HI
I am really trying to understand the use cases of api consumer key for developer application.
We need to verify one use case :
I'm not entirely clear on your question. But I'll explain a little, and maybe this will help.
The uses of an API consumer_key: An API Consumer Key should be considered to be application identification. Not always authentication, because the consumer_key could be compromised, especially if the application runs on a consumer's mobile device. When you hear the term "consumer_key", you should think "application key". A consumer in this case is a consumer of the API, in other words, an application, and a consumer_key identifies the application.
You described a scenario in which Edge is configured to not verify the consumer_key. Since you have eliminated that, there is no way for Edge to associate inbound API requests with a particular application.
> how will the developer keep track of which application is currently in use.
There is no way. The consumer_key (also known as API Key) is designed for this purpose. If you don't use it, you cannot track within Edge, which app is making the calls.
Now, let me say there is a large special case. Not really an exception, but just a special case of using API keys directly: There is the possibility to use OAuth tokens. These are limited-life tokens that are derived from the consumer_key. Think of tokens as an alternative to the direct use of the consumer_key for application identification. Because a token can be obtained only by an app that has possession of a consumer_key, when an app uses a token, it is effectively an indirect use of the consumer_key.
To summarize, if your app is designed to use consumer_key (also referred to as API Keys), then:
If your app is designed to use tokens then:
If your app uses neither consumer_key nor oauth tokens, then Edge cannot track developer and app usage.
User | Count |
---|---|
2 | |
1 | |
1 | |
1 | |
1 |