Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Perhaps the author is referring to "annoying APIs"?

- Where there is an "API key" and a "secret key" when in reality the idiot maintainers could have just concatenated the two and called it a "key". The customer doesn't need to know the abstraction on the server side

- Where one needs to create an "account" and then a "project" before one can even create a "key". WTF is a project

- Where one needs to do a dumb SMS 2FA to even get an API key

- Where one needs to do multiple steps and try/except blocks to get a result in a plain format



SMS 2FA to get an API key is usually when you get free credits and for one or both of a) get your phone number for marketing purposes and b) make it slightly harder to bot farm those credits on hundreds of different accounts (you need to do LRN dips and HLR checks to actually make this somewhat useful)


But if you say "API's are better when they're not annoying" it doesn't sound nearly as witty.


API key has nothing to do with what an API is. API is just how you ask the software to do something, or tell it what to do. API key is just for it to confirm who you are. Before the internet, every piece of software still had an API. Even the OS has an API.


I smell an OAuth2.0 hater =]


Yeah I hate Oath.

I really wish APIs were as just having a free tier that you can just use, and if you want more, just POST $10 worth of Solana to some endpoint and the API gives your IP 10000 more requests. No accounts, no keys, just simple.

I'm not a cryptocurrency fanatic but making APIs easier to access is one really good use case for it. It makes paying for an API as easy as paying for a lemonade at a street stand with cash. No accounts, no billing addresses, no subscriptions, just POST over a nickel along with your API request and get a response, and API owner gets paid.


No keys or accounts, but you need to maintain a (volatile as they all are) cryptocurrency wallet? It would be nice if ye olde banks and fintech actually came up with some standard for a sort of digital cashier's check though.

IP-based requests seems very restrictive. I'd rather post some sort of payment to an endpoint then get some arbitrary secret back that I could use/save/distribute. Maybe you could choose the mode you wanted though, so if you were confident your IP would remain stable and not be shared with anyone else, you could choose that mode.


The accounts are usually an anti-abuse feature; few people want to provide services to faceless bad actors on the internet.


Having to force all your requests through a single IP and maintain some weird crypto wallet is easier than grabbing an OAuth library?




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: