What I'm requesting
Access to the public restricted-airspace-crossings feed:
GET /api/public/aircraft/restricted-airspace-crossings
Hey guy! I'm working on a personal non-commercial aviation-OSINT research project and would like to poll this endpoint on the documented sample-after watermark to build a rolling dataset. Low request volume and happy to respect whatever rate limit you specify. I'd treat the results as low-certainty candidates, not enforcement events, per the README.
Docs vs. deployment mismatch
The README says the endpoint is callable without a browser session, but the live deployment currently rejects non-dashboard clients:
The user-agent gets bounced by BrowserGate/1.0 302 to the marketing site, X-Stopthebots: 1.0.
A browser user-agent reaches the API (Server: uvicorn) but returns 401 Unauthorized with X-Phantom-Auth: required, X-Phantom-Frontend-Policy: nonce, X-Phantom-Frontend-Trust: missing. The response also carries X-Ratelimit-Policy: public_airspace_crossings, which suggests it's still meant to be public.
My ask
- Is the public feed still meant to work without a browser session, and if so is there a documented header for non-browser clients (e.g. an API key / bearer token)?
- If it now requires access, could I be granted a key for this endpoint?
Thank you so much for putting this info together and sharing it!
What I'm requesting
Access to the public restricted-airspace-crossings feed:
GET /api/public/aircraft/restricted-airspace-crossingsHey guy! I'm working on a personal non-commercial aviation-OSINT research project and would like to poll this endpoint on the documented
sample-afterwatermark to build a rolling dataset. Low request volume and happy to respect whatever rate limit you specify. I'd treat the results as low-certainty candidates, not enforcement events, per the README.Docs vs. deployment mismatch
The README says the endpoint is callable without a browser session, but the live deployment currently rejects non-dashboard clients:
The user-agent gets bounced by
BrowserGate/1.0302 to the marketing site,X-Stopthebots: 1.0.A browser user-agent reaches the API (
Server: uvicorn) but returns401 UnauthorizedwithX-Phantom-Auth: required,X-Phantom-Frontend-Policy: nonce,X-Phantom-Frontend-Trust: missing. The response also carriesX-Ratelimit-Policy: public_airspace_crossings, which suggests it's still meant to be public.My ask
Thank you so much for putting this info together and sharing it!