#metabrainz

/

        2021-05-12 13202, 2021

      • ruaok
        the youtube subkey has subkeys of access_token and api_key, nothing else.

        • 2021-04-27 11755, 2021

      • _lucifer
        ruaok, also these keys will be sent to the frontend and exposed to the users, so we should restrict both api wise and origin wise.

        • 2021-04-27 11730, 2021

      • _lucifer
        *additional api key

        • 2021-04-27 11750, 2021

      • _lucifer
        ruaok: i see the youtube client keys are at https://github.com/metabrainz/syswiki/blob/4154be… . but i forgot where the API key is can you please point me to it?

        • 2021-04-27 11722, 2021

      • _lucifer
        http://localhost/profile/music-services/youtube/c… this is what i am using for my local api key

        • 2021-04-27 11705, 2021

      • _lucifer
        regarding the youtube api key

        • 2021-04-26 11653, 2021

      • ruaok
        yeah, we could. but we also don't have a solution for the log shipping to get logs from all the various places into something like greylog. and once we do, we don't have a lot of use for these statistics. its nice to know what browsers people are using and identifying abuse, but putting API keys in place is far more important than analytics...

        • 2021-03-11 07009, 2021

      • iliekcomputers
        did they say why they disabled the API key?

        • 2021-03-11 07038, 2021

      • Mr_Monkey
        It looks like the API key we use on LB to import from LastFM is not valid anymore, the endpoint returns error #26: "API Key Suspended - This application is not allowed to make requests to the web services"

        • 2021-03-08 06756, 2021

      • alastairp
        ah, yeah. when we met in the office last Monday we talked about a lot of things, including the admin interface, and the plans for api keys and auth - that kind of merged into the oauth document that I started. later this afternoon we can straighten out all of the plans

        • 2021-03-02 06143, 2021

      • alastairp
        curl http://10.2.2.31:8108/collections/ -H "Content-Type: application/json" -H "X-TYPESENSE-API-KEY: ---the---key---"

        • 2021-03-02 06107, 2021

      • ruaok
        it throws a 404. would it do that for a wrong api key?

        • 2021-03-02 06131, 2021

      • _lucifer
        the api key seems to be wrong

        • 2021-02-24 05512, 2021

      • ruaok
        I see now -- one test fails because typescript expects an API key -- which key doesn't matter since the actual search call is mocked.

        • 2021-02-15 04601, 2021

      • Mr_Monkey
        ruaok: We'll have to discuss getting an API key for LB to use Youtube's API (to search for videos) and how their quotas would work for us: https://developers.google.com/youtube/v3/getting-…

        • 2021-02-15 04605, 2021

      • Mr_Monkey
        I don't think that's the same thing. I think that's a key representing the embedded player. That API had no auth.

        • 2021-02-15 04604, 2021

      • shivam-kapila
        react-youtube API requests had a key with them

        • 2021-02-15 04623, 2021

      • Mr_Monkey
        Ah, and it looks like we now need to use an API key

        • 2021-01-26 02628, 2021

      • ruaok
        they disabled key APIs for chromium, such as bookmark sync.

        • 2021-01-20 02010, 2021

      • ruaok
        and the API key is really not a secret -- if I could do without I would not have one.

        • 2021-01-20 02054, 2021

      • ruaok
        fetching the API key, which should be stored in consul, as part of the start_services script -- do you see any problems with that?

        • 2021-01-20 02013, 2021

      • ruaok
        typsense wants and API key defined as part of its command line arguments for invoking the service.

        • 2020-12-04 33920, 2020

      • ruaok
        Mr_Monkey: I realized I need a new set it spotify api keys for test. Will install soon.

        • 2020-10-29 30333, 2020

      • yvanzo
        Yes, it will be required for ws/2.5 (same as ws/2 but with API keys) then for ws/3 but ws/2 will continue to be available without API keys in parallel.

        • 2020-10-29 30341, 2020

      • outsidecontext
        API keys should probably be a ws/3 or be optional for an extended period of time

        • 2020-10-29 30341, 2020

      • reosarevok
        Wanna add API keys for next release? :p

        • 2020-10-29 30320, 2020

      • bitmap
        yes, but I think a good time to do that would be when we work on adding api keys and making whatever minor breaking changes we still need to the JSON ws

        • 2020-09-23 26740, 2020

      • reosarevok
        I dunno if this is superseded by a ton of ws/2.5 API key stuff or not :)

        • 2020-09-17 26120, 2020

      • pristine___
        can someone give me there LASTFM_API_KEY

        • 2020-08-15 22851, 2020

      • ishaanshah
        then we dont expose the API key

        • 2020-08-15 22841, 2020

      • iliekcomputers
        shivam-kapila: we wouldn't want to expose an API key on the frontend anyways, btw.

