API creation to register a device for an existing account >> security mechanism #53
Comments
|
Check the code … the api is there …
AC/.
Sent from my iPad
… On 7 Oct 2021, at 14:47, Laurent CHIVOT ***@***.***> wrote:
We (a group of developpers) are on our way to propose an API to add device for an existing account.
We propose a two ways authentication to access this API
First request : authenticate via user credentials to get a token with a limited valid time
second request : API access with the above token.
we would like to get your feedback on this mechanism before going into dev.
Then we would like also to implement sort of quota on API use to prevent misuse of the API.
Would you prefer :
number/time limitation of request to the API
any other method that you think should be more appropriate
looking forward to hear from you
Laurent
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
|
|
Sorry … still on my account …
https://github.com/acasadoalonso/ogn-ddb
It uses plain use id/password
Take a look
AC/.
Sent from my iPad
… On 7 Oct 2021, at 14:47, Laurent CHIVOT ***@***.***> wrote:
We (a group of developpers) are on our way to propose an API to add device for an existing account.
We propose a two ways authentication to access this API
First request : authenticate via user credentials to get a token with a limited valid time
second request : API access with the above token.
we would like to get your feedback on this mechanism before going into dev.
Then we would like also to implement sort of quota on API use to prevent misuse of the API.
Would you prefer :
number/time limitation of request to the API
any other method that you think should be more appropriate
looking forward to hear from you
Laurent
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
|
|
When providing API we need some limits to prevent user to do bad things (like booking all available IDs, flooding server with requests, ...) |
Hi Angel, thanks for replying, i will take a look at your repo. The question then is, how could we help implementing your work to benefit from this API ? regards Laurent |
|
Once that we move my development of the OGN DDB V2 to the GLIDERNET repo we
can try to implement the feature that you refer to.
In the meantime you can see how to do it on the API code that is on my repo
...
AC/.
On Thu, Oct 7, 2021 at 3:34 PM Laurent CHIVOT ***@***.***>
wrote:
… Sorry … still on my account … https://github.com/acasadoalonso/ogn-ddb It
uses plain use id/password Take a look AC/. Sent from my iPad
… <#m_3963520599732441020_>
On 7 Oct 2021, at 14:47, Laurent CHIVOT *@*.***> wrote: We (a group of
developpers) are on our way to propose an API to add device for an existing
account. We propose a two ways authentication to access this API First
request : authenticate via user credentials to get a token with a limited
valid time second request : API access with the above token. we would like
to get your feedback on this mechanism before going into dev. Then we would
like also to implement sort of quota on API use to prevent misuse of the
API. Would you prefer : number/time limitation of request to the API any
other method that you think should be more appropriate looking forward to
hear from you Laurent — You are receiving this because you are subscribed
to this thread. Reply to this email directly, view it on GitHub, or
unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or
Android.
Hi Angel, thanks for replying, i will take a look at your repo.
The question then is, how could we help implementing your work to benefit
from this API ?
regards
Laurent
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#53 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB6DYZ4ZDBM63UEZSDJHZQTUFWOW7ANCNFSM5FRGQQEQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
--
Angel Casado
|
|
What is the time frame for this migration to ddb v2 ?
Could we try in the meantime to start implementing this "simple API" ?
Regards
Laurent
Le 7 oct. 2021 17:51, Angel Casado ***@***.***> a écrit :
Once that we move my development of the OGN DDB V2 to the GLIDERNET repo we
can try to implement the feature that you refer to.
In the meantime you can see how to do it on the API code that is on my repo
...
AC/.
On Thu, Oct 7, 2021 at 3:34 PM Laurent CHIVOT ***@***.***>
wrote:
… Sorry … still on my account … https://github.com/acasadoalonso/ogn-ddb It
uses plain use id/password Take a look AC/. Sent from my iPad
… <#m_3963520599732441020_>
On 7 Oct 2021, at 14:47, Laurent CHIVOT *@*.***> wrote: We (a group of
developpers) are on our way to propose an API to add device for an existing
account. We propose a two ways authentication to access this API First
request : authenticate via user credentials to get a token with a limited
valid time second request : API access with the above token. we would like
to get your feedback on this mechanism before going into dev. Then we would
like also to implement sort of quota on API use to prevent misuse of the
API. Would you prefer : number/time limitation of request to the API any
other method that you think should be more appropriate looking forward to
hear from you Laurent — You are receiving this because you are subscribed
to this thread. Reply to this email directly, view it on GitHub, or
unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or
Android.
Hi Angel, thanks for replying, i will take a look at your repo.
The question then is, how could we help implementing your work to benefit
from this API ?
regards
Laurent
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#53 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB6DYZ4ZDBM63UEZSDJHZQTUFWOW7ANCNFSM5FRGQQEQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
--
Angel Casado
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#53 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABO4CKJRNPIGFTFQJUVJFJLUFW6WBANCNFSM5FRGQQEQ>.
Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
|
|
As you can check, the version V2.0 only requires some adjustments of the
names, some good testing and translation to the non-english versions.
It could be available in a matter of weeks ...
The API is quite simple as it is !!! Your suggestion is to make the
credential process stronger ... as it is, uses the current email-ID and
password to update the OGN DDB in a model similar to the one with a web
browser.
On Thu, Oct 7, 2021 at 5:55 PM Laurent CHIVOT ***@***.***>
wrote:
… What is the time frame for this migration to ddb v2 ?
Could we try in the meantime to start implementing this "simple API" ?
Regards
Laurent
Le 7 oct. 2021 17:51, Angel Casado ***@***.***> a écrit :
Once that we move my development of the OGN DDB V2 to the GLIDERNET repo
we
can try to implement the feature that you refer to.
In the meantime you can see how to do it on the API code that is on my
repo
...
AC/.
On Thu, Oct 7, 2021 at 3:34 PM Laurent CHIVOT ***@***.***>
wrote:
> Sorry … still on my account … https://github.com/acasadoalonso/ogn-ddb
It
> uses plain use id/password Take a look AC/. Sent from my iPad
> … <#m_3963520599732441020_>
> On 7 Oct 2021, at 14:47, Laurent CHIVOT *@*.***> wrote: We (a group of
> developpers) are on our way to propose an API to add device for an
existing
> account. We propose a two ways authentication to access this API First
> request : authenticate via user credentials to get a token with a
limited
> valid time second request : API access with the above token. we would
like
> to get your feedback on this mechanism before going into dev. Then we
would
> like also to implement sort of quota on API use to prevent misuse of the
> API. Would you prefer : number/time limitation of request to the API any
> other method that you think should be more appropriate looking forward
to
> hear from you Laurent — You are receiving this because you are
subscribed
> to this thread. Reply to this email directly, view it on GitHub, or
> unsubscribe. Triage notifications on the go with GitHub Mobile for iOS
or
> Android.
>
> Hi Angel, thanks for replying, i will take a look at your repo.
>
> The question then is, how could we help implementing your work to
benefit
> from this API ?
>
> regards
>
> Laurent
>
> —
> You are receiving this because you commented.
> Reply to this email directly, view it on GitHub
> <#53 (comment)>,
> or unsubscribe
> <
https://github.com/notifications/unsubscribe-auth/AB6DYZ4ZDBM63UEZSDJHZQTUFWOW7ANCNFSM5FRGQQEQ>
> .
> Triage notifications on the go with GitHub Mobile for iOS
> <
https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
> or Android
> <
https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
>
>
--
Angel Casado
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<
#53 (comment)>,
or unsubscribe<
https://github.com/notifications/unsubscribe-auth/ABO4CKJRNPIGFTFQJUVJFJLUFW6WBANCNFSM5FRGQQEQ>.
Triage notifications on the go with GitHub Mobile for iOS<
https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android<
https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez
recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou
falsifie. Merci.
This message and its attachments may contain confidential or privileged
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and
delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been
modified, changed or falsified.
Thank you.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#53 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB6DYZ2RAXKTEOQBPE3K6MDUFW7FNANCNFSM5FRGQQEQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
--
Angel Casado
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We (a group of developpers) are on our way to propose an API to add device for an existing account.
We propose a two ways authentication to access this API
First request : authenticate via user credentials to get a token with a limited valid time
second request : API access with the above token.
we would like to get your feedback on this mechanism before going into dev.
Then we would like also to implement sort of quota on API use to prevent misuse of the API.
Would you prefer :
looking forward to hear from you
Laurent
The text was updated successfully, but these errors were encountered: