25Şub
Can I safely expose a read-only RESTful API with no key or token?
As the title suggests, I would like to expose a couple of read-only endpoints without requiring a key or token. The endpoints will allow the user to request their data for the purposes of displaying it on their website.
The reason I am considering this is that I want to avoid the user having to go through the extra work of setting up a separate server to communicate with the API, rather than just making requests from the browser. It seems like this is an okay idea, since the data will be publicly displayed on the user's website anyway.
Then again, I feel like I have some blindspots here that I am missing. Would anyone be willing to poke some holes in this plan?
