Facts I think that the question were more about the 1000 requests per day limit and the access to public read-only XML without the use of the Api key (which, I think, is unfortunately impossible). ... [More] Because, in a case of one of us were (Peter and I are...) developing open source or just public use free-software with a key in it, we have to resolve two problems in the app' conception: The 1000 requests limit would be quickly reached, 'cause even if we cache XML to reuse it on common requests (which could cause problems with data synchronization, to keep the XML up-to-date), any click of any user on any website/blog on which our plug-in/widget is present on will count, and until our work is not wide used, (where L < 1000 in L = (averageUsersInWebsitesUsingOurPlugIn * numberOfWebsitesUsingOurPlugIn * averageClicksByAnyOfTheseWebsitesUsers); and as example, seven websites with low traffic on them (<15 users), each of them having an average of between nine and ten clicks per user (which is very low) represent form 945 to 1050 XML access, depending on the "click stats" of average users. The only one (not satisfying, see below) solution I found was to not provide any key with the software, and to ask any user who want to use it to open an ohloh account, and register a dummy project, in order to obtain their own key. And even with it, the 1000 limit's still here, and could, on famous sites, cause problems described above. Any third person could "Steal" our key, because we are sharing the source code, and even by obfuscating the code, the key will still be accessible (via wireshark, as example). Once again, the only one solution is to ask users to open dummy accounts to have their keys. Current solutions Now, considering that any person who want to share any data on their site from ohloh probably have an ohloh account (else, why, and what to share?) it's not a such problem to ask users to set their own key (even if it will create lot of "dummy projects" in ohloh) in our plug-in, but the 1000 requests limit will be still there. And the "steal key" problem too. So, the final solution is, to me, to not ask any key for XML access. Or we'll have to parse your website HTML instead, which is not restricted. Ideal solution Disable the 1000 requests per day limit, maybe under certain conditions, if you are afraid of compulsive||unwanted use of api keys; and to allow a key for personal use in any account (once again, under restrictions, if you're afraid of abuses). [Less]