[TheLocehiliosan]

This is pretty cool, but...

Authentication seems to be done with a query string ?api_key=KEY instead of some kind of standard header.

Also, there is a query string "format" for changing the output, ?format=json. Instead of using the Accept header :/

[simonw]

I think these are reasonable design decisions.

Headers are harder to use than query string parameters. You can't start poking around in an API as easily using just a web browser if the API requires authentication and accept headers.

The downside of query strings for API keys is that they can inadvertently be exposed by log files. For this API, where the API key appears to be there purely for analytics reasons, I don't think that risk is particularly bad.

[TheLocehiliosan]

I feel like there's all sorts of disappointing design decisions.

* All of the endpoints are singular, but then /summaries is plural for some reason

* You can enumerate the congresses, but non of the congress representations have a value which represents the numeric ID that should be used on other requests. Unless you request the congress data using that number, and then it does include it.

Oh well, hopefully it improves and becomes more consistent over time.

[mixmastamyk]

Browser dev tools can add headers. It's not worth the key leakage.

[alxlu]

I was able to get it working with the 'X-Api-Key' header and it seemed to give back JSON by default without adding anything to the query string.