Tech

Photo by Reto Furrer on Unsplash

Mushrooms

Know your limits when working with third-party APIs.

2023-06-09T13:52-07:00

View this project.

I like my data as raw as sushi. Show me some JSON and I'll start piecing together all the ways I can parse and display it for any user. It's because I have the mind of a web developer, and I've accepted that. We're an odd, creative, stubborn bunch with a hint of a god complex. Our digital creations are our babies and we don't want anyone playing with them in ways we don't expect. That's why developers need to play nice in the sandbox – they need to respect each other's rules.

Last year I discovered Mushroom Observer's API and fell in love. This data endpoint contains photos, dates and coordinates of different fungi found around the world. It's a valuable tool for amateur mycologists like me who want to get an idea of the mushrooms growing in their area, but this tool was from a third party and had rules I didn't fully understand.

I set up Google Map's API and started writing a function that took coordinates from the embedded map along with a radius in miles and then fetched data using Mushroom Observer's endpoint. The function returned data about a random mushroom within the user's specified boundaries.

Soon I was testing coordinates all over the globe, amazed to see beautiful high-resolution images of local species anywhere I clicked on the map. The excitement of browsing these world-wide woods gave me an idea to pull as many images of the randomly selected mushrooms as possible, even from different Mushroom Observer posts. I pushed each image gallery to be bigger and bigger, but I also pushed my luck.

My greed for more images led me to make too many API calls within too short a timeframe. Instead of picture links and fungi data, the API now returned a message warning me that I was abusing the service. A brief panic arose. Here I was deep into testing my new site, and the souce of all my data locked me out.

Up until that point I wasn't a fan of hiding my IP address. I never had anything to hide online, and I was usually too busy on international trips to stream my American TV shows using a VPN. Now I actually needed one. Thankfully I found free VPN apps for mobile and desktop that allowed me to hide my blacklisted IP address on both devices. I could keep testing the website I had already invested so much time into, but it wasn't the most honest solution. As a fellow API developer I can feel Mushroom Observer's frustration at me dodging their blacklist, yet I also think that a permanent ban is a major deterrent for curious developers who innovate with this amazing service.

At the end of the day it's the endpoint developers' right to protect their data and servers from abusive and repetitive calls. Mushroom Observer's warning message even directed me to contact their team and explain the purpose of my app. Only then will my home IP be removed from their blacklist. This is more than fair, and I plan to contact them ASAP to streamline development of this feature on my mushrooms website.

To effectively use existing tools to build any project, it's necessary to understand the limitations of those tools. There are plenty of things they can do, plenty of things they can't, and things they can do but simply shouldn't. Building on the web is no different. Be sure to research all related technologies before you dive into your next project so that you fully understand how far you can push it.