Consolidated API Requests in the thousands yet our site has no active API keys listed, is this a concern?

This is a curiosity question at present.

On our site (SWI-Prolog) in checking Consolidated API Requests noticed

image964×270 5.27 KB

then checked https://swi-prolog.discourse.group/admin/api/keys

image971×252 3.16 KB

The way I currently interpret this is that we have no valid and active API keys so there should be no activity reported in Consolidated API Requests.

The only other idea is that a change in the code occurred and now certain replies by users that are not using an API key is counted in the Consolidated API Requests.

If someone can shed some light on/explain this it would be appreciated.
Thanks.

If I remember correctly that report includes both admin generated API key requests and User API key requests like those from the DiscourseHub app.

edit: yeah, those are User API key requests. It says those are included in the description. Here’s the set from my test instance where I’m the only user and doesn’t have any admin generated keys:

image750×1326 134 KB

Thanks but still lost.

Sounds like the title of a new Netflix series.

Basically, those requests you’re seeing in the report are most likely from users using the DiscourseHub mobile application. Those keys won’t show up in the admin panel.

This topic explains what User API keys are. The official DiscourseHub app is just one implementation of it.

Thanks for responding.

That statement had me look into what is the DiscourseHub mobile application. As near as I can figure it is

My take on what you are saying is that

Users of the DiscourseHub mobile app are getting a user API key. The users do not know they are requesting a user API key because the app does it seamlessly. Also the request for user API will not show up in the report of listed keys.

It’s possible that your idea is correct, but I would feel more confident if I could review the code that implements it. Please excuse my cautious approach, as it’s common in my profession as a programmer to request direct access to the code in order to verify information. Since Discourse is an open source platform, examining the code would provide stronger evidence and help me better understand the situation. (ChatGPT rephrased that paragraph for me, my version sounded slightly harsh and that was not the intent.)

I’m a programmer as well, but I don’t touch the core Dsicourse code so I don’t know the exact files you need to look at on GitHub, but I’m sure someone else can direct to the right places.

The source code for the DiscourseHub application is also open source. That repo is here: