I've set up email address-based accounts for PayPal and Facebook APIs using organizational gmail accounts. Our university is picky about not having email accounts accessible by more than one person ("refdesk@mylibrary" is a mailing list/distribution list that can receive email but cannot send it.), so instead of wrestling with IT's rules, we've set up gmail accounts for things like 'mylibrary@gmail', 'ourfoodcoop@gmail' to handle those APIs. It has worked out pretty well.

Mostly I'm still the only person dealing with the APIs, but the day that changes it seems like the situation ought to work out. 

From: Code for Libraries [[log in to unmask]] on behalf of Jonathan Rochkind [[log in to unmask]]
Sent: Monday, March 04, 2013 11:11 AM
To: [log in to unmask]
Subject: [CODE4LIB] what do you do: API accounts used by library software, that assume an individual is registered

Whether it's Amazon AWS, or Yahoo BOSS, or JournalTOCs, or almost
anything else -- there are a variety of API's that library software
wants to use, which require registering an account to use.

They may or may not be free, sometimes they require a credit card
attached too.

Most of them assume that an individual person is creating an account,
the account will be in that individual's name, with an email address, etc.

This isn't quite right for a business or organization, like the library,
right?  What if that person leaves the organization? But all this
existing software is using API keys attached to 'their' account? Or what
if the person doesn't leave, but responsibilities for monitoring emails
from the vendor (sent to that account) change?  And even worse if
there's an institutional credit card attached to that account.

I am interested in hearing solutions or approaches that people have
ACTUALLY tried to deal with this problem, and how well they have worked.

I am NOT particularly interested in "Well, you could try X or Y"; I can
think of a bunch of things I _could_ try myself, each with their
potential strengths and weaknesses. I am interested in hearing about
what people actually HAVE tried or done, and how well it has worked.

Has anyone found a way to deal with this issue, other than having each
API registered to an account belonging to whatever individual staff
happened to be dealing with it that day?

Thanks for any advice.