Thread:Talk:Requests for comment/API Future/"agent" parameter/reply (2)

The problem is that most cases of abuse that I can think of would be detected by looking at the webserver access logs, rather than logging every successful API request. And these access logs typically record the URI accessed (including the query string) and User-Agent header, but not the request body or any other headers.

A reasonable approximation for detecting browser-like User-Agent headers is to look for "Mozilla/". For hysterical reasons, every major browser since something like IE2 includes that string in the User-Agent.