        • 2020-08-15 22811, 2020

      • ruaok
        and API key or a playnback key?

        • 2020-08-06 21954, 2020

      • yvanzo
        Leo_Verto: setting user-agent should be enough, API key is needed for live data feed mostly.

        • 2020-08-06 21907, 2020

      • Leo_Verto
        Hey yvanzo! Thanks for the answer, I suppose the alternative then would be to keep using the MeB servers and to donate. Is just including the API key in the application possible or would we have to use some kind of proxy?

        • 2020-07-29 21132, 2020

      • ruaok
        if not API keys.

        • 2020-07-29 21117, 2020

      • alastairp
        is there a concern that people start using these endpoints for specific MB queries instead of the API? do we need keys (and unlimited keys for us) ?

        • 2020-07-21 20353, 2020

      • ruaok
        no, but all of the API keys that any of our sites use.

        • 2020-05-11 13230, 2020

      • alastairp
        of course, BPM and Key are already in the API, but I'm looking at getting the individual features PR merged, hopefully tonight

        • 2020-05-11 13217, 2020

      • ruaok
        BPM and key API endpoints by the end of this week is fine.

        • 2020-05-11 13231, 2020

      • ruaok
        alastairp: shall we say that at the end of the week we'll have the annoy endpoints up and the BPM and key API endpoints?

        • 2020-04-28 11905, 2020

      • alastairp
        I'm merging aidanlw17's API endpoint to select individual features (e.g. key, bpm) from a lowlevel document. we need a path for it

        • 2020-03-29 08913, 2020

      • ishaanshah[m]
        iliekcomputers: I am not sure if this is a threat but currently the LB's lastfm api key is revealed through react developer tools.

        • 2020-01-25 02529, 2020

      • alastairp
        DjSlash: AB has no api keys or users

        • 2020-01-25 02536, 2020

      • DjSlash
        I'm using beets and want to submit acoustid fingerprints, but I get "User with the API key does not exist" returned. I've reset the apikey, to no avail

        • 2020-01-21 02146, 2020

      • rdswift
        I think that the application homepage is the page describing the application that you are wanting the api key for.

        • 2020-01-21 02146, 2020

      • sumedh
        I am currently on the step 'Update config.py', and trying to generate the 'LastFM API key'

        • 2020-01-04 00422, 2020

      • sarthak_jain
        Where do I find the API Key?

        • 2019-12-29 36315, 2019

      • Cyna
        ruaok: the case Im considering is when someone is working on his own clone of the database... You will need editing rights using the access keys similar to how you get when using Google Cloud, this would distinguish access level between users and editors. This would help app devs to create their own app easily by integrating APIs for displaying. there are many more use cases that could be considered.

        • 2019-12-25 35906, 2019

      • iliekcomputers
        >In case you don’t have a Last.FM API key, you can get it from Last.FM API page.

        • 2019-12-14 34825, 2019

      • rdswift
        I was able to connect with my MusicBrainz creds (logged into MusicBrainz first), and it showed my my existing api key with an option to generate a new key.

        • 2019-12-14 34853, 2019

      • n1tr0maverick
        man can someone try getting an api key

        • 2019-12-14 34840, 2019

      • n1tr0maverick
        hey CatQuest cant make an API Key :/

        • 2019-12-14 34840, 2019

      • CatQuest
        have you gone to the acoustid site and obtained a api key?

        • 2019-12-14 34824, 2019

      • n1tr0maverick
        hey everyone! had a problem with acoustid. can't seem to authenticate myself to get an API key to upload a fingerprint. it shows that the authentication failed when i try with musicbrainz/google

        • 2019-09-16 25938, 2019

      • Mr_Monkey
        I arrived at the same conclusion for the BookBrainz API (missing object key is an issue in JS), and for consistency and ease of use we decided to always return the direction

        • 2019-09-11 25452, 2019

      • ruaok
        add api keys to /ws/2 and throttle /ws/2 without API keys

        • 2019-08-01 21307, 2019

      • aidanlw17
        Oh okay, the client would need a secret key to access those API endpoints?

