Merge pull request #35 from 18F/keys

Section on API keys
18F · Jul 1, 2014 · d3c563e · d3c563e
2 parents 8398efb + 29c313d
commit d3c563e
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -73,6 +73,17 @@ General JSON guidelines:
 * **Don't use unpredictable keys**. Parsing a JSON response where keys are unpredictable (e.g. derived from data) is difficult, and adds friction for clients.
 * **Use `under_score` case for keys**. Different languages use different case conventions. JSON uses `under_score`, not `camelCase`.
 
+### API Keys
+
+These standards don't take a position on whether or not to use API keys.
+
+But _if_ keys are used to manage and authenticate API access, the API should still allow some sort of unauthenticated access, without keys.
+
+This allows the API to be used and experimented with by newcomers, in demo environments, and with simple `curl`/`wget`/etc. requests.
+
+It may also be a produict goal to allow a certain level of normal, production use of the API, without enforcing advance registration by clients.
+
+
 ### Error handling
 
 Handle all errors (including otherwise uncaught exceptions) and return a data structure in the same format as the rest of the API.