The reason why Twitter and Reddit can charge app developers for API access is because app users need to log in using the OAUTH2 protocol [1] . Part of the login process is the client app submitting an API key, its developer had to apply for. This allows the platforms to count all requests made by an app and charge the app developer accordingly.
With OAUTH2, metering is inextricably linked to login, but rthis is is not the core feature of the protocol (more of an appetizer/bait). The big selling point is the ability to outsource account creation/authorization to an external identity provider. Those "Log in with your Google (Facebook, TWITTER,...) account" options, you see everywhere? They are actually OAUTH2 implementations and solve a number of problems, for platform owners,
Linking to an external account removes a lot of friction, but is also a double edged sword and here's the catch (security experts have always been warning about): when users sign up on your platform with an external identity (their Google, Facebook, TWITTER,... account), that service becomes a gatekeeper for that part of your user base. What do you do if that identity provider starts charging you for access to his OAUTH2 API?
You can either pay or a significant portion of your user base gets locked out. The irony here being that, as things currently are, Google and Apple could try to play the same game with Twitter and Reddit that Twitter and Reddit are trying to play with 3rd party app developers.
@raccoon What’s the likelihood Google/Apple starts charging? Google wants the metadata for ads I assume and same for Microsoft with LinkedIn, maybe GitHub
Good question. OAUTH actually crawled out of a Twitter lab. So I wouldn't be surprised, if Musk came up with the idea of charging for API access. If he did, I'm sure, everyone else would pay very close attention if he gets away with it.
@raccoon how would anyone charge for the protocol itself? Or you’re meaning each app would individually require payment for each API that authorizes with OAUTH
When you offer "Login with Google" on your website, you are basically sending your users to https://accounts.google.com with the id of your website. After a successful login, Google sends the user back to your site.
All Google would have to do to milk you is refusing to do logins for the ID, unless you pay for whatever plan they come up with.
@raccoon@mcspadden sure, but I always thought those login methods benefit the gatekeepers as well - there has been a crescendoing of "delete your $XYZ account because it's bad for your privacy/mental health/democracy/etc." Having $XYZ accounts also be your gateway to other platforms means that $XYZ are now more likely to survive the chopping block, because users will be like "but if I delete $XYZ, I will lose my Tinder/Spotify profile".
@raccoon@mcspadden It makes no sense for $XYZ to start charging platforms, because then users will be more likely to just delete said profiles, considering how much ink gets spilled daily on the unhealthiness of the Big 5.
@raccoon@mcspadden That, and also if I've used Reddit for 5 years, $XYZ starting to charge Reddit will just lead Reddit to make a stink about it, and harness user rage to make $XYZ backpedal. If you've been using Tinder/Spotify/Reddit/whatever using an $XYZ account, you're probably attached to those platforms enough that you'll just make a regular account. $XYZ login helps with user acquisition imo, and not with retention.
Add comment