The apis.io unlock gate went live on the evening of 2026-05-23. It does one specific thing: HTML pages stay open to everyone, and machine-readable formats (raw OpenAPI / AsyncAPI / JSON Schema / FinOps YAML, the .well-known discovery files notwithstanding) require an unlock key. To get a key, an operator stars naftiko/ikanos on GitHub and POSTs the verification to /unlock/claim. The whole flow is a Cloudflare Worker, sources in network/cloudflare-worker/, activity logged to Cloudflare Analytics Engine.
Forty-eight hours in, the activity log has answered a question I’ve been carrying around for a year: who actually shows up when you put a doorway in front of an API catalog? This is the first cut at the data.
The Headline Numbers
| Day | gated_denied |
gated_allowed |
claim_success |
|---|---|---|---|
| 2026-05-23 (launch evening) | 131 | 0 | 0 |
| 2026-05-24 | 5,452 | 0 | 0 |
| 2026-05-25 (in progress) | 2,871 | 0 | 0 |
| Lifetime | 8,455 | 0 | 0 |
8,455 attempts to fetch bulk machine data. Zero stars-and-claims. One challenge issued (mine, as a smoke test on launch night), never completed. The conversion from agent that wants the data to agent willing to identify itself is presently zero.
That’s a real signal, not a punchline. It tells me two things at once: the friction is real (the gate isn’t trivially bypassed), and no operator has yet decided the data is worth a GitHub star. Both are interesting.
Who Showed Up
The named crawlers all found apis.io within the first 24 hours. By the end of day two, every major AI ingestion stack is on the doorstep:
| Agent | Day-2 denies | First seen |
|---|---|---|
| Bytespider (ByteDance) | 1,947 → 269 | day 1 |
| SleepBot | 423 → 315 | day 1 |
| PerplexityBot | 213 → 230 | day 1 |
| ClaudeBot (Anthropic) | 167 → 167 | day 2 |
| Bingbot | 180 → 149 | day 1 |
| GPTBot (OpenAI) | 116 → 116 | day 2 |
| Amazonbot | 17 → 113 | day 1 |
| Googlebot | 117 → 74 | day 1 |
| OAI-SearchBot (OpenAI) | 70 → 59 | day 1 |
| Applebot | 13 → 10 | day 1 |
| DotBot (Moz) | 96 → 310 | day 1 |
| SemrushBot | new today | day 2 |
The traditional search engines (Google, Bing, Baidu, Petal, Yandex via Sogou) all probed bulk paths and got 402’d, as expected — they crawl HTML for free, so this is mostly them trying to follow YAML links from the source widgets. The interesting cohort is the named AI crawlers: Anthropic’s ClaudeBot, OpenAI’s GPTBot and OAI-SearchBot, Perplexity, Amazon, and Apple are all crawling daily. Combined AI-bot denies sit at about 700–800 per day. None of them have stopped to claim a key.
Geography
The egress map shifted dramatically between day 1 and day 2:
| Country | Day 1 | Day 2 |
|---|---|---|
| US | 782 | 2,515 |
| Netherlands | — | 633 |
| Vietnam | 95 | 574 |
| Singapore | 2,054 | 405 |
| China | 101 | 98 |
Day 1 was dominated by Singapore (ByteDance egress). Day 2 the US takes over — that’s the named US AI bots scaling up and a wave of less-identified Chrome-UA scanners running from US/NL/VN cloud egress. China stayed flat. The shape of the traffic mix changed in 24 hours; whatever the equilibrium is, this isn’t it yet.
What the Gate Catches Besides Crawlers
The most surprising entry in the day-2 denied-paths table:
| Host | Path | Hits |
|---|---|---|
| apis.io | /firebase-config.json |
7 |
| apis.io | /env.json |
7 |
| apis.io | /google-credentials.json |
6 |
| apis.io | /docker-compose.production.yml |
6 |
| apis.io | /key.json |
6 |
| apis.io | /__/firebase/init.json |
6 |
| apis.io | /.next/build-manifest.json |
6 |
| apis.io | /.gitlab-ci.yml |
5 |
| apis.io | /.circleci/config.yml |
5 |
These are classic secret-scanning probes — automated sweeps looking for leaked Firebase configs, GCP credentials, Docker compose files with embedded secrets, CI config. apis.io doesn’t have any of these files; before the doorway, they’d hit GitHub Pages’ 404 and be invisible to me. Now they get a structured 402 and end up in the activity log. The gate didn’t change my security posture — there were no secrets to find — but it gave me visibility I didn’t have. Worth knowing 506 hits from a single generic-Chrome UA in one day on these paths.
Web Bot Auth Adoption Is Zero
The Worker observes inbound RFC 9421 web-bot-auth signatures on every request and logs the result in bot_auth_state. Day-two breakdown:
bot_auth_state |
events |
|---|---|
none |
4,948 |
claimed-unverified |
0 |
verified-by-edge |
0 |
0% of inbound agent traffic is signed. Anthropic’s, OpenAI’s, Amazon’s bots — none of them sign yet. This isn’t a complaint; web-bot-auth is a draft, and most of these vendors are still figuring out their identity story. But it’s a clean baseline against which to measure when (if) any of them starts.
apis.io’s own /.well-known/http-message-signatures-directory is published-but-empty: we don’t sign outbound traffic ourselves (we don’t make any), but we publish the directory so agents can discover that fact rather than having to guess.
What Zero Unlocks Tells Me
I’d expected at least one operator to come through the front door in 48 hours — a security researcher or an integration developer testing the flow. None did. Three possible reads:
- The friction is too high. A GitHub star is a low bar, but it’s still a bar. An anonymous scraper that doesn’t want to be identified will simply walk away rather than star a repo.
- The audience hasn’t found the door yet. The unlock page has been published for two days. Operators who’d legitimately want the bulk data may not know it exists.
- The bulk data isn’t useful enough to bother. Every HTML page on apis.io is freely indexable. If an LLM operator can extract what they need from rendered HTML, the YAML behind it isn’t worth the friction.
I think the honest answer is all three, weighted differently. The fix for (1) is to keep the bar low — a GitHub star is already low. The fix for (2) is to mention the unlock flow in posts like this one. The fix for (3) is to make sure the bulk data is meaningfully richer than the HTML — which it is, especially for the source spec files and the cross-provider rollups.
What I’m Watching For Next
A few clean signals I’ll be tracking in the activity log over the coming weeks:
- First
claim_success— when does the first agent operator actually go through the flow? Who are they? - First
bot_auth_state: verified-by-edge— when does the first major bot start signing? - Tier-1 traffic — right now 100% of gated traffic is for tier-0 (raw data). The
/insights/*paths require tier 1 (a backlink task on top of the star). Nobody has tried them yet. - Bytespider’s response — will ByteDance’s crawler back off when it sees sustained 402s, or keep retrying indefinitely? Day 2 already shows an 86% drop from day 1, which suggests their orchestrator is adaptive.
The unlock log is at network/cloudflare-worker/QUERIES.md. I’ll keep publishing snapshots as the picture sharpens. The point of putting a doorway on a public catalog isn’t to keep agents out — it’s to see them, and to give the ones that are willing to identify themselves a richer deal than the anonymous ones get. Two days in, the seeing part is working. The richer-deal part is waiting for its first taker.