Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: [idea] Clan permissioning / clan token

  1. #1

    Lightbulb [idea] Clan permissioning / clan token

    Not all clans want to share their data with everyone (in particular war logs, on which they have control) but still want to use the API to manage their clan.

    Suggestion: The clan leader/cos could either mark their data as public or private. If public, anyone could access it. If private, they could generate (revoke) clan specific token(s) to authorize specific individual/apps to access their data (war log, current war and maybe member profile details).

  2. #2
    Forum Master Saleh47's Avatar
    Join Date
    Sep 2014
    Location
    Lebanon
    Posts
    12,431
    Fully agree on this as a solution for current situation. But that will somehow look weird for those who know nothing about the API & see the code & generate button in their clan settings. However I would like to see something like that implemented!

    Thanks for DragonX101 for his great work!

  3. #3
    Junior Member stevenfail's Avatar
    Join Date
    Aug 2016
    Location
    Tennessee, USA
    Posts
    65
    This would be awesome...we'd love to have this ability.

  4. #4
    Forum Elder
    Join Date
    Sep 2015
    Posts
    2,392
    Quote Originally Posted by Saleh47 View Post
    Fully agree on this as a solution for current situation. But that will somehow look weird for those who know nothing about the API & see the code & generate button in their clan settings. However I would like to see something like that implemented!
    The code will be not be visible to them. They can only see the button to switch public/private data. The clash of clans API will send this information to the server and token is generated at server side. I don't think generating token for that will be necessary.

    You can revoke anything from the public API if it is set to private.

  5. #5

    Join Date
    Jun 2015
    Location
    Stealing your DE
    Posts
    735
    Quote Originally Posted by forever10 View Post
    The code will be not be visible to them. They can only see the button to switch public/private data. The clash of clans API will send this information to the server and token is generated at server side. I don't think generating token for that will be necessary.

    You can revoke anything from the public API if it is set to private.
    Problem is, that an open war log allows spying at a previous opponent and rebuilding the bases.

    So a token, which gets generated randomly, has to be passed to a player tag, then the API will return "valid" or "invalid".

    If the token has 8 characters (0-9&A-Z), this can't be brute-forced too.
    Werner der Champ German CoC Wiki Admin (Link)
    My Ideas:Matchmaking fix for Legends|Cat troop idea|Ultimate Clash Royale Tournament idea
    Quote Originally Posted by WernerderChamp View Post
    Are you again waiting till 100,000,000 total clicks on "Try again" ?

    Quote Originally Posted by Stitch View Post
    Yes. Please hurry up with the final 10,000 taps!


  6. #6
    Forum Elder
    Join Date
    Sep 2015
    Posts
    2,392
    Quote Originally Posted by WernerDerChamp View Post
    Problem is, that an open war log allows spying at a previous opponent and rebuilding the bases.

    So a token, which gets generated randomly, has to be passed to a player tag, then the API will return "valid" or "invalid".

    If the token has 8 characters (0-9&A-Z), this can't be brute-forced too.
    Token is not really needed at all. You can restrict any content to be accessed by public API. If clan war log is set to private then its information will not be accessed by public API.

  7. #7
    Forum Master Saleh47's Avatar
    Join Date
    Sep 2014
    Location
    Lebanon
    Posts
    12,431
    Quote Originally Posted by forever10 View Post
    Token is not really needed at all. You can restrict any content to be accessed by public API. If clan war log is set to private then its information will not be accessed by public API.
    What this suggestion is about is to give access to selected sites/apps which leader selects to use. This way they will not be sharing their data with everyone but rather with just specific sites. It needs a private token to be used in the app/site to verify they allow usage

    Thanks for DragonX101 for his great work!

  8. #8
    Forum Elder
    Join Date
    Sep 2015
    Posts
    2,392
    Quote Originally Posted by Saleh47 View Post
    What this suggestion is about is to give access to selected sites/apps which leader selects to use. This way they will not be sharing their data with everyone but rather with just specific sites. It needs a private token to be used in the app/site to verify they allow usage
    Oh yes ofcourse in this case token will be required. But you are only asking that site to hide your private data. People who are using public API for themselves can still see your warlog. There can be sites which refuse to implement this feature at all. So in one way or the other if you are my enemy clan i will manage to see your warlog.

    How about if supercell revokes private warlog from the API?

  9. #9
    Forum Master Saleh47's Avatar
    Join Date
    Sep 2014
    Location
    Lebanon
    Posts
    12,431
    Quote Originally Posted by forever10 View Post
    Oh yes ofcourse in this case token will be required. But you are only asking that site to hide your private data. People who are using public API for themselves can still see your warlog. There can be sites which refuse to implement this feature at all. So in one way or the other if you are my enemy clan i will manage to see your warlog.

    How about if supercell revokes private warlog from the API?
    Yes one solution would be that SC revokes this ability & add it with authentication. So that not every app/site can access it at all.

    Thanks for DragonX101 for his great work!

  10. #10

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •