When a request is received by any API that requires an API key, check for an 'id' cookie that identifies them. If the cookie exists, it is an existing device. If there is no cookie by that name, create one by hashing unique properties of the device (such as IP, user-agent, etc), and send it back with the response.
When this new 'id' cookie is created, assume the device is a new one using the API key for the first time, and email me their details. The email's from field should be set to 'no-reply@virajchitnis.com'.
When a request is received by any API that requires an API key, check for an 'id' cookie that identifies them. If the cookie exists, it is an existing device. If there is no cookie by that name, create one by hashing unique properties of the device (such as IP, user-agent, etc), and send it back with the response. When this new 'id' cookie is created, assume the device is a new one using the API key for the first time, and email me their details. The email's from field should be set to 'no-reply@virajchitnis.com'.