Freecodecamp: A reliable weather API without an API key for our Weather Zipline

I used the same API a couple weeks ago, but just checked and mine is broken today as well.

Do you think it was closed because of the load we may have caused? If so then any open api we find would soon be closed.

If you wanted to create an API endpoint on FCC you could talk to the Dark Sky Forecast people about arranging an education license or something. Campers could use their usernames as an API "key" in order to prevent abuse. https://developer.forecast.io/

That wouldn't work. Weather apps are posted on codepen. Anyone could then see that the keys is someones username and start abusing it. We need an keyless api.

This is the only 'keyless' API I have found googling around.
It seems to be a small personal project, I don't know if it can be usable for FCC.

here is another keyless API, but like has been voiced by @BerkeleyTrue, I'd be concerned that if all FCC students started hitting it we'd end up with them closing access. I think a big issue with this is that by default Codepen autorefreshes after every minor code change. This means that if a student has coded in an API call but is debugging or making other changes to their code they could end up thrashing the API with duplicate requests, which when compounded with the number of FCC students creates a real problem for whoever ends up shouldering that load.

The most considerate option would probably be for someone to make an API endpoint that uses one of the APIs with a key but can act as a cache server so that we don't end up thrashing whichever API is used. If I have time I'd love to do this, but I can't promise I will in a timely manner, so someone else might want to attempt that if it sounds like a decent idea.

Unfortunately that still doesn't solve the problem. Someone could just pull the keys from codepen and abuse the server.

@QuincyLarson My suggestion is moving this to a challenge that requires cloud9/heroku instead of cloud9 or removing the challenge all together.

@BerkeleyTrue If you were to only use the key on an hosted server acting as a caching middle-man and opened that API up to students it would avoid exposing the key since only the one middle-man server would use the key and it would forward requests from students to the keyed API using a key on the server. Don't know how big a server burden hosting something like that would be though, and it may not be worth the trouble just to keep the challenge as-is.

Can we use Yahoo Weather?
Looks like it works for me without API key.

what about some service from FCC where the user could enter their API key,
then the JS code could query that key which would get sent to the server &
then sent back to the browser

This could allow a keyed API to be used by the student without exposing it
in the code.

I am not 100% sure that even makes sense or maybe that's an idea already
described.

I envision a student entering data like this:
FCC/Github username (for verification)
API Endpoint
API Key

then the API get call is to the FCC severr which passes it through to the
end point with key attached?

Any good at all?

Suzanne Atkinson, MD
Clinical Instructor of Emergency Medicne
University of Pittsburgh School of Medicine
Emergency Resource Management, Inc.

Head Coach & Founder
Steel City Endurance Coaching

_Schedule a Swim lesson, Podcast or Coaching consult here:_
http://www.booknow.so/SteelCity

On Wed, Oct 14, 2015 at 12:06 PM, Mistereo [email protected] wrote:

Can we use Yahoo Weather?
Looks like it works for me without API key.

—
Reply to this email directly or view it on GitHub
https://github.com/FreeCodeCamp/FreeCodeCamp/issues/3714#issuecomment-148101259
.

Good suggestion Berkley.

Also if it stays as a codepen challenge, asking campers to turn off the Auto Update Preview on Codepen would lead to a big decrease in the frequency of API calls.

Maybe there is a different type of learning opportunity here as well...how
to develop without hammering servers?

On Thursday, October 15, 2015, alan1001110 [email protected] wrote:

Good suggestion Berkley.

Also if it stays as a codepen challenge, asking campers to turn off the
Auto Update Preview on Codepen would lead to a big decrease in the
frequency of API calls.

—
Reply to this email directly or view it on GitHub
https://github.com/FreeCodeCamp/FreeCodeCamp/issues/3714#issuecomment-148507266
.

Schedule a Swim lesson, Podcast or Coaching consult here:
http://www.booknow.so/SteelCity

@Mistereo If yahoo works that might be the best solution. If anyone can handle large amounts of traffic it might be yahoos api.

@AdventureBear The problem still lies with having a private key accessible on a public page like Codepen.

how do we protect other non keyed APis from also getting hammered, assuming
that's what happened to this one?

On Thursday, October 15, 2015, Berkeley Martinez [email protected]
wrote:

@Mistereo https://github.com/Mistereo If yahoo works that might be the
best solution. If anyone can handle large amounts of traffic it might be
yahoos api.

@AdventureBear https://github.com/AdventureBear The problem still lies
with having a private key accessible on a public page like Codepen.

—
Reply to this email directly or view it on GitHub
https://github.com/FreeCodeCamp/FreeCodeCamp/issues/3714#issuecomment-148511019
.

Schedule a Swim lesson, Podcast or Coaching consult here:
http://www.booknow.so/SteelCity

Yahoo requires a key, but it seems they're not enforcing the use of the key on requests. Just like openmapweather (which also required a key but not enforced using it until a few days ago), Yahoo might make mandatory the use of the key any time. I think that moving to Yahoo might be a temporary solution.

On the other hand, using this app as the first basejump might be a nice bridge between ziplines and basejumps

how do we protect other non keyed APis from also getting hammered

Unfortunately we can't do anything about that.

On the other hand, using this app as the first basejump might be a nice bridge between ziplines and basejumps

Agreed, I think this is the most viable solution.

Won't little obfuscation help? I mean can't the keys be atleast partially protected against bot abuse by replacing part of the original key with dummy characters and then calling a replace function? Eg:

example API key: 'abc123'
codepen:

var apiKey = 'abzy53';
apiKey = apiKey.replace('zy5', 'c12');

?

We could write a function to alter the API, but alter it back through code, so then it is more hidden(i.e. give the user a function to use on their API key, and have them use that new, “encoded” API key. Then they run it through a reversing function before adding it to the code). I don't know if that make any sense to you guys, but I'd be willing to elaborate.

Closing this issue by this line. Feel free to reopen or comment if you've found such an API.

Well, I was using something called the Simple Weather plugin based on Yahoo Weather Api Geo-Location that worked beautifully until recently. Now my Weather App is broken too. In order to fulfill this user story, I would have to get a key to access geolocation in the way I need it again. I learned about Yahoo YQL yesterday. You don't need a key for that, but I have to look into whether or not I can get a continuously updating weather data and not just a forecast. Everything else I have found so far requires either a subscription, or a key. I'm not implementing any key in front end for the world to see. Here is the link I came across: http://www.programmableweb.com/news/how-to-build-yahoo-weather-hello-world-application-javascript/how-to/2016/01/25 And here is the link to Yahoo Weather API YQL itself: https://developer.yahoo.com/weather/

Yahoo Weather is now dead as in Jan. 3, 2019 and replaced with a new one that requires keys which sucks, however, while digging around rainmeter I found this wxdata.weather.com, you get the location code from weather.codes. One downside of this keyless API is that this return XML instead of JSON

wxdata.weather.com is deprecated as of 01/15/2020. :-(

I don't think there is ANY weather api that does NOT have an api key these days. Even the free ones. Eventually they too want to nab you via the key. The choice o f apis without keys is severely limited and not necessarily useful!