solved User api key

alt=
DannyA
@dannya
5 years ago
584 posts
1. is there any way to increase the default length of the keys generated?
2. How can I let a user generate keys associated with his account/quota?
updated by @dannya: 08 Mar 2018 07:04:06PM
brian
@brian
5 years ago
10,007 posts
DannyA:
1. is there any way to increase the default length of the keys generated?

I'm guessing you mean the user session key? If so no - it's an MD5 hash.

Quote:
2. How can I let a user generate keys associated with his account/quota?

I'm not sure what you mean here - do you mean session keys? They will generate a new one each time they log in.

Let me know if that helps.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net
alt=
DannyA
@dannya
5 years ago
584 posts
No, in both cases I referring to the proxima application keys.
/api/app_browser
brian
@brian
5 years ago
10,007 posts
DannyA:
No, in both cases I referring to the proxima application keys.
/api/app_browser

Got it. What's the reason they need to be longer? Right now they are hard coded at 16 characters.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net
alt=
DannyA
@dannya
5 years ago
584 posts
1. Not a big deal, but never seen one shorter than 32 characters. And I want app developers to feel secure.
2. To generate their own keys. The apps will be dependent on their quota. I don't want to have to manually create keys for every user. Was hoping they could generate a key from their account settings.
brian
@brian
5 years ago
10,007 posts
DannyA:
1. Not a big deal, but never seen one shorter than 32 characters. And I want app developers to feel secure.

The API keys used in Proxima can contain 16^57 different values, so they're no chance of collision. The API key is not secret, so it's not a security issue.

Quote:
2. To generate their own keys. The apps will be dependent on their quota. I don't want to have to manually create keys for every user. Was hoping they could generate a key from their account settings.

I think there's some confusion here, or you're using Proxima in a way it was not intended. Your users will not create Proxima API keys - YOU create them for your app, and your users registers session in the app. There is no API interface for creating apps.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net
alt=
DannyA
@dannya
5 years ago
584 posts
Perhaps my wording was incorrect. I was trying to give users the ability to create their own app. I assumed they would need to generate keys for their app.

For example, if I want someone in one of my quotas to be able to update a song title via the api. Only users of a specific quota can update song title.
Their application would need a key to connect to the api. They they would log in via their application, and if their credentials were with a quota that allowed them to update the song title, the could make a put request.
But first they need an application key. And it seems at the moment, I have to create the keys for each user that wants to connect their application to the api. There is no way for them to create their own app key.
brian
@brian
5 years ago
10,007 posts
Proxima is not designed for users to create apps - i.e. it's not an "app platform". It's designed for solo app developers who need a backend and website to sell their apps from - i.e. they create the apps and the users are users IN their apps.

I know that's probably not what you're looking for, so want to be sure you know what Proxima was designed for.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net
alt=
DannyA
@dannya
5 years ago
584 posts
So, can you recommend a solution? I need users from one of my quotas to be able to connect directly through api. Would you suggest:
- Building a simple app key generator that is accessible to the quota
- Finding a different api solution
- Jamroom is not designed to handle multiple users accessing through the api.
brian
@brian
5 years ago
10,007 posts
I'm not 100% sure what you mean in regards to:

Quote:
I need users from one of my quotas to be able to connect directly through api

I just want to be sure what you are looking to do. Your users can connect via Proxima to your site - that's not an issue. You could restrict those connecting to a specific quota if you wanted to as well.

The part I am not understanding is why you need different "apps". Are the users in this quota going to be building their own mobile apps that need to connect with your site in some way?

Quote:
Jamroom is not designed to handle multiple users accessing through the api.

You could have thousands of different users connecting to your site using Proxima - that's not an issue. They would all connect using the same APP key and a unique session key - so that's not an issue.

Let me know if that helps at all.

Thanks!


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net
alt=
DannyA
@dannya
5 years ago
584 posts
I think so. So I only need an app key if it's a mobile app? Although it's possible at some point, it's not the most common scenario. Most will be connecting from other web apps. i.e., to sync their application/database with mine. For example to, users in my music label quota have their own rights management and royalty systems. They need to update records when they distribute something to me, so I need them to write to my song api. Regular fans in my fan quota would not have the ability to write to those records.

Eventually, I would like to let third party developers create apps for certain things. For example, somebody wants to write an Alexa skill and it requires api access. And somebody else asked if they could make an mobile app that just delivered their feed.
brian
@brian
5 years ago
10,007 posts
So what you want to do here is just create a new app key manually for the few customers you want to give access to your site via the Proxima API. This lets you vet who is getting access to your site as well.

Let me know if that helps.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net
alt=
DannyA
@dannya
5 years ago
584 posts
So, just to be clear, I only need an app key if someone is developing a MOBILE app? You don't need it for regular api access?
Correct? I think that's where I was confused.
brian
@brian
5 years ago
10,007 posts
Any access to Proxima requires an API key. So if you have 10 different remote applications (they can be mobile, other servers, etc) then you would need to have 10 different API keys.

There is no "open" API access to Jamroom using Proxima.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net
alt=
DannyA
@dannya
5 years ago
584 posts
Ok, you confused me by using the temr api key now. Is api key the same as the app key?

So another server is considered an app. So back to the original point. If one of the users in my label quota wants to send me data via the api from their servers, I need to manually generate an app key for them; there is no way to let them generate their own app key. In that case, is it possible to create a custom module for them to generate their app key? That is the original question

I don't need to vet them further, because if they are in that quota, they have already been vetted.
brian
@brian
5 years ago
10,007 posts
DannyA:
Ok, you confused me by using the temr api key now. Is api key the same as the app key?

Yes - sorry.

Quote:
So another server is considered an app. So back to the original point. If one of the users in my label quota wants to send me data via the api from their servers, I need to manually generate an app key for them; there is no way to let them generate their own app key. In that case, is it possible to create a custom module for them to generate their app key? That is the original question

Sure - you could do whatever you want - there is no existing functionality in Proxima to handle that for you, so you'd just need to create a new app in the app table and generate the key.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net
alt=
DannyA
@dannya
5 years ago
584 posts
Ok. Perfect thanks. It shouldn't be too hard to add that functionality to the account settings for that quota; especially if we can use the existing function to generate the app keys.

Thanks again.
brian
@brian
5 years ago
10,007 posts
No problem :)


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net

Tags