Now Through Sunday Night. Black Friday Deals & Free Shipping! See the deals.
Home » Developers » Shapeways API » Security upgrades need on API
Search Search  
Show: Today's Messages    Show Polls    Message Navigator
Security upgrades need on API [message #36639] Fri, 14 October 2011 15:21 UTC
avatar mctrivia  is currently offline mctrivia
Messages: 808
Registered: September 2010
Go to my shop
Senior Member
I need a way to access any shop through the API without the shops password but only if shops have given me access.

Ideal method: you have a api page where users can check what api's are allowed to access there account. Then I can log in to any account that has checked it using my username and password. Also each API should be restricted in what they can do. I would tell you what I need access to, you would list this on the API access page in bold so people can chose to give access to that or not.

Less ideal but easier to implement. Provide each shop with a 64byte api password. I can sha1 there password with my api code(not my password) and store this in my database and log on using my username and the combined password. In this way if I get hacked the password is only good until my api code is changed, there is no way to get the users api code and they can invalidate my access by changing theres, or if I am found to be unreliable you can shut my access off by deleting mine.

The current method opens up a lot of security risks. I need to store real passwords which means if someone hacks me they have full access to peoples accounts.


Follow me on twitter http://twitter.com/mctrivia or my blog at http://4ddice.blogspot.com/

 
   
Previous Topic:Model URL after upload
Next Topic:Upload and sell straight away?

Logo

Hello.

We're sorry to inform you that we no longer support this browser and can't confirm that everything will work as expected. For the best Shapeways experience, please use one of the following browsers:

Click anywhere outside this window to continue.