https://bradleycarey.com/tags/api/ Recent content in API on bradleycarey.com Hugo en Sun, 07 Jun 2026 18:12:38 -0400 https://bradleycarey.com/posts/browser-session-is-programmatic-access/ Fri, 05 Jun 2026 12:00:00 -0400 https://bradleycarey.com/posts/browser-session-is-programmatic-access/ <p>A service account is the right way to automate a production system.</p> <p>But refusing to issue one does not mean users cannot automate the system. It usually means they will automate it with their own browser session instead, which is worse in almost every way except paperwork.</p> <p>That is the uncomfortable part. If a user can do something in the web app, and the web app talks to backend APIs, then the user already has some form of programmatic access.</p>