search

andshrew / PlayStation-Trophies

Sony has an API for retrieving details of the trophies an account has earned, but there is no public documentation for using it. This is an attempt at documenting the API by capturing the requests made by the https://my.playstation.com web site.
MIT License
104 stars 4 forks source link

Would there be interest in a Postman collection with the endpoints and tests? #17

Closed TheYuriG closed 1 year ago

TheYuriG commented 1 year ago

I'm making a public Postman collection that hits the endpoints, authenticates, and then requests for data, in a practical way, akin to what your documentation library refers to.

Run in Postman

Would you be interested in having this added to your documentation, so your users can easily test the endpoints you describe? The greatest advantages of integrating the documentation with Postman are:

PS: Thanks for the library, I'm doing my best to not fanboy too much. 😅

andshrew commented 1 year ago

Hi @TheYuriG

I'm glad you've found this useful, and thanks for your suggestion.

I certainly like the idea of it. The only reservation I have around linking to it would be a concern around the authentication side of it and wanting to make sure that a users SSO token couldn't potentially be stolen by - for example - the Postman collection being altered at a later time to add in an extra step/endpoint which sends that information off to a malicious web server.

Do you know if is it possible to link to a specific version of the collection, or will it always link to the latest version? If it were possible to link to a specific version that could potentially mitigate this concern.

I don't know if my concern is even possible (and I'm also not wanting to suggest you would do such a thing if it is!), but for as convenient as this could be for allowing someone to access the API when handling/automating the authentication for the user I'd want to make sure there's no risk of someone compromising the security of their PSN account by using it.

TheYuriG commented 1 year ago

Do you know if is it possible to link to a specific version of the collection, or will it always link to the latest version?

I'll look into it and let you know!

I don't know if my concern is even possible (and I'm also not wanting to suggest you would do such a thing if it is!), but for as convenient as this could be for allowing someone to access the API when handling/automating the authentication for the user I'd want to make sure there's no risk of someone compromising the security of their PSN account by using it.

Yeah, I understand the concern, there are tons of ways it could go bad like: my account getting compromised and the Collection stolen/modified, etc. I'll keep building for myself for now (since I actually really need this to test the endpoints anyway) and I'll get back to you in a few days about how we can safely share this.

andshrew commented 1 year ago

Thanks, I look forward to seeing what you come up with.

TheYuriG commented 1 year ago

All the current endpoints are there on the link on the starting post, you can fork the collection for yourself, then make the Team and the Collection public, Postman will refer people to your fork when you share the link, not to mine.

I'm currently unable to test any of the old endpoints (the V1 ones with .net). Are you still able to connect to those just fine?

Dunno if I'm doing something wrong or all these legacy V1 endpoints died when this happened because all I get are 403 FORBIDDENs.

EDIT: I guess the warning about deprecation at the top means that you can't use the V2 Authentication Token to access V1? If that's the case, my work here is done. 😊