Stack Exchange API V2.0: No Write AccessPosted: 2012/02/01
Version 2.0 of the Stack Exchange API (still in beta, with an app contest) introduced authentication, but unlike most other APIs did not introduced write access at the same time. Write access is one of the most common feature requests we get for the API, so I feel it’s important to explain that this was very much a conscious decision, not one driven solely by the scarcity of development resources.
The “secret sauce” of the Stack Exchange network is the quality of the content found on the sites. When compared to competing platforms you’re much more likely to find quality existing answers to your questions, to find interesting and coherent questions to answer, and to quickly get good answers to new questions you post. Every change we make or feature we add is considered in terms of either preserving or improving quality, and the Stack Exchange API has been no different. When viewed under with lens of quality, a few observations can be made about the API.
Screw up authentication, and you screw up write access
Write access presupposes authentication, and any flaw in authentication is going to negatively impact the use of write access accordingly. Authentication, being a new 2.0 feature, is essentially untested, unverified, and above all untrusted in the current Stack Exchange API. By pushing authentication out in its own release we’re starting to build some confidence in our implementation, allowing us to be less nervous about write access in the future.
Screw up write access, and you screw up quality
The worst possible outcome of adding write access to the Stack Exchange API is a flood of terrible questions and answers on our sites. As such the design of our API will need to actively discourage such an outcome, we can’t get away with a simple “POST /questions/create”. However, a number of other APIs can get away with very simple write methods and it’s important to understand how they differ from the Stack Exchange model and as such need not be as concerned (beyond not having nearly our quality in the first place).
The biggest observation is that every Stack Exchange site is, in a sense, a single “well” in danger of being poisoned. Every Stack Exchange site user sees the same Newest Questions page, the same User page, and (with the exception of Stack Overflow) the same Home page. Compare with social APIs (ie. Facebook and Twitter, where everything is sharded around the user), or service APIs (like Twilio, which doesn’t really have common content to show users); there are lots of “wells”, none of which are crucial to protect.
Write access requires more than just writing
It’s easy to forget just how much a Stack Exchange site does to encourage proper question asking behavior in users.
A write API for Stack Exchange will need to make all of this guidance available for developers to integrate into their applications, as well as find ways to incentivize that integration. We also have several automated quality checks against new posts, and a plethora of other rejection causes; all of which need to be conscientiously reported by the API (without creation oracles for bypassing those checks).
Ultimately the combination of: wanting authentication to be independently battle tested, the need to really focus on getting write access correct, and the scarcity of development resources caused by other work also slated for V2.0 caused write access to be deferred to a subsequent release.