15.4 Tracking usage
RESTful APIs need to be used for secured connections. This means the server must use SSL, and the connection will be via HTTPS protocol. The idea is to manage the SSL certificates used by ”front-end” or client applications. In many web service environments, mobile applications and JavaScript-based interactive front-ends will have certificates allowing access to the back-end.
In addition to SSL, another common practice is to require an API key as part of each transaction. An API key can be used to authenticate access. It may also be used to authorize specific features. Most importantly, it’s essential for tracking actual usage. A consequence of tracking usage can be throttling requests if an API key is used too often in a given time period.
The variations in business models are numerous. For example, use of the API key could be a billable event and charges will be incurred. For other businesses, traffic must reach some threshold before payments...