        • 2019-05-16 13632, 2019

      • alastairp
        how do I submit acoustids with picard? on mac, I have fpcalc bundled, I added an API key, the album has mbids

        • 2019-05-09 12940, 2019

      • alastairp
        remember, no rate limiting or api keys on AB

        • 2019-04-01 09151, 2019

      • akhilesh
        Mr_Monkey: we will cache all information with key like `entity/bbid`. If request from website server, it will return all linked data, which is necessary for web page. but if this request will come form api server, cache will provide data with linked information, then we filter that information according to `inc`. I am clear to you. This make sense for me for efficient caching.

        • 2019-03-13 07235, 2019

      • zas
        you need an API key

        • 2019-03-05 06439, 2019

      • alastairp
        Freso: I think that "supporters" is directly linked to "has an API key to download the database"

        • 2019-02-08 03936, 2019

      • iliekcomputers
        alastairp: it looks like they're trying to save the scope in the token info, but the thing is that the spotify API now returns the `scope` key itself.

        • 2019-01-29 02936, 2019

      • ruaok
        API key no longer needed?

        • 2019-01-29 02953, 2019

      • amCap1712
        ruaok: I guess the api key only

        • 2019-01-29 02931, 2019

      • amCap1712
        what do we need except the api key?

        • 2019-01-22 02257, 2019

      • alastairp
        (I've never seen any other authenticated api (e.g. with oauth) have an endpoint specifically to check that the keys are correct)

        • 2019-01-07 00759, 2019

      • Borewit
        Picard is using an API-key for accoustic-finger print submission. That authentication method is not documented right?

        • 2018-11-06 31030, 2018

      • outsidecontext
        in the last one setting an AcoustId API key in options fixed it

        • 2018-11-01 30526, 2018

      • rdswift
        Did you get an api key to use for the uploads?

        • 2018-10-29 30258, 2018

      • rdswift
        Me neither, unless it's to set a key for private incoming api endpoints?

        • 2018-08-13 22545, 2018

      • iliekcomputers
        Datasets and user, api_key etc are small, I think.

        • 2018-08-09 22131, 2018

      • iliekcomputers
        About AB, I was planning to create a full dump using `manage.py`, import it into frank, then during downtime create an incremental dump and import it. there are a few private tables (user, api_key) etc which are small enough to dump manually during downtime, I would guess.

        • 2018-03-20 07927, 2018

      • alastairp
        so, that opens questions like 1) rate limit? 2) cache? 3) api key? 4) actually get dumps going? 5) will the db support this long run?

        • 2018-03-11 07017, 2018

      • samj1912
        rdswift: you can have a single API return a json object with the keys stable, beta and dev

        • 2018-02-13 04404, 2018

      • github
        [listenbrainz-server] paramsingh closed pull request #349: LB-303: Add instruction to add last.fm api key to custom_config.py to developement environment setup guide (master...LB-303) https://git.io/vNpsz

        • 2018-02-04 03522, 2018

      • github
        [listenbrainz-server] Uditgulati opened pull request #349: LB-303: Add instruction to add last.fm api key to custom_config.py to developement environment setup guide (master...LB-303) https://git.io/vNpsz

        • 2018-02-01 03228, 2018

      • iliekcomputers
        Have you added a last.fm API key in custom_config.py?

        • 2018-01-18 01820, 2018

      • KassOtsimine
        same with having fpcalc+api key on or not.. might be in a general "information" place

        • 2017-12-19 35322, 2017

      • iliekcomputers
        ruaok: I was gonna start on LB-251 and wanted to ask if there's anything specific you'd like moved from one file to another. I was thinking of keeping all the dev stuff we change a lot in custom_config.py like api keys and stuff that doesn't change much like SQLALCHEMY_DB_URI etc into default_config.py.

        • 2017-11-11 31533, 2017

      • jwf
        Only the API key… not the secret key

        • 2017-11-11 31506, 2017

      • iliekcomputers
        jwf: did you add your last.fm api key to config.py?

        • 2017-10-05 27835, 2017

      • zas
        yes, ws/3 = ws/2 json-only with API keys and better rate limiting control

        • 2017-10-05 27857, 2017

      • samj1912
        reosarevok: ws3 is headed by zas, so he'll be knowing more, I think. But I guess we can have a app specific api key with the users having an ability to use personal keys for better rate limits?

        • 2017-10-05 27835, 2017

      • reosarevok
        thresh: ws/3 is the same, but in JSON and with API keys

        • 2017-09-06 24923, 2017

      • ruaok
        ws/3 is likely going to be a new version of the perl based code, but with API keys.

        • 2017-07-16 19720, 2017

      • zas
        bitmap: json ws is returning null values when entity is undefined, for example "end" : null, is this the result of a design choice ? In JSON APIs there are 2 approachs in this field, one is to always provide known keys and their value (including null meaning undefined), or just omit the key when the value is undefined. See

        • 2017-06-29 18051, 2017

      • zas
        but the part interesting you is: they also query fanart.tv using a hardcoded API key

        • 2017-06-27 17804, 2017

      • zas
        btw, an api key wouldn't help (see strings output, they use hardcoded api key ...), but it would have been much simpler to block

        • 2017-06-27 17823, 2017

      • zas
        but they'll be happy to know their API is used with hardcoded keys ;)

        • 2017-06-27 17814, 2017

      • Leo_Verto[m]
        there are API keys in one of the pastes, those aren't for anything MB, are they?

        • 2017-06-05 15635, 2017

      • Freso
        Actual implementation with regard to rate limit, authentication (API keys, OAuth2), etc., etc. is still mostly entirely up in the air.

        • 2017-06-05 15653, 2017

      • Freso
        SothoTalKer: You... were not listening? API keys are free.

        • 2017-06-05 15611, 2017

      • SothoTalKer
        still, to run my script i would need to buy an api key from you :D

        • 2017-06-05 15639, 2017

      • Freso
        SothoTalKer: There could also be OAuth2 authentication on top of the API key to do per-user stuff regardless of API key being used.

        • 2017-06-05 15642, 2017

      • SothoTalKer
        if the api key is per developer and not per user, anyway...

        • 2017-06-05 15615, 2017

      • reosarevok
        CatQuest: then they have their own API key and they're easy to locate and block :p

        • 2017-06-05 15635, 2017

      • yvanzo
        +1 to API keys

        • 2017-06-05 15652, 2017

      • CatQuest
        +1 to api keys

        • 2017-06-05 15646, 2017

      • Freso
        +1 to API keys either way.

        • 2017-06-05 15605, 2017

      • SothoTalKer
        how much faster would be the "faster" be? And what about me doing my own script, will i get an api key, too? :D

        • 2017-06-05 15606, 2017

      • ruaok
        once we have API keys we can do a lot of things.

        • 2017-06-05 15616, 2017

      • samj1912
        so we are switching entirely to a key based api now? or will simply having a key allow more requests?

        • 2017-06-05 15651, 2017

      • ruaok
        but the idea is that we have API keys and a motivation to move people to JSON.

        • 2017-06-05 15616, 2017

      • zas
        Basically Kong is an API gateway, providing everything to manage an API-key based JSON API, including plugins for rate limiting, oauth, and tons of shit

        • 2017-06-05 15619, 2017

      • ruaok
        we really need to move to an API key, there is no way around it MB has become too popular now.

        • 2017-06-05 15659, 2017

      • zag
        thx, any news about api keys or usage stats? I know that was a hope one day

        • 2017-05-21 14109, 2017

      • Sophist-UK
        ruao: Now I am even less certain what the purpose of API key is.

        • 2017-05-21 14107, 2017

      • ruaok
        API keys would never be required for ws/2 access. If we require them, there will be a ws/3 API, which may be backward compatible....

        • 2017-05-21 14159, 2017

      • Sophist-UK
        API key: -1 from me.

        • 2017-05-21 14126, 2017

      • Sophist-UK
        SothoTalker_: Perhaps I am being dense, but how will an API key fix this problem?

        • 2017-05-21 14128, 2017

      • SothoTalker_
        Sophist-UK: the plan is to change the api to require a key

        • 2017-05-05 12538, 2017

      • SothoTalker_
        zas: what happens to the userscripts when the webservice-with-api-key is implemented?

        • 2017-05-01 12138, 2017

      • zas
        yes, this is why we'll move to api key based ws in the future, to have better control

        • 2017-04-25 11521, 2017

      • kepstin
        if you want faster than 1 req/second, then you basically have two options - look into getting an api key with raised rate limit for the musicbrainz.org ws, or run your own replicated server locally which you can query as fast as you like (or even just read info direct from the postgres db)

        • 2017-04-13 10336, 2017

      • zas
        create an API key and use it ?

        • 2017-04-03 09306, 2017

      • LordSputnik
        The model that MetaBrainz server uses for MB API keys seems good

        • 2017-04-03 09320, 2017

      • LordSputnik
        Well I don't think API keys are that difficult

        • 2017-04-03 09348, 2017

      • alastairp
        ruaok: regarding API design/api keys, etc

        • 2017-04-03 09351, 2017

      • LordSputnik
        So my rough plan was to allow them to generate a secret API key on BookBrainz, and then use that API key to authenticate with the web service (effectively username/password, with the key being the password)

        • 2017-03-06 06521, 2017

      • ruaok
        basically I'm saying that we need API keys for mb.org

        • 2017-03-02 06106, 2017

      • samj1912
        it also has recaptcha, but needs api keys from google

        • 2017-02-20 05142, 2017

      • ruaok
        the live data feed API keys are generated from the users metabrainz profile.

        • 2017-02-20 05128, 2017

      • Gentlecat
        api key for what?

        • 2017-02-20 05151, 2017

      • Quesito
        how does one receive an api key? is it emailed?

        • 2017-02-17 04842, 2017

      • zas
        but it requires an API key

        • 2017-02-15 04601, 2017

      • sai
        @LordSputnik After setting up the postgres database and getting musicbrainz api key i am facing this http://pastebin.com/gGUEy5bY :(

        • 2017-02-07 03825, 2017

      • zas
        Many plugins need an API key for example

        • 2017-01-17 01738, 2017

      • iliekcomputers
        armalcolite: when you make the lookup, you have continue for 'sk', 'api_key' etc but not for 'api_sig'

        • 2017-01-12 01236, 2017

      • Quesito
        ruaok: or team--within MusicBrainz Cover Art API, how does one get or generate MBID? and is there any api key which a supporter should send with request?

        • 2017-01-09 00935, 2017

      • ruaok
        also, note that access to the API is not restricted right now. anyone can make requests without an API access key.

        • 2017-01-03 00356, 2017

      • CallerNo6
        Maybe the api key has to do with datasets. But I don't know that that is either.

        • 2017-01-03 00304, 2017

      • CallerNo6
        third: what does an api key do for me and my acousticbrainz account?

        • 2016-12-10 34559, 2016

      • chirlu
        API key set?

        • 2016-12-10 34527, 2016

      • JefftheBest
        I have the correct API key

        • 2016-08-19 23241, 2016

      • zas
        We'll have to add stuff to manage api keys from user's profile

        • 2016-08-19 23229, 2016

      • zag
        as a big api user I agree, api keys are essential for a reliable service

        • 2016-08-19 23201, 2016

      • zas
        bitmap, Gentlecat: after the serious ws issue we had last days, it becomes more and more urgent to move to api key based ws, during last summit we talked about Kong (https://getkong.org) ruaok and me think we should do the move now, it has implications (like updating applications to be able to use new ws), but we don't have much other choice anyway

        • 2016-07-31 21317, 2016

      • armalcolite
        ruaok: but since we do not generate the API keys used by the apps, so we do not know the secret.

        • 2016-07-20 20218, 2016

      • armalcolite
        Gentlecat: I have to constantly access the various values of tokens in the code (ex, token_id, api_key from which token was created, user_id who is attached to the token)

        • 2016-07-18 20043, 2016

      • alastairp
        client makes another query using this token (plus api key and signature) to retrieve a real access token

        • 2016-07-18 20012, 2016

      • alastairp
        application generates a random token and directs the user to open a url containing api_key and token

        • 2016-07-18 20036, 2016

      • armalcolite
        bcoz token require API_KEY

        • 2016-07-18 20015, 2016

      • alastairp
        in fact, we don't even need api_key

        • 2016-07-18 20004, 2016

      • armalcolite
        alastairp: currently, i check the API key in the GET request and match it with the user who approves it to give him a session key.

        • 2016-07-18 20053, 2016

      • armalcolite
        the API key should be used for making the web-requests

        • 2016-07-15 19723, 2016

      • ruaok
        armalcolite: I'm trying the api_compat branch on commit 5b09 again and I'm still getting the 500 error: BadRequest: JSON document must contain the key listened_at at the top level.

        • 2016-07-11 19317, 2016

      • kartikgupta0909
        the client read the API key from there, makes a login

        • 2016-07-11 19359, 2016

      • kartikgupta0909
        where the user will have his API key

        • 2016-07-07 18926, 2016

      • kartikgupta0909
        can you tell me an api endpoint which does something with the API key of the user?