Success point
First of all i think you’re referring to Achievement Points.
Second, you can’t use the api keys as a way to authenticate a real gw2 user. Someone could of just borrowed a friends api key. The api keys in it’s current state is only useful as an optional feature for websites (the implementation on gw2shinies is decent, since there’s no malicious reason to lie about your key, haven’t tested how it deals with duplicate accounts with same key).
To sum up, don’t use api keys as a way to authenticate real gw2 users – it’s currently useful for overlay/tracker/calculator/analyzer type apps and anything that isn’t dependent on the validation flaw.
Yes I speak about achievements.
But I do not try to protect personal bank data… With a little precaution this is enough to ensure that this guy is on the good server. Just try to ensure that one API key is only used once and it’s locked with the account name.
The API Key is a personnal data, user don’t have to distribut the key everywhere.
And yes you can always try to brute force to find some valid keys but and then ? If this key is already registred on the app then it’s useless to have it.
Again, ensure that someone is on the good server is not about national security. This API key is enough for my usage.
Yeah, I want to put achievement points, wvw rank and pvp rank somewhere. I’m not sure if they should be on the normal “account” scope though, not sure where to put ’em.
Yeah, I want to put achievement points, wvw rank and pvp rank somewhere. I’m not sure if they should be on the normal “account” scope though, not sure where to put ’em.
Why not add “account statistics” scope, where achievement and age info can reside?
I think I see the ‘account’ scope as being something pretty basic, and being something that is on by default, and completely harmless.
Meanwhile, I consider my achievement history to be something fairly private, and also something which is separate from other tasks. Reviewing my TP efficiency doesn’t need to look at this. Checking my gear for a build doesn’t. Basically, nothing except an explict tracker for such things would need it, so having a separate scope makes sense.
I’d name it “Account Progression”, and have all of the AP and XvX Ranks included.
Not a bad idea, actually. That permission could also expose the completed achievements list for the account too, as well as the upcoming masteries and stuff.
No news about wvw rank into the api? For a moment i can give only pvp_rank