email from Soundcloud... anything to worry about?

Strumelia
Strumelia
@strumelia
5 months ago
3,589 posts
Hi, I got the below email from Soundcloud (I only use SC for my JR sites).
Is this anything I need to do something about?:
===========
"Dear partner / API user,
If you are not calling `api.soundcloud.com` you can stop reading right here. Otherwise, there are a number of updates that might require actions from your side.

At the beginning of July, we announced security updates to our API, mainly how we deal with auth. Please read a blog post to know more about the changes.
We understand that it’s a lot and might require some time on your side to update the systems. We would appreciate it if you could start working on it ASAP, as some of the changes are live already.

Deprecation of `client_id` and the requirement to provide an `Authorization` header for each request is the biggest update. We are planning to start slowly rolling it out in September. Meaning that some percentage of requests will start failing if the header is not present.
If you have no capacity to update your systems in the following 1-2 months please let us know. We will try to find a solution. We definitely do not want to create a bad experience for users.

For any further questions please do not hesitate to contact us. You can comment on this thread, or create a new ticket.
Best,
Soundcloud Team"
=============


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015

updated by @strumelia: 03 Jan 2022 02:59:49PM
michael
@michael
5 months ago
7,458 posts
Thanks for the heads up. Yes the soundcloud module does use api.soundcloud.com and it does use 'client_id'. This is something we'll need to get the module updated to take care of. I'll open a tracker.
Strumelia
Strumelia
@strumelia
5 months ago
3,589 posts
Michael, thank you so much for putting in this effort! SC is quite popular on our site.


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015
Strumelia
Strumelia
@strumelia
5 months ago
3,589 posts
The latest email from Soundcloud today, I guess it has something to do with this:
===========
"In our continual efforts to uphold the highest security standards possible to protect our customers, starting November 1, 2021, we will no longer return a value for the `smtp_password` parameter in GET /domains and /domains/ API calls.

Why we’re doing this
As a security best practice, we are moving towards hashing SMTP passwords, just as we do with all other passwords on our platform. Due to this new standard, we will be unable to show the passwords in plain text once they are hashed and stored in our secure database.

How this impacts you
After this change, you will no longer be able to view the SMTP password in plain text and must store the password on your end – ideally using a secure password manager. Depending on your configuration, any applications reliant on the `smtp_password` parameter could throw errors.

What you need to do
After securely storing your SMTP password, you will need to update any reliant systems. Applications that are expecting the plain text password in the API response will need to be updated to no longer rely on the password in order to function correctly. We’ve created an FAQ to help you make the change."


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015
michael
@michael
5 months ago
7,458 posts
Bad news on this one, its too complicated. The SoundCloud module was removed from the marketplace a while back because they were not giving out any more client keys.

Now they're changing it to a much more complicated authorization system and if we jump through all the hoops to get it working again its only going to work for those that currently have access. ( Those that have client keys. )
Strumelia
Strumelia
@strumelia
5 months ago
3,589 posts
Thank you Michael for this response and for looking into it!

So what's the bottom line then?
1) Are you saying my site members will no longer be able to add new SC videos anymore starting now?
2) Will the SC videos i currently have on my site (377 of them, and they are quite popular and still function) likely continue to play/function unless SC changes something else in the future?
3) Will anyone be keeping an eye out occasionally to see if SC makes things easier in the future- i.e. will be able to once again add SC vids and thus consider bringing back the JR SC module?
4) What are folk musicians now using as a substitute for SC and is that a possibility in the future?

--- I hate the idea of having to go back to my members all uploading their MP3s onto my server for me to store for them. Accumulates server space and so many of my members can't figure out how to upload proper sound files.


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015
michael
@michael
5 months ago
7,458 posts
The state of things is, as I understand it:
* Soundcloud doesn't give out new keys, so any coding done would only be for the limited amount of people who currently have keys.
* Soundcloud has taken their very simple integration system and changed it to one that is overly complex and paranoid so the thought of creating the code and keeping it working is not something that's exciting to work on and maintain. (the system is OAuth)

Its my understanding that SoundCloud is loosing a lot of money, so its not too surprising they're cutting back in places. Maybe they'll start charging for connections to the API, not sure thats just speculation.

So I guess the state its at is 'uncertainty' with their side of things. What would be needed is someone wanting to work on building the system to keep the integration running, combined with them making keys available to everyone again.

Youtube API is still working, folk music doesn't use that?
Strumelia
Strumelia
@strumelia
4 months ago
3,589 posts
Thanks Michael.
I'm guessing my members will simply revert to how things were on Ning- which was that they simply uploaded their sound clips to my site as MP3 or other sound files. Unfortunately over time that will eventually take up more of my server space than simply referencing SC clips.
It's not a 'lot' but it was real nice to have the SC integration for the audio side, much like having the YT and Vimeo integration for the video side. (Long ago when i moved from Ning to JR I was thrilled to be able to disable the 'upload video' option!) Having media clips not uploading directly to my server year after year is a huge advantage.

My members are mostly older and most of them lack the wherewithal to add their audio files to youtube, and then put images to their resulting 'video'... even a static image. Especially if they are still currently adding their audio clips to their SC accounts. So when they go to 'add audio' on my site they will see only the upload option... and that's exactly what they'll do- point the JR page to the audio clip on their computer.... it would not even occur to them to instead create a new YT 'video' out of their audio clip, and it'd be too much fussing to do anyway for them.

I realize this is not the problem of you JR developers to 'solve'... since these problems are being created by SC, on purpose.
All I ask is that maybe you can keep an ear out for if SC changes its policy -if it becomes feasable for JR to utilize your great SC module again in the future.
I'm obviously hoping that the 377 soundcloud clips currently on my site continue to play when clicked on, and i realize that depends on future SC changes. Some of these clips have been very popular ...referred to, discussed, and played regularly on my site over the past 6 years.

Meanwhile, I guess i need to remove my members' ability to see the SC option when adding an audio file. BUT!- i need to keep the currently existing SC clips up and running on my site. I assume that means I do NOT want to simply deactivate the whole SC module, right? I looked around but can't quite remember where to go to just only remove the sc option from view when adding a clip. Can you remind me where that would be please?
Thank you so much for your help about all this.


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015
Strumelia
Strumelia
@strumelia
4 months ago
3,589 posts
i need to remove my members' ability to see the SC option when adding an audio file. BUT!- i need to keep the currently existing SC clips up and running on my site.
I can go to my soundcloud module and go to quota config and then uncheck the "allowed on profile" box, ...BUT!- I don't want to accidentally remove all those members' already uploaded and functioning SC clips. If i uncheck that box and 'save'- will it simply remove member's ability to see a SC option when adding an audio clip?
I don't want to delete or remove all the existing SC clips from my site!- I just want to stop members from trying (and failing) to upload new SC clips.
Is that little checkbox the way to do this correctly?


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015
michael
@michael
4 months ago
7,458 posts
Not forgotten about, I'll have a play around when I can find some free time.

As for getting rid of the button, here's some pics:
one.jpg
one.jpg  •  1.9MB

two.jpg
two.jpg  •  479KB

three.jpg
three.jpg  •  662KB

Strumelia
Strumelia
@strumelia
4 months ago
3,589 posts
Thanks Michael! I'll go remove the Add/+ soundcloud clip button from my members' view now. Good to know it won't delete all my sc videos from my site! :)


--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015
Strumelia
Strumelia
@strumelia
4 months ago
3,589 posts
Michael- following your screenshots, it did remove the "+" button, but i still get the soundcloud option showing up (in the combined audio page options, i think)- see these 3 screenshots:
3.jpg
3.jpg  •  657KB

2.jpg
2.jpg  •  727KB

1.jpg
1.jpg  •  857KB




--
...just another satisfied Jamroom customer.
Migrated from Ning to Jamroom June 2015