Hey there. It looks like something has changed with the with write.as servers recently. My Blazor apps (Popular Posts, Search, Archive Generator), which used to work before, have now stopped working. I am now getting the same CORS error that I mentioned in this thread. I only used to get that error when trying to make my apps work on other writefreely instances, but it used to always work for the write.as instance.
Is this something that can be fixed?
Hey @dino, sorry about this – it looks like you’re running into the rate-limiting we recently introduced on the API, based on that 429 Too Many Requests response.
We’re still in the middle of fighting off these bots, so the rate limits will be there for the foreseeable future. But once we get through the current onslaught, I’ll take a look at making an exception in the API layer for you. Beyond that, we’ll be introducing a more permanent way for you (or anyone else) to use the API like you want to, without being subject to these limits.
Will keep you updated!
I hope this can be fixed soon.
We’re planning to move toward granting “application keys” that you can use to avoid normal rate limiting on the API. To use it, you’d simply include the key in an extra header on every request to the API.
Do you think something like that would work for your app, @dino?
@matt I was just wondering, would it be easier to just whitelist specific urls? I only ask because all my Blazor apps are subdomains of dinobansigan.com. I was thinking if you could whitelist specific urls, the apps could once again start working without needing to pass in extra headers. Just a thought.
Sorry this took so long to get to! It’s possible we could take that URL-based approach, but I wanted to provide a way to authenticate with the API that would work in a wide array of situations, so I think the key-based approach makes the most sense. And that’s ready now!
You can now go to a special Application Keys page on your account to find your key, @dino. It’ll also explain how to integrate that into your apps.
The key should be kept secret, so if you’re making the backend code public, it’d be best to make this value configurable. Then individual users can add their own key (if you need one, reach out privately to @support, and we’ll generate one for you).
This is awesome news @matt! I’ll look into making use of the application keys on my apps. And I’ll make sure it doesn’t show up on the repo for my source code on Github.
Just wanted to clarify this part. On apps where other people can use it themselves, like say the WriteFreely Archive Page Generator, did you want the users to enter their own API keys? Or would the users work off the API key that I already have?
These keys are designed for app-level use like that, yep. So as long as your key isn’t being revealed to others (such as on a hosted service like this), you can and should use it.
Got it, thanks!
