Page 40 of 82 FirstFirst ... 30 38 39 40 41 42 50 ... LastLast
Results 391 to 400 of 814

Thread: Dota 2 Match History WebAPI

  1. #391
    Basic Member Ruirize's Avatar
    Join Date
    May 2012
    Location
    Surrey, England
    Posts
    32
    Perhaps they're implementing OAuth... I'm curious as to how DotABuff is still managing to keep up to date data even though the API isn't working.

  2. #392
    Basic Member
    Join Date
    Nov 2011
    Posts
    149
    Quote Originally Posted by Ruirize View Post
    Perhaps they're implementing OAuth... I'm curious as to how DotABuff is still managing to keep up to date data even though the API isn't working.
    Same way stats.dota2.be existed before the api was announced, whatever that was.

  3. #393
    They are pretending to be a client and spoofing the request packets. Whether or not this is circumventing the API is up for Valve to decide. I can't blame them for doing it though.

  4. #394
    Basic Member d07.RiV's Avatar
    Join Date
    Sep 2012
    Location
    The Clock Tower
    Posts
    1,160
    There's nothing stopping you from doing that. I'm assuming by "non-web-based" you mean a desktop application and not something that runs in a browser. Any app that uses this api would obviously need to be connected to the internet, but nothing forces it to be running in a web browser. The domain name section you fill in when requesting a key isn't used to restrict that key's access to a particular domain. It's just for Valve's own purposes, presumably so they can have an idea of what/how many sites are using the service.

    Edit: If you're worried about including your key in an application (certainly a valid concern!), then you could set up a server for your application and have your application access your server, which then accesses the webAPI using your key. That way you wouldn't have to worry about someone "stealing" your key from your application.
    Okay so its completely fine to give users the key generation link, tell them to enter a bogus domain and enter the key in the tool settings? That's good news, then!
    I don't have to supply any headers, then, just an InternetOpen/InternetOpenUrl will do?

  5. #395
    Basic Member
    Join Date
    Sep 2012
    Posts
    11
    Quote Originally Posted by d07.RiV View Post
    Okay so its completely fine to give users the key generation link, tell them to enter a bogus domain and enter the key in the tool settings? That's good news, then!
    I don't have to supply any headers, then, just an InternetOpen/InternetOpenUrl will do?
    Yep, that should work fine.

  6. #396
    Quote Originally Posted by d07.RiV View Post
    Okay so its completely fine to give users the key generation link, tell them to enter a bogus domain and enter the key in the tool settings? That's good news, then!
    I don't have to supply any headers, then, just an InternetOpen/InternetOpenUrl will do?
    Making every user generate their own API key will remove Valve's ability to monitor the consumption of their API by your application, which is a major reason for an API key.

    Any non-web application will have some sort of library or method to make an HTTP request, even if it is not a "web application". Use that and generate one API key for your application.

  7. #397
    Basic Member Ruirize's Avatar
    Join Date
    May 2012
    Location
    Surrey, England
    Posts
    32
    Quote Originally Posted by MochaFlux View Post
    Yep, that should work fine.
    Yeah, that's great and all, but you're abusing the privilege. You can't expect Valve to continue to allow unlimited API requests if people are creating 'fake' domains to use your application.

  8. #398
    Basic Member
    Join Date
    Dec 2011
    Posts
    83
    Quote Originally Posted by walkingcarpet View Post
    Making every user generate their own API key will remove Valve's ability to monitor the consumption of their API by your application, which is a major reason for an API key.

    Any non-web application will have some sort of library or method to make an HTTP request, even if it is not a "web application". Use that and generate one API key for your application.
    Yea.. and if one user abuses it, no one can use it anymore because it gets blocked.. also users could exctract the API key and use it in anyway they want. Also Valve would see large amount of use of that one API key from different IP addresses and would probably block it also. Every user should get it's own API key. If they choose to use it in a certain application, its their responsibility.

    maybe Zoid could comment on the issue.
    Last edited by Arie; 09-14-2012 at 01:08 AM.

  9. #399
    Basic Member
    Join Date
    Dec 2011
    Posts
    83
    Quote Originally Posted by Ruirize View Post
    Yeah, that's great and all, but you're abusing the privilege. You can't expect Valve to continue to allow unlimited API requests if people are creating 'fake' domains to use your application.
    Nope, http://dev.dota2.com/showthread.php?...ain#post290935

  10. #400
    Quote Originally Posted by Arie View Post
    Yea.. and if one user abuses it, no one can use it anymore because it gets blocked.. also users could exctract the API key and use it in anyway they want. Also Valve would see large amount of use of that one API key from different IP addresses and would probably block it also. Every user should get it's own API key. If they choose to use it in a certain application, its their responsibility.

    maybe Zoid could comment on the issue.
    What? I think you are confused on some basic concepts. The user would never see the API key, it would not be able to be abused or extracted. Every user should not get their own API key.

    edit: I was incorrect here, the API key would be able to be extracted by someone with the desire and tools.
    Last edited by walkingcarpet; 09-15-2012 at 11:22 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •