Legality, TOS, Reliability Concerns

[markadrake]

Thank you for taking the time to create the project and showcase how people can integrate with PSN - fantastic job.

Finding this project was really easy but finding any kind of documentation or hearing from anyone with experience in integrating PSN OAuth has been next to nil. But unfortunately the lack of official documentation or information of any kind (that I can find) worries me.

I have just a couple of questions I'd like to ask about this project and to the people who have integrated it into their own websites:

(1) Are you imitating another server in your requests? That's what it seems to be doing - you are setting a false origin header right? I only assume with any other origin the server just does not respond? What is the legality of imitating another server?

(1-a) A follow-up: Does this break any TOS for the person with the PSN account. Could Sony take action against users who use a 3rd party site or application to access information through their PSN account?

(2) What kind of reliability does this project have? How often do API changes occur that may break a service that implements this code or approach? When an API change occurs is there any notice or does it immediately result in no-service?

(2-a) A follow-up: How are you checking for service outages or deprecation of the API so that you do not show your visitors a "sign-in with PSN" button, for example.

I'm sure I'll have more questions as I continue to explore the possibility of officially integrating PSN / Xbox Live log in to my site.

Thanks,

[jhewt]

Thanks for the support Mark,

There's no "official" documentation because SONY doesn't want public APIs (by public I mean public to developers), plain and simple as that unfortunally. It's such a shame and the same goes for XLive. I only find Steam as the "Developer friendly" of gaming networks.

1) No. This API does not imitates a "server's request" (I believe you meant "mimic" sony's server to other sony server request). What this does is imitate the requests sent from the official PlayStation APP for Android/iOS to their exclusive API designed for this application.

1-a) There are many ways to see what is outside the TOS. There are a few things saying that you may get permanently banned if YOU are the person doing the reverse engineering, so that is targeted to the developers behind a site like me and you. But... as for today my PSN account is still working but that may be because I do not own any PlayStation system. The other API sites like rankings and other similar were made by doing exactly the same reverse engineering because SONY does not offer any way to access PSN data, so what's why it is not documented.

2) There has been only a small amount of changes since the creation of this repository. To simplify the answer, this project will be operational until SONY decides to discontinue their mobile app.

2-a) I have not been into that, but you might have to check it by getting a fixed account running every X minute/hour/day/week in order to get an API status

[markadrake]

Thank you José. I really appreciate the project and the effort that went into it. My concerns above stemmed from the fact I'm trying to develop a crowd-curated gaming news site.

Do you think it's worth my effort to pursue an answer from Sony in the matter? It looks like some developers have been granted access to the API (game developers that is) so I wonder just how far out of reach a public API really is? I have a few contacts I can try and route this question through.

Thank you again for your responses to my questions. I've decided that I'll post a survey on my site briefly introducing the idea to the users and see if they want me to implement it. A simple warning that it's not an official API should be enough in this case.

Thanks again!

[jhewt]

I think only certified developers has access to those APIs. Keep in mind that they probably have an unique auth/secret key for each server/client. If you're going ask SONY for API access I think they might want you to become a PlayStation Partner and that requires proof of corporate entity among other legal stuff.

If you contact them, let us know what SONY said!

[ezibit]

We use sonys Auth system Xblives too to be able to get the publicly available PSN Profile Banner (No longer being issued) It has your trophies, avatar, games your playing blah blah blah for iframe insertion, but also then we use it to do some tricky stuff I know nothing I can share about due to confidentiality about the project and as it is not my dev task. I'm the project creator and owner. But this is new ground Jhewt, we'd gotten our skills from earlier previous attempts at this by several other parties one who charges for the service and another who disappeared and the project crumbled after hitting a few walls after PSN updates and a reshuffling of folders on their file system.

Anyway off topic I'm here to congratulate and encourage you to keep going and maybe even entice you with incentives to get particular functionality completed ASAP. We have a call going to PSN every hour I believe to check API status. But we cheat too we ask the user on site to supply their PSN username exactly as is on the PSN or XBlive. So this very exciting to see you using the App and this was my thinking, couldn't I use the app to do what we need done (access friends list, send messages, friend requests and party or game invites from data input on our site via our PSN acc) basically creating teams of people who aren't yet friends but have areed to be matched and getting them in game together and in communication before hand quickly without fuss and hassle of keyboard searches on console.

We approached Playstation, Jhewt is right they need you to be a partner and it is a selection process... you cant just apply and expect acceptance. I think they charge for the developer Licenses. Oh and you need to be a unique service or a game not already on the being provided.. so just one music streamer one game streamer one social streamer one each of the socials no third party socials, apps are all service driven and very corporatised. Game Dev companies hold Auth licences and are the only few that are allowed to use the PSN Authentication and integration API keys unrestricted with instructions and updates from sony. So we use the game devs public platform to call up game stats and auth with them and use any PSN/XBL auth work alone because we have the PSN username that returns the player id which gives us unrestricted access to all the incredibly intricate and an enormous volume of stats for that player...but alas the message system on the games official social/stat site is not active in the game so a PSN message service and friend lists able to be called up and utilized on a public online website or in app specifically built for a service to enhance a PSN/PS4 game would be massive!!!

Could you please contact me directly my email is visible on my profile and here: info@destinyesportsleague.com

Kind regards,

ezibit

[ezibit]

Any friend stuff, messaging and invites would be massive for us for the time being and I'm willing to sponsor it.