Published: Sunday, Oct 18, 2015 Last modified: Friday, May 12, 2023
In Singapore, the NEA publishes data about air quality in a machine readable format aka an “API”.
Currently they publish it with a key, For example:
The actual current XML payload is worthy of a blog in itself. It has numerous issues.
Firstly, why do they need a key? You can control access to an API by Access-Control-Allow-Origin, maybe the referrer or IP if access is a problem.
And why would access be a problem? The load on an API is far lower than a Website since the API is a fraction of the size & far more efficient.
So please correct me if I am wrong, the current access the NEA PSI API is limited by:
- Key registration process
- Limits the API use to server side only, which is far more complex to deploy to than a simple static JS app
These are artificial barriers to entry that should be removed to streamline a “smart nation” that’s capitalising on information. Please do NOT use API keys.
UPDATE: The workaround is something like this which took me longer to code than I would like to admit. :(