After building some tool that uses the API, you still face the problem that a user needs to provide his key to use the Application. For administrators and developers this is no problem, they know the ins and outs of the system (or they should know them). To allow regular users to use an API-App that's something different!
If I build an App it is to read or write data to the site. I have no problem with the fact that users can read data using my App… That would be silly because otherwise I should not have made the App.
It is however different with writing to the site, deleting or modifying. I do NOT wish that a user can modify or delete pages by accident. So I understand the caution here!
But I would allow my users to CREATE pages as much as they want. They can always be removed afterwards.
SO if I would make an API-App for users that allows them to create pages… I have no fear. There is no damage that can be done (maybe overload on the server). But in this case all my users need an API-key. Which is impossible. So far there is no problem because my API-App can use my API-key. BUT then I will be the creator of the pages WHICH is not true.
SO I suggest that the page.save_one has an extra value or some way to save the true creator (%%current.memebr%%) of the page (not the API-key-owner!)
I know that this may sound confusing so please feel free to ask questions.
A - S I M P L E - P L A N by ARTiZEN a startingpoint for simple wikidot solutions.