2019-05-16 13632, 2019

      • alastairp
        how do I submit acoustids with picard? on mac, I have fpcalc bundled, I added an API key, the album has mbids
      • 2019-05-09 12940, 2019

      • remember, no rate limiting or api keys on AB
      • 2019-04-01 09151, 2019

      • akhilesh
        Mr_Monkey: we will cache all information with key like `entity/bbid`. If request from website server, it will return all linked data, which is necessary for web page. but if this request will come form api server, cache will provide data with linked information, then we filter that information according to `inc`. I am clear to you. This make sense for me for efficient caching.
      • 2019-03-13 07235, 2019

      • zas
        you need an API key
      • 2019-03-05 06439, 2019

      • alastairp
        Freso: I think that "supporters" is directly linked to "has an API key to download the database"
      • 2019-02-08 03936, 2019

      • iliekcomputers
        alastairp: it looks like they're trying to save the scope in the token info, but the thing is that the spotify API now returns the `scope` key itself.
      • 2019-01-29 02936, 2019

      • ruaok
        API key no longer needed?
      • amCap1712
        ruaok: I guess the api key only
      • what do we need except the api key?
      • 2019-01-22 02257, 2019

      • alastairp
        (I've never seen any other authenticated api (e.g. with oauth) have an endpoint specifically to check that the keys are correct)
      • 2019-01-07 00759, 2019

      • Borewit
        Picard is using an API-key for accoustic-finger print submission. That authentication method is not documented right?
      • 2018-11-06 31030, 2018

      • outsidecontext
        in the last one setting an AcoustId API key in options fixed it
      • 2018-11-01 30526, 2018

      • rdswift
        Did you get an api key to use for the uploads?
      • 2018-10-29 30258, 2018

      • Me neither, unless it's to set a key for private incoming api endpoints?
      • 2018-08-13 22545, 2018

      • iliekcomputers
        Datasets and user, api_key etc are small, I think.
      • 2018-08-09 22131, 2018

      • About AB, I was planning to create a full dump using `manage.py`, import it into frank, then during downtime create an incremental dump and import it. there are a few private tables (user, api_key) etc which are small enough to dump manually during downtime, I would guess.
      • 2018-03-20 07927, 2018

      • alastairp
        so, that opens questions like 1) rate limit? 2) cache? 3) api key? 4) actually get dumps going? 5) will the db support this long run?
      • 2018-03-11 07017, 2018

      • samj1912
        rdswift: you can have a single API return a json object with the keys stable, beta and dev
      • 2018-02-13 04404, 2018

      • github
        [listenbrainz-server] paramsingh closed pull request #349: LB-303: Add instruction to add last.fm api key to custom_config.py to developement environment setup guide (master...LB-303) https://git.io/vNpsz
      • 2018-02-04 03522, 2018

      • [listenbrainz-server] Uditgulati opened pull request #349: LB-303: Add instruction to add last.fm api key to custom_config.py to developement environment setup guide (master...LB-303) https://git.io/vNpsz
      • 2018-02-01 03228, 2018

      • iliekcomputers
        Have you added a last.fm API key in custom_config.py?
      • 2018-01-18 01820, 2018

      • KassOtsimine
        same with having fpcalc+api key on or not.. might be in a general "information" place
      • 2017-12-19 35322, 2017

      • iliekcomputers
        ruaok: I was gonna start on LB-251 and wanted to ask if there's anything specific you'd like moved from one file to another. I was thinking of keeping all the dev stuff we change a lot in custom_config.py like api keys and stuff that doesn't change much like SQLALCHEMY_DB_URI etc into default_config.py.
      • 2017-11-11 31533, 2017

      • jwf
        Only the API key… not the secret key
      • iliekcomputers
        jwf: did you add your last.fm api key to config.py?
      • 2017-10-05 27835, 2017

      • zas
        yes, ws/3 = ws/2 json-only with API keys and better rate limiting control
      • samj1912
        reosarevok: ws3 is headed by zas, so he'll be knowing more, I think. But I guess we can have a app specific api key with the users having an ability to use personal keys for better rate limits?
      • reosarevok
        thresh: ws/3 is the same, but in JSON and with API keys
      • 2017-09-06 24923, 2017

