search

glidernet / ogn-ddb

OGN Devices DataBase
11 stars 15 forks source link

API creation to register a device for an existing account >> security mechanism #53

Open laurentchivot opened 3 years ago

laurentchivot commented 3 years ago

We (a group of developpers) are on our way to propose an API to add device for an existing account.

We propose a two ways authentication to access this API

First request : authenticate via user credentials to get a token with a limited valid time

second request : API access with the above token.

we would like to get your feedback on this mechanism before going into dev.

Then we would like also to implement sort of quota on API use to prevent misuse of the API.

Would you prefer : 1) number/time limitation of request to the API 2) any other method that you think should be more appropriate

looking forward to hear from you

Laurent

acasadoalonso commented 3 years ago

Check the code … the api is there …

AC/. Sent from my iPad

On 7 Oct 2021, at 14:47, Laurent CHIVOT @.***> wrote:

 We (a group of developpers) are on our way to propose an API to add device for an existing account.

We propose a two ways authentication to access this API

First request : authenticate via user credentials to get a token with a limited valid time

second request : API access with the above token.

we would like to get your feedback on this mechanism before going into dev.

Then we would like also to implement sort of quota on API use to prevent misuse of the API.

Would you prefer :

number/time limitation of request to the API any other method that you think should be more appropriate looking forward to hear from you

Laurent

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

acasadoalonso commented 3 years ago

Sorry … still on my account …

https://github.com/acasadoalonso/ogn-ddb

It uses plain use id/password Take a look

AC/. Sent from my iPad

On 7 Oct 2021, at 14:47, Laurent CHIVOT @.***> wrote:

 We (a group of developpers) are on our way to propose an API to add device for an existing account.

We propose a two ways authentication to access this API

First request : authenticate via user credentials to get a token with a limited valid time

second request : API access with the above token.

we would like to get your feedback on this mechanism before going into dev.

Then we would like also to implement sort of quota on API use to prevent misuse of the API.

Would you prefer :

number/time limitation of request to the API any other method that you think should be more appropriate looking forward to hear from you

Laurent

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

snip commented 3 years ago

When providing API we need some limits to prevent user to do bad things (like booking all available IDs, flooding server with requests, ...)

laurentchivot commented 3 years ago

Sorry … still on my account … https://github.com/acasadoalonso/ogn-ddb It uses plain use id/password Take a look AC/. Sent from my iPad On 7 Oct 2021, at 14:47, Laurent CHIVOT @.***> wrote:  We (a group of developpers) are on our way to propose an API to add device for an existing account. We propose a two ways authentication to access this API First request : authenticate via user credentials to get a token with a limited valid time second request : API access with the above token. we would like to get your feedback on this mechanism before going into dev. Then we would like also to implement sort of quota on API use to prevent misuse of the API. Would you prefer : number/time limitation of request to the API any other method that you think should be more appropriate looking forward to hear from you Laurent — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

Hi Angel, thanks for replying, i will take a look at your repo.

The question then is, how could we help implementing your work to benefit from this API ?

regards

Laurent

acasadoalonso commented 3 years ago

Once that we move my development of the OGN DDB V2 to the GLIDERNET repo we can try to implement the feature that you refer to. In the meantime you can see how to do it on the API code that is on my repo ... AC/.

On Thu, Oct 7, 2021 at 3:34 PM Laurent CHIVOT @.***> wrote:

Sorry … still on my account … https://github.com/acasadoalonso/ogn-ddb It uses plain use id/password Take a look AC/. Sent from my iPad … <#m3963520599732441020> On 7 Oct 2021, at 14:47, Laurent CHIVOT @.***> wrote:  We (a group of developpers) are on our way to propose an API to add device for an existing account. We propose a two ways authentication to access this API First request : authenticate via user credentials to get a token with a limited valid time second request : API access with the above token. we would like to get your feedback on this mechanism before going into dev. Then we would like also to implement sort of quota on API use to prevent misuse of the API. Would you prefer : number/time limitation of request to the API any other method that you think should be more appropriate looking forward to hear from you Laurent — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

Hi Angel, thanks for replying, i will take a look at your repo.

The question then is, how could we help implementing your work to benefit from this API ?

regards

Laurent

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/glidernet/ogn-ddb/issues/53#issuecomment-937798809, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB6DYZ4ZDBM63UEZSDJHZQTUFWOW7ANCNFSM5FRGQQEQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

-- Angel Casado

laurentchivot commented 3 years ago

What is the time frame for this migration to ddb v2 ?

