Adding characters through API returns errors

(Locked)

100 Human Death Knight
14395
Please increase the Openraid daily API limit! Help an awesome feature grow!
3 Night Elf Druid
0
08/06/2012 07:10 AMPosted by Ujournal
If you're fetching the characters upon user request, then have the user fetch the JSON from battle.net and send it to you.


I thought about this one too, yes. This may be the optimal solution for openraid.us.

Also, I was musing about how to harden such out-sourced data fetchings. I was thinking about generating a 1-time hash on your server, valid for about 5 to 10 seconds. Then passing that hash to the client (browser) which uses this hash to encode the api-data and send it back to me. However this is hardly worth anything since the client could still manipulate the data. But I suppose you can't really verify this kind of stuff properly without calling the api yourself to double-check.
1 Troll Rogue
0
Agreed, once the client touches the data, it's "tainted", no matter how many weird hashes and encryptions you put it through.

You can verify that the data you receive is correct by asking an unrelated third party to make the same request. If you get the same data back from two different parties, it's quite likely correct.
3 Night Elf Druid
0
Agreed, once the client touches the data, it's "tainted", no matter how many weird hashes and encryptions you put it through.

You can verify that the data you receive is correct by asking an unrelated third party to make the same request. If you get the same data back from two different parties, it's quite likely correct.


That's a clever soulution, but it opens another can of worms though. First you would need something like a data-quarantine. That's no real problem but still something to keep in mind. Then again, you need a third party (e.g. another user) and a way to handle conflicts. So there is an (unavoidable) delay in your workflow. And then you will need to handle conflicts that will happen when the live-results change while the data is in quarantine. Not too hard to do, though. :)

However, this would conflict with the Usage Policy, wouldn't it?
http://us.battle.net/wow/en/forum/topic/3746635131 (Service Availability Notice, 4th bullet point)
Edited by Rhileu on 8/8/2012 3:47 AM PDT
1 Troll Rogue
0
08/08/2012 03:46 AMPosted by Rhileu
That's a clever soulution, but it opens another can of worms though. First you would need something like a data-quarantine. That's no real problem but still something to keep in mind. Then again, you need a third party (e.g. another user) and a way to handle conflicts. So there is an (unavoidable) delay in your workflow. And then you will need to handle conflicts that will happen when the live-results change while the data is in quarantine. Not too hard to do, though. :)

1) Put character in "todo" list, set data field as "empty"
2) Ask a user to get character data
3) Does that character data match what we have stored already?
3a) No: attach new data to character, go to step 2
3b) Yes: remove character from todo list, use data

You'll hit 3a and loop at least once for each character. You might want a loop counter to exit as "failed" if you loop too many times.

However, this would conflict with the Usage Policy, wouldn't it?
http://us.battle.net/wow/en/forum/topic/3746635131 (Service Availability Notice, 4th bullet point)


IANAL, but I figure that 4th point means "nobody gets to set up a service solely for the purpose of fetching from the API for others", i.e., you can't set up a proxy, or more to-the-letter, you can't use such a proxy if one were set up.

The 3rd point in the same set is more problematic. It might be considered "multiple forms of access" if you ask user A to get some API data for user B, even if user A consents.

Points 3 and 4 are close in meaning no matter how you look at it.

Anyway, this is how Realm Pop works (realmpop.com). Visitors to the site are asked to fetch character data and send it back to the server. I couldn't get data on ~35 million characters and ~1 million guilds any other way, even if they removed all API limits. (And still, some of the data I have is older than I'd like, but there's just so much to get and so little time.)
Web & Mobile Team
To openraid, we did receive your email and we have taken appropriate action. As I'm sure you are all well aware of by now, it has been a really busy week and we have been keeping deploys and production changes to a minimum.

To everyone else, although I'm really glad to see everyone excited about sites like openraid, this isn't the place to discus them or their application limits. They have contacted us through the official channels and it is between openraid and Blizzard to figure out why they are hitting their application limit (which is already really high). If you want to discuss openraid or talk about how it impacts you as a player, do it on their forum.
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]