      • ruaok
        ws/3 is likely going to be a new version of the perl based code, but with API keys.
      • 2017-07-16 19720, 2017

      • zas
        bitmap: json ws is returning null values when entity is undefined, for example "end" : null, is this the result of a design choice ? In JSON APIs there are 2 approachs in this field, one is to always provide known keys and their value (including null meaning undefined), or just omit the key when the value is undefined. See
      • 2017-06-29 18051, 2017

      • but the part interesting you is: they also query fanart.tv using a hardcoded API key
      • 2017-06-27 17804, 2017

      • btw, an api key wouldn't help (see strings output, they use hardcoded api key ...), but it would have been much simpler to block
      • but they'll be happy to know their API is used with hardcoded keys ;)
      • Leo_Verto[m]
        there are API keys in one of the pastes, those aren't for anything MB, are they?
      • 2017-06-05 15635, 2017

      • Freso
        Actual implementation with regard to rate limit, authentication (API keys, OAuth2), etc., etc. is still mostly entirely up in the air.
      • SothoTalKer: You... were not listening? API keys are free.
      • SothoTalKer
        still, to run my script i would need to buy an api key from you :D
      • Freso
        SothoTalKer: There could also be OAuth2 authentication on top of the API key to do per-user stuff regardless of API key being used.
      • SothoTalKer
        if the api key is per developer and not per user, anyway...
      • reosarevok
        CatQuest: then they have their own API key and they're easy to locate and block :p
      • yvanzo
        +1 to API keys
      • CatQuest
        +1 to api keys
      • Freso
        +1 to API keys either way.
      • SothoTalKer
        how much faster would be the "faster" be? And what about me doing my own script, will i get an api key, too? :D
      • ruaok
        once we have API keys we can do a lot of things.
      • samj1912
        so we are switching entirely to a key based api now? or will simply having a key allow more requests?
      • ruaok
        but the idea is that we have API keys and a motivation to move people to JSON.
      • zas
        Basically Kong is an API gateway, providing everything to manage an API-key based JSON API, including plugins for rate limiting, oauth, and tons of shit
      • ruaok
        we really need to move to an API key, there is no way around it MB has become too popular now.
      • zag
        thx, any news about api keys or usage stats? I know that was a hope one day
      • 2017-05-21 14109, 2017

      • Sophist-UK
        ruao: Now I am even less certain what the purpose of API key is.
      • ruaok
        API keys would never be required for ws/2 access. If we require them, there will be a ws/3 API, which may be backward compatible....
      • Sophist-UK
        API key: -1 from me.
      • SothoTalker_: Perhaps I am being dense, but how will an API key fix this problem?
      • SothoTalker_
        Sophist-UK: the plan is to change the api to require a key
      • 2017-05-05 12538, 2017

      • zas: what happens to the userscripts when the webservice-with-api-key is implemented?
      • 2017-05-01 12138, 2017

      • zas
        yes, this is why we'll move to api key based ws in the future, to have better control
      • 2017-04-25 11521, 2017

      • kepstin
        if you want faster than 1 req/second, then you basically have two options - look into getting an api key with raised rate limit for the musicbrainz.org ws, or run your own replicated server locally which you can query as fast as you like (or even just read info direct from the postgres db)
      • 2017-04-13 10336, 2017

      • zas
        create an API key and use it ?
      • 2017-04-03 09306, 2017

      • LordSputnik
        The model that MetaBrainz server uses for MB API keys seems good
      • Well I don't think API keys are that difficult
      • alastairp
        ruaok: regarding API design/api keys, etc
      • LordSputnik
        So my rough plan was to allow them to generate a secret API key on BookBrainz, and then use that API key to authenticate with the web service (effectively username/password, with the key being the password)
      • 2017-03-06 06521, 2017

      • ruaok
        basically I'm saying that we need API keys for mb.org
      • 2017-03-02 06106, 2017

      • samj1912
        it also has recaptcha, but needs api keys from google
      • 2017-02-20 05142, 2017

      • ruaok
        the live data feed API keys are generated from the users metabrainz profile.
      • Gentlecat
        api key for what?
      • Quesito
        how does one receive an api key? is it emailed?
      • 2017-02-17 04842, 2017

      • zas
        but it requires an API key
      • 2017-02-15 04601, 2017

      • sai
        @LordSputnik After setting up the postgres database and getting musicbrainz api key i am facing this http://pastebin.com/gGUEy5bY :(
      • 2017-02-07 03825, 2017

      • zas
        Many plugins need an API key for example
      • 2017-01-17 01738, 2017

      • iliekcomputers
        armalcolite: when you make the lookup, you have continue for 'sk', 'api_key' etc but not for 'api_sig'
      • 2017-01-12 01236, 2017

      • Quesito
        ruaok: or team--within MusicBrainz Cover Art API, how does one get or generate MBID? and is there any api key which a supporter should send with request?
      • 2017-01-09 00935, 2017

      • ruaok
        also, note that access to the API is not restricted right now. anyone can make requests without an API access key.
      • 2017-01-03 00356, 2017

      • CallerNo6
        Maybe the api key has to do with datasets. But I don't know that that is either.
      • third: what does an api key do for me and my acousticbrainz account?
      • 2016-12-10 34559, 2016

      • chirlu
        API key set?
      • JefftheBest
        I have the correct API key
      • 2016-08-19 23241, 2016

      • zas
        We'll have to add stuff to manage api keys from user's profile
      • zag
        as a big api user I agree, api keys are essential for a reliable service
      • zas
        bitmap, Gentlecat: after the serious ws issue we had last days, it becomes more and more urgent to move to api key based ws, during last summit we talked about Kong (https://getkong.org), ruaok and me think we should do the move now, it has implications (like updating applications to be able to use new ws), but we don't have much other choice anyway
      • 2016-07-31 21317, 2016

      • armalcolite
        ruaok: but since we do not generate the API keys used by the apps, so we do not know the secret.
      • 2016-07-20 20218, 2016

      • Gentlecat: I have to constantly access the various values of tokens in the code (ex, token_id, api_key from which token was created, user_id who is attached to the token)
      • 2016-07-18 20043, 2016

      • alastairp
        client makes another query using this token (plus api key and signature) to retrieve a real access token
      • application generates a random token and directs the user to open a url containing api_key and token
      • armalcolite
        bcoz token require API_KEY
      • alastairp
        in fact, we don't even need api_key
      • armalcolite
        alastairp: currently, i check the API key in the GET request and match it with the user who approves it to give him a session key.
      • the API key should be used for making the web-requests
      • 2016-07-15 19723, 2016

      • ruaok
        armalcolite: I'm trying the api_compat branch on commit 5b09 again and I'm still getting the 500 error: BadRequest: JSON document must contain the key listened_at at the top level.
      • 2016-07-11 19317, 2016

      • kartikgupta0909
        the client read the API key from there, makes a login
      • where the user will have his API key
      • 2016-07-07 18926, 2016

      • can you tell me an api endpoint which does something with the API key of the user?
      • alastairp
        if you make an API call with the key in the header, then it will log you in
      • kartikgupta0909
        alastairp: cant we use the API key being given to us by the user (stored in a config file with the client)instead of making them log in?
      • When I check the api_key table , that is empty too
      • 2016-06-30 18209, 2016

      • yes like the API key
      • 2016-06-28 18027, 2016

      • Gentlecat
        I applied that api key upgrade on the old database
      • yeah, there's no api_key
      • alastairp
        but I don't think api keys are
      • 2016-06-23 17557, 2016

      • Gentlecat
        probably with API key
      • 2016-06-20 17230, 2016

      • alastairp
        Gentlecat: I just pushed api key login to the dataset-api branch
      • 2016-06-14 16643, 2016

      • admin + api key today / tomorrow
      • postgres insert error, admin, api key, gulp watch
      • 2016-06-13 16512, 2016

      • armalcolite
        this would be the "api_key" for the compat API. Using this we fetch a "api_token", and then the "sk" (session key)
      • 2016-06-10 16217, 2016

      • alastairp
        current merge plan is dataset list, admin, API key, dataset snapshots
      • 2016-06-07 15901, 2016

      • I have a magic API key. Not sure what super powers it gives me
      • 2016-05-09 13006, 2016

      • zas
        but this is still not enough, NewHost + Api key is the way to go to significantly improve the situation
      • i think a simple rule for all is better, at least for the public and normal web service, until we have an api key based web service
      • 2016-05-05 12613, 2016

