Strava locks – Strava is restricting access to parts of its website behind authentication, adding an $11.99 monthly fee for developer access, and planning to retire certain API endpoints. The changes come with a 90-day grace period and a push toward standards like Model Cont
For many fitness app builders, Strava has long felt like a playground with rules—until now. Strava says it is tightening security around its website, limiting what can be viewed to authenticated users only. The shift means details that used to be visible without logging in—like public profiles and fitness club listings—are being moved behind authentication to curb unauthorized AI scraping.
The company is also changing how developers get in. Strava had previously let developers apply for access through a free. tiered program—starting with basic access and requesting more as their apps grew. Now. it is adding a flat fee of $11.99 per month for all developers. with Strava noting the price may vary by geography.
Strava frames the push as a defense of the way the internet is supposed to work when automated systems start to treat websites like unlimited fuel. In an interview, Strava’s CEO Michael Martin said unchecked AI scraping could be “the death knell of the public internet.”
Martin argued that AI companies are “ruthlessly scraping public websites,” using the data for training needs. He said the result has been degraded site performance—“in some cases, impaired”—over recent months. He also said AI companies are attempting to use Strava’s API to access data while ignoring API terms.
The company says it plans to keep supporting its developer community as it makes these moves. Strava reported that its developer community has grown from 185,000 members last year to 241,000 this year. It is using that momentum to justify the transition rather than walk it back.
To keep tighter control over what gets shared, Strava also plans to add support for Model Context Protocol (MCP), an emerging standard designed to let AI assistants and apps access external data in a structured way. The stated goal is giving Strava more control over exactly what gets shared and how.
But along with fees and authentication, Strava is also preparing to retire certain API endpoints. These discrete access points let outside apps pull specific data—such as club details. Strava had already tightened API rules in 2024. banning the use of its API for AI training and limiting third-party apps from displaying other users’ data. Those earlier changes triggered backlash from developers who said their apps would be severely affected.
This time, Strava is giving developers a 90-day grace period before the endpoint retirements and related changes take effect. Even with that buffer, the combination of sunsetting endpoints and adding a subscription cost could still disrupt apps built on specific functionality.
Martin also said Strava has refused overtures from leading AI labs seeking data licensing deals. He specifically singled out Perplexity. saying the AI search startup routed its scraping through aggregator services to obscure its origin despite being turned away. That concern matches earlier accusations Perplexity has faced about similar behavior elsewhere.
There is another pressure point in Strava’s argument: server load. Martin said Strava sees overload driven by poorly built “vibe-coded” apps. where API calls are inefficiently structured and generate a disproportionate load on Strava’s systems. He drew a comparison to a rationale used by Meta when Meta banned third-party chatbots from WhatsApp last year. citing similar overhead concerns.
The timing may matter to more than just day-to-day developers. Strava confidentially filed for an IPO earlier this year. and the company’s shift toward data discipline could be read as a signal to prospective investors that its platform is tightening access and reducing exposure. Martin also addressed the comparison to Reddit’s 2024 crackdown on API access. saying Strava’s approach differs: unlike Reddit. which priced API access by the number of calls—making it unaffordable for many app developers—Strava is betting that a flat fee will keep the developer ecosystem intact.
Martin said Strava wants “the users to feel that they own their data and feel comfortable with how we are controlling and securing it.” He also said Strava wants developers to keep growing: “We want the developers to continue to flourish and grow.”
Strava AI scraping developer API fee authentication Model Context Protocol MCP Perplexity IPO cybersecurity data access
So now you gotta pay to see stuff on Strava? That’s trash.
Sounds like they’re scared of AI but also trying to cash in. $11.99 for developers feels random, like why not just tighten the API instead.
Wait, I thought the whole point was public profiles. If they’re locking clubs and profiles behind login then does that mean my workouts aren’t “public” anymore? also $11.99 per month for devs… so regular people are gonna get charged next??
This is like when websites add captchas and act surprised bots exist. They say it’s AI scraping, but half the time it’s just regular scrapers too. Retire certain API endpoints?? good luck with that, someone will mirror the data anyway. Also “death knell of the public internet” is kinda dramatic lol.