+3

API Keys for Developer Access to API Please

Jurann McRea 4 years ago updated 4 years ago 2

Since the addition of Google reCAPTCHA v3 about a year ago, third parties have not had any way to legitimately login to the site and use the API. Could you please setup a simple API Key system so third party devs such as myself can obtain a unique key for authenticating via an API Key endpoint rather than using the reCAPTCHA v3 OAuth system? API Key systems are generally fairly trivial to implement and simply require associating a key with sufficient entropy (64-byte or better) to a user account and optional Client ID and Secret used to authenticate at an alternate endpoint to obtain a session token(s) for making normal API calls. Thanks!

This is the solution for this whole login mess in external apps, specially for Postybirb... Any plans or eTA for this feature?

I tried setting up a localhost Docker image with a minimal Angular 10 UI to proxy API calls (using my cookies and localStorage settings from my local browser) and their CORS policies are set so strictly that even a local.furrynetwork.com host config was not accepted by their API. Every indication seems to me that they don't want third parties to use their API at all, I guess? If you have an even semi-public API, you don't screw down extremely strict CORS policies like that - they are not default in most platforms (and certainly not in the PHP version and framework FurryNetwork is using).