Why require an API key for guest access?

[vitorbaptista]

I was reviewing @roll's PR for os-packager when I noticed we use a public "guest" API key on https://github.com/openspending/os-packager/pull/116/files#r148722189. This key is public, so why have it at all? Couldn't we simply assume that requests without API keys are guest requests, and treat them accordingly?

I can imagine having a public key for OpenSpending, which even though is public and anyone could reuse, it's at least an indication of the usage coming from OpenSpending. But as I understand, this isn't the case (the keys came from https://github.com/frictionlessdata/goodtables.io/blob/51598208389bc080de877f8b66af20a1252e3eae/goodtablesio/settings.py#L29-L32).

We could either:

• Not require an API key for guess access
• Always require an API key, but don't reuse them across apps

WDYT? (cc @amercader @roll)

[roll]

@vitorbaptista It was a long discussion I suppose starting from here - https://github.com/frictionlessdata/goodtables.io/issues/166.

Main idea was to have consistent user-based resources access model. It's @amercader's design so I think he's the best person to comment your ideas.

Personally initially I was thinking it's too complicated but at some point I've got the idea. Anyway I don't have strong preference here. Always rooting for simplicity though,. At the same time loving consistency.