Feature Request: Write support to "launch" a "rocket" using API

[rahul286]

@jakewmeyer Thanks for awesome work! 🙂

I noticed that all the APIs are ready only. Or did I miss something? How about adding write support? So that we can do something like below and launch rockets with the API! 🚀

POST https://api.spacexdata.com/v2/launches

We can also use HTTP PUT instead, if "putting" a rocket into space feels more semantic! 😉

[jakewmeyer]

Currently read only because of the following:

Applications using the API depend on accurate, vetted, and up to date information, and allowing anyone to post arbitrary new launches/data could cause potential issues, even with proper validation and testing. While the majority of people would submit good data, it does open up an avenue of attack for people with malicious intent. Currently a handful of us in the org have database access, and keep things pretty up to date given the circumstances.

However, I do like the collaborative aspect of this, and would be willing to add POST endpoints with some form of authentication to trusted parties. This will need to be implemented sooner or later, so the data can be updated programmatically, vs just editing the database directly.

So I'll start a branch for this, and I'll start researching proper authentication solutions, and we can go from there! 👍

[rahul286]

@jakewmeyer Thanks for considering this. 🎉

Totally agree that unauthorized POST requests can lead to many problems including an increase in space debris!

I hope you find a proper authentication solution in time. May the Force be with you!🤞

[jhpratt]

Jake, with the new launch client I'm working on, I'll be able to verify the identity of someone as a subreddit moderator or thread host — letting them at least update the T0 time seems sensible. I'll already be handling the change on my end.

If wanted, I could add another field for "approved contributor" to allow arbitrary users the ability to do so.

On Sat, Aug 18, 2018, 12:31 Rahul Bansal notifications@github.com wrote:

@jakewmeyer https://github.com/jakewmeyer Thanks for considering this. 🎉

Totally agree that unauthorized POST requests can lead to many problems including more increase space debris https://en.wikipedia.org/wiki/Space_debris!

I hope you find a proper authentication solution in time. May the Force be with you!🤞

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/r-spacex/SpaceX-API/issues/124#issuecomment-414070114, or mute the thread https://github.com/notifications/unsubscribe-auth/ADA9M0XSxYgeQF1to4hMPkzbx-EETRYJks5uSEFmgaJpZM4WBUl4 .

[jakewmeyer]

@jhpratt keeping this on the back burner for now, until most of the other issues are cleared out and finished. Don't worry about it for the time being

[jakewmeyer]

V3 will support PATCH requests for launches. Still working out the details with validation and how I want the input, but this will allow anyone to update a launch with new or corrected info. I'm reserving the ability to create and delete launches, but because launches are added so far in advance, this should be a non issue.

Still a few weeks away from being able to add this, but it's on the way 👍

[rahul286]

@jakewmeyer Thanks for the update! 🎉

[twilco]

Allowing anyone to edit existing launches seems concerning to me...it only takes one malicious person to ruin it for everyone.

[Maftalion]

IMO you should make a 'suggestion' endpoint for each category such as POST -https://api.spacexdata.com/v3/launches/64/suggestion which wouldn't create a new launch but writes to a different table that you can use to receive all suggested updates. That way you can set up a dashboard for all suggested update for you and your mods to vet before actually modifying the records. BTW great work and I hope you all keep it up 👍

[jeroenboumans]

Could be the same table but maybe "pushed" rockets can be flagged with a property "accepted" (tiny integer: 0/1) which will be left out in all the GET responses but is used in filtering. So GET endpoints only return launches with "accepted = 1". The accepted property is not visible in the returned json. Just a thought ;)

[jakewmeyer]

Going to close this for the time being, but might revisit sometime in the future.

Currently most of the time sensitive and labor intensive updating is now done automatically with update scripts, which makes this less of a problem.

Most of the data is pulled directly from the subreddit wiki pages, which doesn't require us to build a full authentication system just to update data that is already going to be updated on the wiki. Those editing the wiki need an account that is 180+ days old, and subreddit karma of 500+. Because of this, the data is generally accurate, and lots of eyes go over the data every day. Updates are quick, and there's already a dedicated team in place that helps manage the wiki and contribute data.

So going forward, I'm planning on improving these scripts further to pull even more data from the wiki for updates, instead of building our own update system from the ground up. I just think it's better to make use of a quality existing system.