New Parameter for Server Side API Calls

January 19, 2010

Over the last several years, you've helped make Google's AJAX APIs incredibly successful. Not surprisingly, however, there are some people who try to take advantage of these free APIs by using them in ways that they were not designed for, abuse which is prohibited by the Terms of Use. Specifically, some servers are making countless requests - requests not made on the behalf of an end-user - in an attempt to scrape data from the APIs.

To help us discourage this behavior without affecting legitimate developers, we're adding a new parameter to the RESTful interface, userip. With this parameter, developers have the option of supplying the IP address of the end-user on whose behalf they are making the API request. Doing so will help us distinguish this legitimate server-side traffic from the more abusive scraping in which there are no end-users.

Use of this new parameter is *not* required. However, if it is not included with server-side requests, those requests are more likely to be interpreted and automatically blocked as abuse, especially in situations where a server is sending a high volume of traffic to the API. Additional safeguards you can take include setting setting a valid HTTP referer (as required by our Terms of Use) and using an API key. These additional measures will help us contact you in case there are problems with your website or application (sometimes a programming error results in massive traffic, forcing us to block your access if we are unable to contact you). In choosing to utilize this parameter, please be sure that you're in compliance with any local laws, including any laws relating to disclosure of personal information being sent.

Check the documentation for usage of the new parameter. We'd love to hear any comments, questions or problems you're having in the support forum.