Results 1 to 7 of 7

Thread: About ALLOWED IP ADDRESSES when create an api key.

  1. #1

    Unhappy About ALLOWED IP ADDRESSES when create an api key.

    In some cloud web service providers, they always give free host for a small web, this is very usefull for clans that they want to build a web site with a lowest or free cost.
    But the cloud web service uses dynamic IP with a wide range, and the range ip not static, so it's very hard to add to list of ALLOWED IP ADDRESSES s when create an api key,
    I think COC DEV team shouldn't combine the allowed ip with the api key, so we easily create a website for clan.

  2. #2
    Junior Member
    Join Date
    Oct 2015
    Posts
    52
    Hello,
    There are other solutions of free hosting out there you know.

    You cannot ask SuperCell to weaken their security rule for the API because of your unfortunate experience, it doesn't sound quite fair.

  3. #3
    I agree with you OriOn86. BUT SuperCell releases a cool API with only GET requests (no way to update any information). So at this moment, we are just able to read data. For me, it could be great to offer a simple way to access this data with only the API key (quite secure way).

    I already find a way to generate a "temporary" API key and make some requests to retrieve clan/members information ;-)
    Last edited by TheOnlyJS; 2 Weeks Ago at 11:04 PM.

  4. #4
    Forum Elder
    Join Date
    Sep 2015
    Posts
    2,077
    Quote Originally Posted by TheOnlyJS View Post
    I agree with you OriOn86. BUT SuperCell releases a cool API with only GET requests (no way to update any information). So at this moment, we are just able to read data. For me, it could be great to offer a simple way to access this data with only the API key (quite secure way).

    I already find a way to generate a "temporary" API key and make some requests to retrieve clan/members information ;-)
    Fething data using their API with JWT is still secure without the requirement of static IP Address but they believe that if your database is compromised attacker can steal your API key and JWT and pretend to be you. He can then setup multiple services with the same key without getting registered.

    Even public API can be compromised. Validating the IP Address prevents attacker to use random IP to attack on the database.

  5. #5

    Join Date
    Jun 2015
    Location
    Stealing your DE
    Posts
    712
    The IP thing makes it hard to impossible to attack the server.

    There are service providers out there using static IPs (Heroku is sadly the only free one). Use Digital Ocean, Amazon Lightsail, Virmach or Scaleway for example.
    Werner der Champ German CoC Wiki Admin (Link)
    My Ideas:Matchmaking fix for Legends|Cat troop idea|Ultimate Clash Royale Tournament idea
    Quote Originally Posted by WernerderChamp View Post
    Are you again waiting till 100,000,000 total clicks on "Try again" ?

    Quote Originally Posted by Stitch View Post
    Yes. Please hurry up with the final 10,000 taps!


  6. #6
    Forum Elder
    Join Date
    Sep 2015
    Posts
    2,077
    Quote Originally Posted by WernerDerChamp View Post
    The IP thing makes it hard to impossible to attack the server.
    It doesn't prevent attacks. They just don't want unregistered users using someone's stolen API key with their own random IPs.

  7. #7
    I'd add that requiring a static IP means that no one can hand the api-key to other people's browsers and make everyone do their own queries. This way encourages people to build caches and make fewer duplicate requests.

Similar Threads

  1. Replies: 2
    Last Post: July 8th, 2016, 01:22 AM
  2. [General] Is SUPERCELL blocking IP addresses now?
    By Xiegfred in forum Bugs & Problems
    Replies: 0
    Last Post: October 1st, 2015, 04:17 AM
  3. Banning IP addresses
    By HydroPenguin in forum Ideas & Feature Requests
    Replies: 7
    Last Post: December 31st, 2014, 03:19 PM
  4. Addresses in Forum Posts?
    By CJH1X4X in forum General
    Replies: 2
    Last Post: July 17th, 2014, 05:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •