[Important] Register your application and get API Key - (Prevent API Overload)

[softmarshmallow]

Important notice (ACTION REQUIRED)

Recently, lots of abused usage of free bridged cloud services are detected. To keep providing the service free for everyone, we decided to force application registration to use bridged.cc services.

Register your service here -> https://grida.co/cloud/cors/register

1. service / account registration
2. get your api key in 24H
3. update your bridged.cc service call to use registered api key
4. unauthorized request will be blocked from Oct 10 2021
5. OR Use this hotline to contact us - join slack

curl -XGET -H 'x-cors-grida-api-key: your-api-key-here' 'https://cors.bridged.cc/https://grida.co'

Please join our community slack for latest updates / any questions, via this invitation link

History (From here, it's an informative document, your action is not required)

(July 4 2021) As noticed, we've started blocking unregistered applications order by most frequently accessing. currently 6 hosts are blocked to use our proxy service, waiting for the organizers to contact us. (with no contact, these blocking will remain permanent) - https://github.com/bridgedxyz/base/pull/31

(June 29 2021)

• Preflight large file blocking with 413 deployed. https://github.com/gridaco/base/pull/29
• Boosted Execution timeout from 6s to 12s. https://github.com/gridaco/base/pull/29

(June 2021) Request per month skyrocketed, reached up to 2 billion requests. We decided to make the service available to authorized app only, preventing abused & anonymous usages.

(May 2021) Currently cors services is being called maximum rate of 100,000 request per hour globally, Which the financing issue is held cause of this.

We want to keep this service free and public, open to everyone and we'll need to limit max request per hour per ip or account on free tier to do this.

We're thinking of 10,000 request per hour per ip/account will be an adequate quota to provide as a free tier.

I'll keep this thread open and get feedbacks for this idea.

Current action items are.

• Add statistics to services so we can find if there is a abusing usage of this serviec. (too many request for few clients - we don't want this to happen)
• Write privacy policy for statistics data collecting

Problem still lives.

• How to tell current develooers that this service will be updated? - we don't have there email address or nothing.

[Fawesum]

Sounds more than reasonable. 10k per hour is also very generous.

[softmarshmallow]

OFFICIAL NOTICE FROM BRIDGED TEAM

Hi,

From June 1 2021, Only authenticated user/apps will be able to use BASE in unlimited quota. The API limit for unauthorized/anonymous requests will be as described above.

Even for authenticated accounts, It might be necessary for us to take payments for massive requests. We want to keep utility functions up and online, free for everyone and we are raising funds and contacting cloud providers such as AWS for this to happen.

Thanks for using Bridged App Services.

[softmarshmallow]

From May 25th, We are limiting lambda function memory from 1024mb to 128mb. This, in most cases, will not have effect. but fetching high payload data such as video might not work anymore.

See gridaco/base#25

We are not adding any access limit to cors.bridged.cc service (as mentioned above) yet.

We'll see if this lowers the pricing, if it works, we'll keep it this way.

[softmarshmallow]

To make things clean and clear, we are sharing our payments to AWS. (for free cors.bridged.cc service)

From May 1st ~ May 25th Total: $963+ / Mo

Data transfer

Api Gateway

Lambda

Additional Plans for keeping CORS Free.

• We can save data transfer price via supporting multi-region service.
• We ca save lambda execution time by limiting timeout to 3 seconds (currently 6. - 3 does most of the job)

[softmarshmallow]

UPDATE - IMPORTANT NOTICE (ACTION REQUIRED)

Recently, lots of abused usage of free bridged cloud services are detected. To keep providing the service free for everyone, we decided to force application registration to use bridged.cc services.

Register your service here -> https://grida.co/cloud/cors/register

1. service / account registration
2. get your api key in 24H
3. update your bridged.cc service call to use registered api key
4. unauthorized request will be blocked from July first 2021

[stl1988]

When clicking that typeform link for rwgistering, it says "Sorry, you can't access this typeform until its creator says so.". I first thought I had to create a typeform account, but it doesn't seem to work this way.

[softmarshmallow]

When clicking that typeform link for rwgistering, it says "Sorry, you can't access this typeform until its creator says so.". I first thought I had to create a typeform account, but it doesn't seem to work this way.

I can confirm that the link is alive and accessible. (tested on ingognito) guess that was something temporary. :) -> https://grida.co/cloud/cors/register

[Beasleydog]

I get an error saying the form is closed. Is there any other way to get an API key?

[korrida]

Same to me. No way to register my service. How can i get api key now?

[softmarshmallow]

@Beasleydog @korrida Sorry for the inconvenience. I've update the form link. we are now using google forms. -> https://grida.co/cloud/cors/register

[korrida]

I'm done, what's next ?

[softmarshmallow]

@korrida We'll email you manually shortly :)

[korrida]

I got it thanks. Should it work as part of POST header via dot ajax request? This guideline contains only a GET call example. I use the following construction: $.ajax({ url: "https://cors.bridged.cc/http://web.idtlive.com/index/api.show/index.html", type: "POST", contentType: "application/json", headers: { 'x-cors-grida-api-key': 'myid' }, .... etc

[softmarshmallow]

@korrida Method should not matter (Like any other api services :) ) All works the same way for GET / POST / PUT / etc.

[DarKWinGTM]

Hi, I was waiting for api key.

[softmarshmallow]

Hi. response to your application can take up to 48 hours, we check it manually every morning. For reaching me urgently, you can use this community slack channel and DM me :)

join slack

[lypborges]

What'll be the price for this registration?

[softmarshmallow]

@lypborges Free!

[PerceptAsh]

I registered for an API key on Thursday 14 Oct and haven't received one yet. I requested one using email, support@perceptit.com.au.

[faob-dev]

I registered my account 1 week ago for API key but haven't got my api key farrukh.obaid@gmail.com

[softmarshmallow]

Hi, Sorry, It is impossible to track individual's requests here. please contact us via Slack. https://grida.co/join-slack

[mikelgmh]

Is it possible to whitelist a domain instead of needing to send an API Key? My webapp does not have a backend, so the requests are made directly from the browser and I don't want my key to be exposed.

[yaqwsx]

Hello, I registered a key about 8 months ago, and everything was working flawlessly. However, a few weeks ago I started getting error 403. What can I do to diagnose what changed?

[softmarshmallow]

Hi. @yaqwsx

As you can see on this repo, no logics are changed. Please check once again if it's not your target's (request target) problem. If this continues, please let me know :)

[LetusAbaasy]

Hello @softmarshmallow, I registered the questions in the google forms to get a key, thanks for your help and services.

[softmarshmallow]

Hello @softmarshmallow, I registered the questions in the google forms to get a key, thanks for your help and services.

Hi. Please reach me via the slack link above :)

[deontic]

Is it possible to whitelist a domain instead of needing to send an API Key? My webapp does not have a backend, so the requests are made directly from the browser and I don't want my key to be exposed.

I need to do this as well, is there a way to whitelist the domain instead of having to expose the API key?