We're currently using a discussion forum that nobody signed up for an API key in order to make posts and you don't even need a user account in order to read. What allows them to sustain this without being destroyed by evil forces?
> nobody signed up for an API key in order to make posts
Yes you did. When you logged in, they gave you an API key in the form of a cookie that you include with every request.
And it's run at a loss by Y Combinator, which is very, very wealthy. And even hackernews has to pay for cloudflare and mods, on top of hardware, hosting, and traffic.
> When you logged in, they gave you an API key in the form of a cookie that you include with every request.
You can read this website (i.e. make queries against its database) without logging in. Moreover, the main thing the cookie does is not some kind of rate limiting or denial of service protection, it's assigning your username to your posts so that others can't impersonate your account. Various image boards exist that even allow you to post without logging in and they seem to be fine with it.
> You can read this website (i.e. make queries against its database) without logging in
Yeah, but the sentence I replied to was "nobody signed up for an API key in order to make posts". That claim was false. Being able to read the website is a totally different topic.
It was not. A login cookie isn't an API key. It serves a different purpose, which you can observe on the services that do have an API key and then separately require some other credentials to make posts as a particular user account.
Here's a good way to distinguish them. If I want to make my own app (in this context a web browser), do I have to maintain some intermediary servers that the app makes requests through in order to keep my, the app developer's, API key a secret from the users who are using the app? No, the user only needs their own user account, and only for the things that require a user account, and the service expects for each user to have their own account, rather than each app.
It was. Google "what is an api key", and the first result is
> An application programming interface (API) key is a code used to identify an application or user and is used for authentication in computer applications.
Yes, as you argue, it is indeed used to indentify multi-user applications. It is also used to identify users. It is not as narrow as you thought. Learning something new is a good thing! I'll be abandoning this thread now. If you need to get the last word, go ahead. If you need a victory, then fine- I was wrong all along, you win.