Ask HN: Clever ways to handle API access but avoid signup?
I’m working on an API to make it easier to try/adopt a certain technology.
I want to reduce friction and barriers to try the API. I would like to avoid forcing the developer to sign up to get an API key.
Current ideas is to allow a developer to create there own API key on the first request, treating it like a secret.
However it would be good to have a way to contact the developer via email.
What are clever ways you’ve seen to reduce friction when trying an API?
3 comments
[ 3.8 ms ] story [ 20.2 ms ] threadIf you really want to: One alternative would be to generate a random JWT while the developers are on the website and ask them to secure a given JWT by adding their email, doing on boarding that way.
Addendum: In terms of reducing friction, if this is going to be a paid API, I would suggest adding a free tier that allows N requests before you either rate limit or cut off, and send an email to ask for a conversion
I'd like to avoid JWTs and use the simplicity of "Basic" (username/password)... but borrowing your idea I could generate it clientside on the website? Enter email and immediately display a API key (base64 of email+random secret/guid) that is stored ("activated") when the first API call hits the server.
If you try to call the API with same email but different secret, it's 401.
It's indeed going to have a free tier with throttling. A paid tier with other rate limits and some premium features might come down the road.