Showing Posts For Pat Cavit.9234:

To the API devs

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Y’all are great fun to chat with, it’s our pleasure.

Apiv2 specializations usage

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

You may not mind them but I guarantee we do.

Leaking spoilers via the API is a good way to get all API resources re-assigned to other projects.

Apiv2 specializations usage

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

/v2/traits-beta exists to get feedback, it’s likely to change response format in breaking ways so we weren’t advertising it super-loudly.

Feel free to use it & definitely provide feedback on bugs/format/etc if you do, but don’t write code that depends on it a) not changing or b) existing forever. Once we roll out /v2/traits for real /v2/traits-beta will be removed.

Getting a lot of 503 errors lately

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

We had a load balancer in the EU go rogue, it should have been fixed Sunday night-ish (Pacific Time).

Icons & art

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

I am not a lawyer, but the terms of the asset kit seem pretty clear. You could try contacting the community team via email for a potentially more official answer.

Issues with Account APIs (Bank/Inventory)

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

A fix for this will be going out through the hotfix process. No ETA yet.

API Wrappers

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

http://wiki.guildwars2.com/wiki/API:List_of_wrappers

Please feel free to add your projects to this list.

API Implementations

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

http://wiki.guildwars2.com/wiki/API:List_of_applications

Please feel free to add your projects to this list.

Guide to the Black Lion Trading Co API

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

So, is direct interaction with the TP still allowed though? I’d like to manage my transactions and especially add new ones while in university, where I can’t run GW2 on my netbook.

Selling has always required a game client. Buying now requires a game client as well. Neither of those are likely to be exposed via the API any time soon.

Those restrictions could be worked around with a really convincing fake client, but I’m pretty sure that’s against our TOS.

More Languages? [PL, RU, UA, ....]

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Nothing to announce, sorry!

API Keys "ErrBadData" since patch

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Issue found, and we think it’s been fixed.

API CDI 2015

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

It’s been a month ago! Sorry for bumping this post:P I was just wondering: What is the state of the Skills and Trait API?

I’ve already seen it being mentioned before but I really think the following API could be useful:

- Account/PvP/ where you can gather statistics on the matches won and against / with who. This way people could check on their previous matches and for example check out other players statistics and things. Maybe this would also be a good way to upgrade PvP with a new better-looking leaderboard?

I am not sure how hard it is though but I really think it would improve the community!

RE: /v2/skills what progress there is can be tracked here: https://github.com/arenanet/api-cdi/pull/5

It’s slowed down some as skills/traits are very complicated to represent and we’ve been focusing on things that can ship sooner and at a higher quality level.

RE: PVP endpoint. This is something we’re looking at soon, some of the data we’d want to expose already exists. A PR w/ a suggested format & data you’re interested in would be a great help in terms of giving some direction on what that API could look like.

Launching /v2/characters

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

I ended up doing what you recommended. Thanks.

Any ETA on /v2/characters/:id/equipment? No rush, with school and work the site that I’m creating won’t be done for another 3-4 months; I would just like a status on how things are coming along so I can adjust my schedule.

Thanks again,

https://github.com/arenanet/api-cdi/pull/36

We should be able to turn it on sometime after the next patch hits, IIRC.

Launching /v2/account (w/ Authentication)

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

OAuth2 is now disabled.

For authenticated access to APIs please see the API Key Announcement Thread

HEADS UP: OAuth2 being replaced next week

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

This is done, OAuth2.0 has been disabled in favor of API keys.

API Keys "ErrBadData" since patch

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

There’s a server crashing on live with shocking regularity that is probably keeping this from working. I know the server team has been looking at it, we’ll poke them in a bit in case it stays broken.

Api fair use question

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Launching /v2/commerce/transactions

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Found & fixed the cache bug on dev, will try to get it deployed next week.

Launching /v2/characters

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

This is a known bug for ages. Can’t you just switch to… say Invision Power Board?

No, for reasons. Stay on-topic please.

what ever happen to the GW2 app talk?

