. I'm not sure when we're getting everything to HTTPS, but ... | Hacker News

HN2new | past | comments | ask | show | jobs | submit

		projectileboy on Aug 22, 2014 \| parent \| context \| favorite \| on: Recommendations API It's a fair complaint. I'm not sure when we're getting everything to HTTPS, but I know it's on the roadmap. Including the API key as a parameter goes back to the early days of our API - quite a few years ago. The problem now is that we have enough apps with enough traffic that we can't just move it to the header without causing a bit of disruption. But that too is on our roadmap. Both issues are important.

flaie on Aug 22, 2014 [–]

It should still be fairly easy to check for an API Key in the header if not found in the request parameters. This way there would be no disruption for old apps, and it would benefit new apps.

I also think that both this and HTTPS are mandatory, but since it's on your roadmap that's good enough.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact