Freso: I think that "supporters" is directly linked to "has an API key to download the database"
2019-02-08 03936, 2019
alastairp: it looks like they're trying to save the scope in the token info, but the thing is that the spotify API now returns the `scope` key itself.
2019-01-29 02936, 2019
API key no longer needed?
ruaok: I guess the api key only
what do we need except the api key?
2019-01-22 02257, 2019
(I've never seen any other authenticated api (e.g. with oauth) have an endpoint specifically to check that the keys are correct)
2019-01-07 00759, 2019
Picard is using an API-key for accoustic-finger print submission. That authentication method is not documented right?
2018-11-06 31030, 2018
in the last one setting an AcoustId API key in options fixed it
2018-11-01 30526, 2018
Did you get an api key to use for the uploads?
2018-10-29 30258, 2018
Me neither, unless it's to set a key for private incoming api endpoints?
2018-08-13 22545, 2018
Datasets and user, api_key etc are small, I think.
2018-08-09 22131, 2018
About AB, I was planning to create a full dump using `manage.py`, import it into frank, then during downtime create an incremental dump and import it. there are a few private tables (user, api_key) etc which are small enough to dump manually during downtime, I would guess.
2018-03-20 07927, 2018
so, that opens questions like 1) rate limit? 2) cache? 3) api key? 4) actually get dumps going? 5) will the db support this long run?
2018-03-11 07017, 2018
rdswift: you can have a single API return a json object with the keys stable, beta and dev
2018-02-13 04404, 2018
[listenbrainz-server] paramsingh closed pull request #349: LB-303: Add instruction to add last.fm api key to custom_config.py to developement environment setup guide (master...LB-303) https://git.io/vNpsz
2018-02-04 03522, 2018
[listenbrainz-server] Uditgulati opened pull request #349: LB-303: Add instruction to add last.fm api key to custom_config.py to developement environment setup guide (master...LB-303) https://git.io/vNpsz
2018-02-01 03228, 2018
Have you added a last.fm API key in custom_config.py?
2018-01-18 01820, 2018
same with having fpcalc+api key on or not.. might be in a general "information" place
2017-12-19 35322, 2017
ruaok: I was gonna start on LB-251 and wanted to ask if there's anything specific you'd like moved from one file to another. I was thinking of keeping all the dev stuff we change a lot in custom_config.py like api keys and stuff that doesn't change much like SQLALCHEMY_DB_URI etc into default_config.py.
2017-11-11 31533, 2017
Only the API key… not the secret key
jwf: did you add your last.fm api key to config.py?
2017-10-05 27835, 2017
yes, ws/3 = ws/2 json-only with API keys and better rate limiting control
reosarevok: ws3 is headed by zas, so he'll be knowing more, I think. But I guess we can have a app specific api key with the users having an ability to use personal keys for better rate limits?
thresh: ws/3 is the same, but in JSON and with API keys
2017-09-06 24923, 2017
ws/3 is likely going to be a new version of the perl based code, but with API keys.
2017-07-16 19720, 2017
bitmap: json ws is returning null values when entity is undefined, for example "end" : null, is this the result of a design choice ? In JSON APIs there are 2 approachs in this field, one is to always provide known keys and their value (including null meaning undefined), or just omit the key when the value is undefined. See
2017-06-29 18051, 2017
but the part interesting you is: they also query fanart.tv using a hardcoded API key
2017-06-27 17804, 2017
btw, an api key wouldn't help (see strings output, they use hardcoded api key ...), but it would have been much simpler to block
but they'll be happy to know their API is used with hardcoded keys ;)
there are API keys in one of the pastes, those aren't for anything MB, are they?
2017-06-05 15635, 2017
Actual implementation with regard to rate limit, authentication (API keys, OAuth2), etc., etc. is still mostly entirely up in the air.
SothoTalKer: You... were not listening? API keys are free.
still, to run my script i would need to buy an api key from you :D
SothoTalKer: There could also be OAuth2 authentication on top of the API key to do per-user stuff regardless of API key being used.
if the api key is per developer and not per user, anyway...
CatQuest: then they have their own API key and they're easy to locate and block :p
+1 to API keys
+1 to api keys
+1 to API keys either way.
how much faster would be the "faster" be? And what about me doing my own script, will i get an api key, too? :D
once we have API keys we can do a lot of things.
so we are switching entirely to a key based api now? or will simply having a key allow more requests?
but the idea is that we have API keys and a motivation to move people to JSON.
Basically Kong is an API gateway, providing everything to manage an API-key based JSON API, including plugins for rate limiting, oauth, and tons of shit
we really need to move to an API key, there is no way around it MB has become too popular now.
thx, any news about api keys or usage stats? I know that was a hope one day
2017-05-21 14109, 2017
ruao: Now I am even less certain what the purpose of API key is.
API keys would never be required for ws/2 access. If we require them, there will be a ws/3 API, which may be backward compatible....
API key: -1 from me.
SothoTalker_: Perhaps I am being dense, but how will an API key fix this problem?
Sophist-UK: the plan is to change the api to require a key
2017-05-05 12538, 2017
zas: what happens to the userscripts when the webservice-with-api-key is implemented?
2017-05-01 12138, 2017
yes, this is why we'll move to api key based ws in the future, to have better control
2017-04-25 11521, 2017
if you want faster than 1 req/second, then you basically have two options - look into getting an api key with raised rate limit for the musicbrainz.org ws, or run your own replicated server locally which you can query as fast as you like (or even just read info direct from the postgres db)
2017-04-13 10336, 2017
create an API key and use it ?
2017-04-03 09306, 2017
The model that MetaBrainz server uses for MB API keys seems good
Well I don't think API keys are that difficult
ruaok: regarding API design/api keys, etc
So my rough plan was to allow them to generate a secret API key on BookBrainz, and then use that API key to authenticate with the web service (effectively username/password, with the key being the password)
2017-03-06 06521, 2017
basically I'm saying that we need API keys for mb.org
2017-03-02 06106, 2017
it also has recaptcha, but needs api keys from google
2017-02-20 05142, 2017
the live data feed API keys are generated from the users metabrainz profile.
armalcolite: when you make the lookup, you have continue for 'sk', 'api_key' etc but not for 'api_sig'
2017-01-12 01236, 2017
ruaok: or team--within MusicBrainz Cover Art API, how does one get or generate MBID? and is there any api key which a supporter should send with request?
2017-01-09 00935, 2017
also, note that access to the API is not restricted right now. anyone can make requests without an API access key.
2017-01-03 00356, 2017
Maybe the api key has to do with datasets. But I don't know that that is either.
third: what does an api key do for me and my acousticbrainz account?
2016-12-10 34559, 2016
API key set?
I have the correct API key
2016-08-19 23241, 2016
We'll have to add stuff to manage api keys from user's profile
as a big api user I agree, api keys are essential for a reliable service
bitmap, Gentlecat: after the serious ws issue we had last days, it becomes more and more urgent to move to api key based ws, during last summit we talked about Kong (https://getkong.org), ruaok and me think we should do the move now, it has implications (like updating applications to be able to use new ws), but we don't have much other choice anyway
2016-07-31 21317, 2016
ruaok: but since we do not generate the API keys used by the apps, so we do not know the secret.
2016-07-20 20218, 2016
Gentlecat: I have to constantly access the various values of tokens in the code (ex, token_id, api_key from which token was created, user_id who is attached to the token)
2016-07-18 20043, 2016
client makes another query using this token (plus api key and signature) to retrieve a real access token
application generates a random token and directs the user to open a url containing api_key and token
bcoz token require API_KEY
in fact, we don't even need api_key
alastairp: currently, i check the API key in the GET request and match it with the user who approves it to give him a session key.
the API key should be used for making the web-requests
2016-07-15 19723, 2016
armalcolite: I'm trying the api_compat branch on commit 5b09 again and I'm still getting the 500 error: BadRequest: JSON document must contain the key listened_at at the top level.
2016-07-11 19317, 2016
the client read the API key from there, makes a login
where the user will have his API key
2016-07-07 18926, 2016
can you tell me an api endpoint which does something with the API key of the user?
if you make an API call with the key in the header, then it will log you in
alastairp: cant we use the API key being given to us by the user (stored in a config file with the client)instead of making them log in?
When I check the api_key table , that is empty too
2016-06-30 18209, 2016
yes like the API key
2016-06-28 18027, 2016
I applied that api key upgrade on the old database
yeah, there's no api_key
but I don't think api keys are
2016-06-23 17557, 2016
probably with API key
2016-06-20 17230, 2016
Gentlecat: I just pushed api key login to the dataset-api branch
2016-06-14 16643, 2016
admin + api key today / tomorrow
postgres insert error, admin, api key, gulp watch
2016-06-13 16512, 2016
this would be the "api_key" for the compat API. Using this we fetch a "api_token", and then the "sk" (session key)
2016-06-10 16217, 2016
current merge plan is dataset list, admin, API key, dataset snapshots
2016-06-07 15901, 2016
I have a magic API key. Not sure what super powers it gives me
2016-05-09 13006, 2016
but this is still not enough, NewHost + Api key is the way to go to significantly improve the situation
i think a simple rule for all is better, at least for the public and normal web service, until we have an api key based web service
2016-05-05 12613, 2016
-client tells its username and api key and asks for any jobs to be done
yes, API key might be sufficient for authentication
kartikgupta0909: right. Gentlecat started a patch for API keys for users
2016-04-30 12150, 2016
And 503s are rising again, so IP blocking campaign isn't that efficient, the new rate limiter based on redis + API key is clearly the way to go
2016-04-29 12036, 2016
as in just change the wording to say that API key is also for our services
the API key signup is the most work, but Gentlecat can copy and paste some bits from the live feed signup bits.
meaning that authors need to use the new API endpoint with API key.
I am inclined to write two tickets for this feature: one for MEB to implement API keys and one for MBS to implement this on wsN.mb.o
without API key, you get the old 1s limit, which we can throttle in favor of users with keys.
get an API key, use the new system.
now, API keys is another question. I suppose we should do that too.
and api keys really do help monitoring
2016-04-27 11802, 2016
<CallerNo6> Q. Do I need an API key?
Q. Do I need an API key?
2016-04-24 11502, 2016
Looks like it wants a MetaBrainz API key to do replication
2016-03-23 08336, 2016
also, we're back to IP distribution, even if we still do have an API key
2016-03-17 07718, 2016
which is what we do anyway, minus having to police api keys.
for things like headphones, if you had an API key, just revoke it if they use too much and give others priority
api keys are essential
You guys should really move to a API key system and manage traffic better imo
2016-03-08 06842, 2016
Michael Wiencek: Make sure /users/by-external/ is requested with the API key
2016-03-07 06708, 2016
Michael Wiencek: Make sure /users/by-external/ is requested with the API key
2016-03-04 06435, 2016
armalcolite: if a user's scrobble data is public, then we don't need *their* API key. We only need *a* API key
alastairp: my idea is to scrap the key by parsing DOM and then make api-calls
2016-03-02 06233, 2016
this was our trick to get around the API key requirement
for 1) we would have to distribute a lastfm api key to people’s browsers, and also verify that they have the correct access-control headers available for us to do it
in fact, lastfm still has problems with creating api keys since they released their new site
if people download an app, they will need an api key. this is also possibly difficult
and all we need is api key and username to access lastfm
2016-03-01 06142, 2016
there apparently are still some issues with the last.fm api, but the track api needed to do imports works well enough, and they allow getting new application api keys. I'd say go for it :)
2016-02-17 04851, 2016
the last.fm api for scrobble history still mostly works, and they *are* issue api keys now :/
the last.fm API is broken and they seem to not be issuing API keys anylonger.
2016-01-15 01536, 2016
opatel99: Also, have a look at how https://bitbucket.org/Freso/nikki-userscripts/s... stores the API key. This way it's easy for someone who wants to change the API key for whatever reason without having to dig through the code. Also look at the @name compared to yours.
Freso: or reosarevok: To make the user script experience simplest, I have gotten the API to work fully. However, for the key, should I make a dummy account for a dummy key? I didn't find any *Brainz accounts (did find pages)
2016-01-14 01413, 2016
Does the API require any sort of key or is it just open?
2016-01-10 01022, 2016
So it will have to be someone's personal account having the API key attached. I can make one, I guess.
opatel99: MB doesn't have an account. I don't think pages can get API keys either.
Probably. If you can make several keys, it's likely safe, as the worst-case scenario is that the userscript key gets blocked, but any other API keys you may have will continue to work.
in any case, for a listenbrainz import, the getrecenttracks api is far more complete than the current page-scraping method; i guess the only reason it wasn't used was the inability to get a new api key?
they never broke any of their apis, afaik. only the ability to get new api keys