      • alastairp
        -client tells its username and api key and asks for any jobs to be done
      • kartikgupta0909
        yes, API key might be sufficient for authentication
      • alastairp
        kartikgupta0909: right. Gentlecat started a patch for API keys for users
      • 2016-04-30 12150, 2016

      • zas
        And 503s are rising again, so IP blocking campaign isn't that efficient, the new rate limiter based on redis + API key is clearly the way to go
      • 2016-04-29 12036, 2016

      • Gentlecat
        as in just change the wording to say that API key is also for our services
      • ruaok
        the API key signup is the most work, but Gentlecat can copy and paste some bits from the live feed signup bits.
      • meaning that authors need to use the new API endpoint with API key.
      • I am inclined to write two tickets for this feature: one for MEB to implement API keys and one for MBS to implement this on wsN.mb.o
      • without API key, you get the old 1s limit, which we can throttle in favor of users with keys.
      • get an API key, use the new system.
      • now, API keys is another question. I suppose we should do that too.
      • zag
        and api keys really do help monitoring
      • 2016-04-27 11802, 2016

      • CallerNo6
        <CallerNo6> Q. Do I need an API key?
      • Q. Do I need an API key?
      • 2016-04-24 11502, 2016

      • LordSputnik
        Looks like it wants a MetaBrainz API key to do replication
      • 2016-03-23 08336, 2016

      • alastairp
        also, we're back to IP distribution, even if we still do have an API key
      • 2016-03-17 07718, 2016

      • ruaok
        which is what we do anyway, minus having to police api keys.
      • zag
        for things like headphones, if you had an API key, just revoke it if they use too much and give others priority
      • api keys are essential
      • You guys should really move to a API key system and manage traffic better imo
      • 2016-03-08 06842, 2016

      • MBJenkins
        Michael Wiencek: Make sure /users/by-external/ is requested with the API key
      • 2016-03-07 06708, 2016

      • Michael Wiencek: Make sure /users/by-external/ is requested with the API key
      • 2016-03-04 06435, 2016

      • alastairp
        armalcolite: if a user's scrobble data is public, then we don't need *their* API key. We only need *a* API key
      • armalcolite
        alastairp: my idea is to scrap the key by parsing DOM and then make api-calls
      • 2016-03-02 06233, 2016

      • alastairp
        this was our trick to get around the API key requirement
      • for 1) we would have to distribute a lastfm api key to people’s browsers, and also verify that they have the correct access-control headers available for us to do it
      • 1) have javascript like we currently have, but it uses the API instead of the website. If lastfm blocks the api key, we change it
      • in fact, lastfm still has problems with creating api keys since they released their new site
      • if people download an app, they will need an api key. this is also possibly difficult
      • armalcolite
        and all we need is api key and username to access lastfm
      • 2016-03-01 06142, 2016

      • kepstin
        there apparently are still some issues with the last.fm api, but the track api needed to do imports works well enough, and they allow getting new application api keys. I'd say go for it :)
      • 2016-02-17 04851, 2016

      • the last.fm api for scrobble history still mostly works, and they *are* issue api keys now :/
      • ruaok
        the last.fm API is broken and they seem to not be issuing API keys anylonger.
      • 2016-01-15 01536, 2016

      • Freso
        opatel99: Also, have a look at how https://bitbucket.org/Freso/nikki-userscripts/s... stores the API key. This way it's easy for someone who wants to change the API key for whatever reason without having to dig through the code. Also look at the @name compared to yours.
      • opatel99
        Freso: or reosarevok: To make the user script experience simplest, I have gotten the API to work fully. However, for the key, should I make a dummy account for a dummy key? I didn't find any *Brainz accounts (did find pages)
      • 2016-01-14 01413, 2016

      • reosarevok
        Does the API require any sort of key or is it just open?
      • 2016-01-10 01022, 2016

      • Freso
        So it will have to be someone's personal account having the API key attached. I can make one, I guess.
      • opatel99: MB doesn't have an account. I don't think pages can get API keys either.
      • Probably. If you can make several keys, it's likely safe, as the worst-case scenario is that the userscript key gets blocked, but any other API keys you may have will continue to work.
      • I currently use a single API key for https://bitbucket.org/Freso/nikki-userscripts/s... , but that one's also not advertised very much.
      • opatel99: Hm. Can you create multiple API keys?