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

The core of that team rebuilt most of the commerce UI & backends in the two months before the game launched. The one piece that wasn’t changed? The part that took everything else down for the first two weeks. :-(

Getting things up & running again was really exciting, in an “oh god this is so much work” sort of way.

render.guildwars2 doesn't work

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Lawton should be back tomorrow to take a look, I have a few suspicions but no time to run them down ATM.

Launching /v2/account (w/ Authentication)

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

will there still be a way to access something like those oauth offline-tokens? that is essential for my plans.
if not, that would be even sadder

Yes, API keys do not expire unless the user revokes them.

Launching /v2/account (w/ Authentication)

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Our OAuth2 implementation avoids a lot of the bad parts of OAuth2 by simply not supporting them, but it was determined that due to the real monetary value of accounts ArenaNet isn’t comfortable with the core phishing problems that affect any system like OAuth.

Auth is still a possible, in that you can still verify that a user has a valid GW2 account by having them create an API key and enter it. It’s just significantly more annoying. A password manager that can autofill would be the best user experience possible in this new authentication scheme.

Launching /v2/account (w/ Authentication)

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Phishing via malicious apps.

OAuth Application Creation is live!

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

You’re now able to create OAuth Applications, manage them, and use them to create apps that can request data from authenticated APIs!

WARNING – This is all BETA-quality and may be subject to change as we discover bugs or just decide we don’t like the way it’s looking at us.

I’ve documented the process in a few images, hopefully you find it straightforward. If you find a bug please file an issue.

https://imgur.com/a/TB5B7

Sorry it took a bit longer than we were hoping for, this latest patch caused some excitement that we had to tackle first.

Online Character Viewer

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

In the end you, the user, are responsible for determining who gets access to your data. If you don’t like what they do with it revoke their access.

We just provide a safe, standardized way to authenticate and say “Yes, App <XYZ> can read parts of my private data.”

I assume character data is private unless explicitly made visible by the account holder to specific web sites.

Yes, anything not available on the public APIs is private until the user explicitly gives an application access to it.

Online Character Viewer

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

In the end you, the user, are responsible for determining who gets access to your data. If you don’t like what they do with it revoke their access.

We just provide a safe, standardized way to authenticate and say “Yes, App <XYZ> can read parts of my private data.”

Gem Exchange: What is wrong with this?

in Bugs: Game, Forum, Website

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

One decimal place is ok, two starts getting into the limitations of IEEE floats and the calls to the API get turned into nonsense.

Thus a request for 80.82 gold worth of gems returns “2” instead of something sensical. The trade happens entirely on the server and will deduct/deposit the correct amounts, it just won’t match up with the now-goofy UI state.

[Solved] API Rate Limits

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

If we implement rate limiting we’ll announce it, until then have fun.

Cross-domain API calls broken?

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Is this still the case for the v2 API?

because i get the following message:

https://api.guildwars2.com/v2/items/12452?lang=en&_=1426522029742. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://159.253.7.156’ is therefore not allowed access. The response had HTTP status code 404.

Looks fine to me:

https://redbot.org/?uri=https%3A%2F%2Fapi.guildwars2.com%2Fv2%2Fitems%2F12452%3Flang%3Den%26amp%3B_%3D1426522029742

Even our 404 sends a CORS header.

https://redbot.org/?uri=https%3A%2F%2Fapi.guildwars2.com%2Fv2%2Fitems%2F3%3Flang%3Den%26amp%3B_%3D1426522029742

Items only exist in commerce/prices?

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Once upon a time you were able to place buy orders for whatever ID you wanted w/o restrictions. We have since changed that to enforce that the item has to have been sold on the TP before you can place a buy order. I thought Commerce had cleaned up all the bogus buy orders for items that had never been sold, but it looks like maybe that didn’t catch everything.

Launching /v2/account (w/ Authentication)

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Any news on this yet?

