Repository: public-apis/public-apis
What public-apis actually is
public-apis is a community-curated directory of free and public APIs, maintained by contributors together with staff at APILayer. It is not a library, SDK, or gateway: there is no package to import and nothing to run in production. The repository is essentially one very large, structured README that catalogs APIs across roughly fifty categories, from Animals and Anime to Finance, Machine Learning, Security, and Weather. Each entry is a row in a table with five columns: the API, a short description, the authentication model (apiKey, OAuth, or none), whether it serves over HTTPS, and whether it sets permissive CORS headers. That last detail is the part most engineers undervalue.
Why engineers keep coming back to it
The star count, now past 438,000, is less interesting than the metadata discipline. When you are prototyping and need a currency-exchange or geocoding endpoint, the Auth/HTTPS/CORS columns let you filter candidates before you ever open a browser tab. "No auth, HTTPS yes, CORS yes" tells you that you can call the endpoint directly from a front-end spike without standing up a proxy or registering for a key. For throwaway demos, hackathons, internal tools, and teaching material, that triage saves real time. The category index doubles as a map of what kinds of public data are actually available, which helps when you are scoping whether an idea is even feasible.
How it is maintained
Curation is manual and community-driven: changes arrive as pull requests against the README, governed by a contributing guide, with issues and PRs as the moderation surface. The project's primary language is Python, reflecting validation tooling that checks entries rather than any runtime you would consume. There is also a separate companion project that exposes the list itself as an API. The model is simple and has clearly scaled, but "manually curated" is both the strength and the weakness.
Limitations worth stating plainly
A directory of third-party links ages. Endpoints disappear, move, or change their auth model, and a curated list can only lag reality. Nothing here carries an SLA, a rate-limit guarantee, or a security review; inclusion is not an endorsement of uptime or data quality. The top of the README leads with APILayer's own commercial products (IPstack, Marketstack, Weatherstack, and others) ahead of the community list, which is reasonable given the sponsorship but worth recognizing for what it is. And because the metadata is hand-entered, the CORS or HTTPS flag on any given row is a hint, not a contract.
The takeaway
Treat public-apis as a high-quality starting index, not a source of truth. It is strong for discovery and early triage, and the structured Auth/HTTPS/CORS columns make it more useful than a plain link dump. For anything past a prototype, click through, read the provider's own docs, confirm the auth model and rate limits yourself, and assume any entry could be stale. Used that way, it remains one of the more practical reference repositories on GitHub.
Top comments (0)