improve the developers API
Use appropriate http verbs: GET for queries, POST for changes. Remember that GET requests can be cached by proxies.
Remove the username from auth. The api key is sufficient to uniquely identify the user (just make sure it will never repeat, but probably you already did that)
And why? Because I'm not very fond of leaving my e-mail address in scripts i wrote for maintenance... Think about it. Just the (large and anonymous) key it is sufficient.
Current version of API is in wide use so it’s not possible to modify it. Right now we are not planning any API changes beside adding new methods (probably together with next major release).
-
F.D.Castel commented
Talking with a friend, he gave yet a better idea. To use one key for each host! This way, he could be sure that the script which update one host cannot interfere with another one.
P.S.: I understand you don't wish to touch the API now, but when you do please consider these scenarios. Also, you always can make a "version 2" of API in anoter url. That's the beauty of REST ;)