Got held up waiting for some translations and ironing out some issues. Those went in yesterday so barring any other excitement hopefully will be shipped next week. Ended up being more work than we anticipated to bang it into shape.

Exposing custom headers for CORS

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Hah, Lawton beat me to it. This is on dev now, we’ll bang on it for a bit & make sure it’s good.

Exposing custom headers for CORS

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Oof, good point. We’ll get it onto the backlog.

API CDI 2015

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

It’s possible, we’d have to discuss with the team responsible for the listings what filtering (if any) would need to happen to that data though. Worth adding to the backlog as a low-priority item, thanks!

Launching /v2/account (w/ Authentication)

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Lawton found the cause. He’s chatting with some folks about how to a) fix it and b) prevent it from breaking like this in the future.

Quick reminder…

This is considered BETA-quality at the moment

Launching /v2/account (w/ Authentication)

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Yeah, something’s gone pear-shaped. Investigating.

Enable keep-alive and pipelining?

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

With our current setup keep-alive/pipelining isn’t possible, sorry.

/v2/items?ids=all would be a massive response and probably make our servers very, very unhappy.

Launching /v2/account (w/ Authentication)

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

I am getting mixed results when retrieving back account data from using the token.
One of my accounts returns back “undefined” while the other does return the four pieces of information. The only difference I can think of is that the account with undefined results has the mobile authenticator enabled. Anyone else have similar result?

I’ve got TOTP on my account I used for testing w/o any problems. I’ll give it another shot in a bit here to see if I can repro.

You could also modify the node script to dump out more info after the request, modify https://github.com/arenanet/api-cdi/blob/master/examples/auth-nodejs/request.js#L19 to say

console.log(arguments);

and you should be able to get a bit more info in the error case.

(edited by Pat Cavit.9234)

Launching /v2/account (w/ Authentication)

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

The OAuth2 library I am using (perl’s Net::OAuth2) wants to add “Host: account.guildwars2.com:443” to the access token request header. This results in a 403 error from the server.

It works fine if the header is set to “Host: account.guildwars2.com” or left out entirely.

I was able to make changes to the library code to fix it for myself, but other users and possibly other libraries may come across this problem.

Interesting. My current browser doesn’t appear to send :443 for HTTPS requests, the spec is a bit ambiguous on the issue. We’ll take a look.

What font does the UI use?

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Menomonia is only used for headings. IIRC the game uses Tahoma for all non-heading text.

The game UI font actually looks more like Trebuchet MS ~10pt to me.

Trebuchet MS sounds accurate, I don’t have access to check right now. I always get those two confused.

API CDI 2015

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

I just merged the PR for the updates to /v2/floors (moving it under /v2/continents, adding lots of new selection functionality). Hoping to ship it next week sometime.

https://github.com/arenanet/api-cdi/pull/2

Launching /v2/account (w/ Authentication)

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

The account site is from a time before we had the resources to focus on the mobile experience, so it’s pretty bad right now. We’re aware of it and actively working on a solution.

App registration should be coming “soon”. There’s still some issues we need to solve before it’s something we want external folks to use.

App keys is something we can discuss longer-term as part of the API CDI, this isn’t really the thread for it. As of right now OAuth2 is the only supported authentication method and we don’t have any infrastructure in place to support anything else.

We’ll work on making those strings a little more specific, if anyone has any examples of sites that do a really good job of describing OAuth scopes in consumer-friendly language I’d love a link. Most in my experience has been similarly-generic text.

Launching /v2/account (w/ Authentication)

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Google has some useful documentation, we don’t support their urn: formatted redirects but you could open a small webserver to receive the redirect. That has all sorts of hurdles around forwarded ports and such of course, it’s not ideal.

API CDI 2015

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Why do you need multiple languages in a single response?

I want to let the user search for items by different criterias. So my plan was to parse the data into a database and use indexes for the searches. To support several language i need to know the item names in theese languages. It is not a big problem to repeat the request and ignore everything except the names, but it would be easier to just fire one request and get everything I need.
Most of the data the apis provide doesn’t change very frequently, so imho it is feasible to cache it even without a database in the back.
The format smiley used in his pull-requests looks good to me. And if only one language is requested, it stays just like it is now.

P.S. There is a working work-around, so this is no high prio of course.

Yeah, the problem I see with smiley’s PRs is that we have to write code for every endpoint to add comprehensions for the specific fields and transform them into objects. It’s not impossible of course, it’s just not a very good bang-for-our-buck change. We could work out a system to make marking up those fields easier or even diffing between responses from the backends but again, more important things atm.

We’ll keep it on the backburner, /v2 isn’t the end of the APIs & I’d like whatever comes next to offer more flexibility on things like this.

Launching /v2/account (w/ Authentication)

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

What is the difference between the account ID and account name?

ID is a GUID, Name is a string like the one you can enter into the contacts list in-game.

Authenticated APIs delayed to week of 2/23

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

/v2/account is now enabled, details here

Launching /v2/account (w/ Authentication)

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

!!! OAuth2.0 has been DISABLED !!!

For more information please see the API Key Announcement for more details.

Original post follows

As I mentioned in the Authenticated APIs delayed to week of 2/23 thread we got very close last week to being able to enable to the /v2/account API. Couldn’t quite seal the deal, but the good news is we’ve finished crossing our "t"s and dotting our "i"s on the configuration side of things and everything looks good to go!

So, details. This is considered BETA-quality at the moment and will be more fully fleshed-out later.

/v2/account currently gets you four basic pieces of information.

  1. The user has a GW2 account
  2. User’s Account ID (not the game account ID)
  3. User’s Account Name
  4. User’s World ID (which you can correlate to /v2/worlds)

Usage is pretty standard OAuth2, the endpoint details are as follows:

Scopes are a space delimited list, currently we only support two:

  • account – gives you basic access to the account. It’s required for pretty much any interaction.
  • offline – gives you a refresh token in addition to the access token. The refresh token allows you to continue obtaining access tokens after they expire. You’ll probably want this for any non-trivial app.

To access the API you’ll need to turn the code returned by /oauth2/authorization into an access token using /oauth2/token, and then you can use that against /v2/account by passing the following header in your request:

  • Authorization: Bearer <access token>

I’ve got a pull request against the api-cdi github repo that provides a small example script written for NodeJS. This is the bare-minimum necessary to make a sucessful request, it is nowhere near production-ready. That should be immediately clear when you see that the directions ask you to copy URL params out of the location bar to pass to another script. I think Lawton’s going to be posting a more complete example in Go shortly.

The UI for managing applications via the account site isn’t ready yet, so we’ve got ahead and created a demo application that you can use for the OAuth2 flow. This application only supports redirects to localhost, so unfortunately you won’t be able to build anything you can ship just yet.

We’re hoping to get the UI for registering & managing applications ready by next week. Sorry about that, there just wasn’t time to get it to where we’re happy with it and we wanted to get the authenticated API endpoint active sooner rather than later.

(edited by Pat Cavit.9234)

API CDI 2015

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

Is it possible to allow more than one value in the “lang”-parameter? Or “all” as possible value? This would allow to get more than one language with one request and would make these almost redundant requests required at the moment obsolete.

Potentially, but it isn’t something we’ve spent much time looking at just yet.

It raises a lot of format questions for me as to what the actual response would look like. Would it be the regular, language-specific responses repeated n times (where n is the number of requested languages)? That’s going to be a huge response for some endpoints. There are other options but it requires us to write a bunch more code to support it by changing the responses we get (remember, the API frontend you talk to is a middle-man) and I don’t really think it’s worth it.

Why do you need multiple languages in a single response?

Authenticated APIs delayed to week of 2/23

in API Development

Posted by: Pat Cavit.9234

Previous

Pat Cavit.9234

Web Programming Lead

Next

The (presumably) final configuration change was made yesterday to the servers to enable this to work, but we need to spend some time assuring that everything works against Live. More details soon hopefully.