Could we try in the meantime to start implementing this "simple API" ?

Regards

Laurent

Le 7 oct. 2021 17:51, Angel Casado @.***> a écrit :

Once that we move my development of the OGN DDB V2 to the GLIDERNET repo we can try to implement the feature that you refer to. In the meantime you can see how to do it on the API code that is on my repo ... AC/.

On Thu, Oct 7, 2021 at 3:34 PM Laurent CHIVOT @.***> wrote:

Sorry … still on my account … https://github.com/acasadoalonso/ogn-ddb It uses plain use id/password Take a look AC/. Sent from my iPad … <#m3963520599732441020> On 7 Oct 2021, at 14:47, Laurent CHIVOT @.***> wrote:  We (a group of developpers) are on our way to propose an API to add device for an existing account. We propose a two ways authentication to access this API First request : authenticate via user credentials to get a token with a limited valid time second request : API access with the above token. we would like to get your feedback on this mechanism before going into dev. Then we would like also to implement sort of quota on API use to prevent misuse of the API. Would you prefer : number/time limitation of request to the API any other method that you think should be more appropriate looking forward to hear from you Laurent — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

Hi Angel, thanks for replying, i will take a look at your repo.

The question then is, how could we help implementing your work to benefit from this API ?

regards

Laurent

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/glidernet/ogn-ddb/issues/53#issuecomment-937798809, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB6DYZ4ZDBM63UEZSDJHZQTUFWOW7ANCNFSM5FRGQQEQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

-- Angel Casado

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/glidernet/ogn-ddb/issues/53#issuecomment-937923033, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABO4CKJRNPIGFTFQJUVJFJLUFW6WBANCNFSM5FRGQQEQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.

acasadoalonso commented 3 years ago

As you can check, the version V2.0 only requires some adjustments of the names, some good testing and translation to the non-english versions. It could be available in a matter of weeks ... The API is quite simple as it is !!! Your suggestion is to make the credential process stronger ... as it is, uses the current email-ID and password to update the OGN DDB in a model similar to the one with a web browser.

On Thu, Oct 7, 2021 at 5:55 PM Laurent CHIVOT @.***> wrote:

What is the time frame for this migration to ddb v2 ?

Could we try in the meantime to start implementing this "simple API" ?

Regards

Laurent

Le 7 oct. 2021 17:51, Angel Casado @.***> a écrit :

Once that we move my development of the OGN DDB V2 to the GLIDERNET repo we can try to implement the feature that you refer to. In the meantime you can see how to do it on the API code that is on my repo ... AC/.

On Thu, Oct 7, 2021 at 3:34 PM Laurent CHIVOT @.***> wrote:

Sorry … still on my account … https://github.com/acasadoalonso/ogn-ddb It uses plain use id/password Take a look AC/. Sent from my iPad … <#m3963520599732441020> On 7 Oct 2021, at 14:47, Laurent CHIVOT @.***> wrote:  We (a group of developpers) are on our way to propose an API to add device for an existing account. We propose a two ways authentication to access this API First request : authenticate via user credentials to get a token with a limited valid time second request : API access with the above token. we would like to get your feedback on this mechanism before going into dev. Then we would like also to implement sort of quota on API use to prevent misuse of the API. Would you prefer : number/time limitation of request to the API any other method that you think should be more appropriate looking forward to hear from you Laurent — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

Hi Angel, thanks for replying, i will take a look at your repo.

The question then is, how could we help implementing your work to benefit from this API ?

regards

Laurent

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/glidernet/ogn-ddb/issues/53#issuecomment-937798809,

or unsubscribe < https://github.com/notifications/unsubscribe-auth/AB6DYZ4ZDBM63UEZSDJHZQTUFWOW7ANCNFSM5FRGQQEQ>

. Triage notifications on the go with GitHub Mobile for iOS < https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>

or Android < https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

-- Angel Casado

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub< https://github.com/glidernet/ogn-ddb/issues/53#issuecomment-937923033>, or unsubscribe< https://github.com/notifications/unsubscribe-auth/ABO4CKJRNPIGFTFQJUVJFJLUFW6WBANCNFSM5FRGQQEQ>.

Triage notifications on the go with GitHub Mobile for iOS< https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android< https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/glidernet/ogn-ddb/issues/53#issuecomment-937926455, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB6DYZ2RAXKTEOQBPE3K6MDUFW7FNANCNFSM5FRGQQEQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

-- Angel Casado