Guild Wars 2

When will API keys become active?

When will OAuth2 become inactive?

Will there be an overlap for a transitional period? (please don’t shut off OAuth2 before API keys are ready)

Will /v2/account still return the same information, but with the API key added as a parameter instead of using OAuth2?

Is there anything preventing somebody sharing a key and allowing people not them to use it?

I’m not looking to change anyone’s mind (I understand exactly the phishing concern), but API keys don’t do anything remotely like “auth”; they do nothing to let you verify a user on a repeat visit.

Now I need to be Yet Another Website With A Username And Password (And I Need To Store Them Securely, Oh And It Needs To Be Able To Send Emails Too)

First time visit is no longer a hybrid sign-in/sign-up link, but “no entry allowed; create and verify an account before preceding.”

Like I said, not trying to change your mind, but that is why I asked the questions about auth, and that’s why the new thing won’t substitute for that.

Hum, I was thinking about making something to check the user on my forum and TS if they are from the good server…. But if all will change soon there is no reason to begin programming something…..
What will do this new api system ? No release date of course…

Remfin.4892:

I’m not looking to change anyone’s mind (I understand exactly the phishing concern), but API keys don’t do anything remotely like “auth”; they do nothing to let you verify a user on a repeat visit.

Now I need to be Yet Another Website With A Username And Password (And I Need To Store Them Securely, Oh And It Needs To Be Able To Send Emails Too)

First time visit is no longer a hybrid sign-in/sign-up link, but “no entry allowed; create and verify an account before preceding.”

Like I said, not trying to change your mind, but that is why I asked the questions about auth, and that’s why the new thing won’t substitute for that.

Yes, this occurred to me also. Isn’t the main source of compromised accounts from people using the same credentials on 3rd party sites such as forums?

Even if I do store the passwords securely (which I will of course), I am not going to be purchasing an SSL certificate.

Very sad, i liked the oauth system.

will there still be a way to access something like those oauth offline-tokens? that is essential for my plans.
if not, that would be even sadder

Nabrok.9023:

Even if I do store the passwords securely (which I will of course), I am not going to be purchasing an SSL certificate.

You don’t have to purchase a certificate. There are free providers like StartSSL that should fit most basic use cases.

However. The whole situation is a really bad compromise.

Pat Cavit.9234:

werdernator.6105:

will there still be a way to access something like those oauth offline-tokens? that is essential for my plans.
if not, that would be even sadder

Yes, API keys do not expire unless the user revokes them.

very nice, that’s what i wanted to hear.

Is there at least a roughish time frame for moving away from OAuth? Months? Weeks? Even the roughest time frame will help me decide if I should implement this temporarily with OAuth, or if I should just hold off until the new method is ready.

I got the OAuth stuff working, but then read to the end of this thread and realized that it’s changing. I’m hoping that once it stabilizes, more account attributes would be available via the authenticated API? Things such as characters and their attributes perhaps?

Lawton Campbell.8517:

evilandy.7486:

I’m hoping that once it stabilizes, more account attributes would be available via the authenticated API? Things such as characters and their attributes perhaps?

Yeah, we’ll be releasing new authenticated endpoints once the changeover happens. On the docket are trading post data, character details, account bank and material storage, as well as some other things.

Not gonna land all at once, but that’s more-or-less what’s currently in the works.

I can’t wait! I’ve got so many new tool ideas haha

It will be possible to retrieve last connection/disconnection of an account ?
This data will be usefull. With tradingpost endpoint and this, we can deduce golds and items awaiting recovery.

Can we have an array of permissions?
{…
permissions: [“characters”,“transactions”],
…}

JoluMarti.9165:

Can we have an array of permissions?

I just created a new Proposal to add a new /v2/permissions endpoint.