Jump to content
Arix

Voting API documentation and feature requests

Recommended Posts

Currently, there is no real developer documentation, and in fact there is no documentation at all besides (questionable?) tutorials. This could definitely be improved:

  • A swagger could be provided, however, the voting API is, to my knowledge, just one endpoint. (We would also host an instance of Swagger UI to display this swagger definition)
  • A custom page could be created as a means of API spec.

Additionally, @Nouish requested that we add the voter's IP to the callback. This could be used to verify legitimacy of the vote.

If there are more suggestions please post them below and I will add them to the topic post.

Share this post


Link to post
Share on other sites

To list questionable choices in the voting API:

  • GET instead of POST (other toplists seem to do this too, but not all!)
  • As mentioned IP is never fed back, and could be used to help avoid abuse
  • Having a dedicated IP/hostname for the callback would be helpful to verify that requests indeed come from you (callback.runelocus.com ie to confirm with)


New endpoints that would be handy:

  • A way to fetch votes since x period, in case of downtime on user end (or callbacks failing for other reasons)
  • Batch-API to see if someone voted by listing/ip to periodically check and tip people to vote

 

Thank you for actually looking into it :)

Edited by Nouish

Share this post


Link to post
Share on other sites
14 minutes ago, Nouish said:
  • GET instead of POST (other toplists seem to do this too, but not all!

This is because way back in the stone ages, submitting a form from HTML via query parameters, had to be GET, and POST for form parameters in the body of the request. Indeed, we could support both, but it is a breaking change if we would replace it.

14 minutes ago, Nouish said:
  • Having a dedicated IP/hostname for the callback would be helpful to verify that requests indeed come from you (callback.runelocus.com ie to confirm with)

A better way to verify an authority is by verifying the server certificate. In fact, we could expand on this by providing optional mutual SSL for the more serious guys (requires a bit of work on Toplist end) so that both sides trust eachother, and neither can be faked. I however don't expect many people to use this. This is not the mentality of RSPS.

14 minutes ago, Nouish said:
  • Batch-API to see if someone voted by listing/ip to periodically check and tip people to vote

Not sure if reliable with dynamic IP's.

Share this post


Link to post
Share on other sites
7 minutes ago, Arix said:

This is because way back in the stone ages, submitting a form from HTML via query parameters, had to be GET, and POST for form parameters in the body of the request. Indeed, we could support both, but it is a breaking change if we would replace it.

I mean on the callback itself. Understand it is a breaking change so I'm really not expecting that one to change, however.

7 minutes ago, Arix said:

Not sure if reliable with dynamic IP's.

Better than nothing, and from the numbers I was looking at dynamic IPs are only common in the US.

7 minutes ago, Arix said:

A better way to verify an authority is by verifying the server certificate. In fact, we could expand on this by providing optional mutual SSL for the more serious guys (requires a bit of work on Toplist end) so that both sides trust eachother, and neither can be faked. I however don't expect many people to use this. This is not the mentality of RSPS.

That would make Runelocus very different from the other toplists again (and I somewhat doubt they would follow).

Edited by Nouish

Share this post


Link to post
Share on other sites
1 minute ago, Nouish said:

I mean on the callback itself. Understand it is a breaking change so I'm really not expecting that one to change, however.

Oh I see, yeah the same applies. Maybe a V2 implementation could be offered for the new ways because I'm all for it!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×