ForumsDevelopersDid Lookup Account API Change?


Did Lookup Account API Change?
Author Message
mike

Posted: Feb 08, 2011
Score: 0 Reference
I have had users complaining today (and I verified on my own) that the previously working app fails to log in. The error message is "Empty AppID". Verifying via sniffing and the code itself, for the account/lookup.php method, I have never passed the AppID or a signature to the lookup account call, only gettoken calls. Nowhere in any of my notes do I have this, and everything just stopped working today. Please tell me this was a change on your end and that I am not insane?

I can see to fix I just need to use AppID and MD5(email+apptoken), but as you can see I have a lot of users of my app, and I don't have that code!

Please explain. Thanks.
Jake

Toodledo Founder
Posted: Feb 09, 2011
Score: 0 Reference
The documentation for the account/lookup.php API method has always indicated that you need to authenticate using an AppID and signature. We discovered a bug that was not enforcing this authentication. This was important to fix to help prevent dictionary attacks on user's passwords. How long do you think it will take for you to fix your code?
mike

Posted: Feb 09, 2011
Score: 0 Reference
Ok, so I may be stupid, but at least I'm not crazy (at least for this issue).

My code is changed, as it was a very minor fix, but it's going to take Microsoft 5-10 days to get it to the Windows Phone Marketplace. Until then, all users of the Windows Phone app cannot login once they have logged out, and all new users are unable to log in.

Thanks.
Jake

Toodledo Founder
Posted: Feb 09, 2011
Score: 0 Reference
I just reverted it back to the way it was before. I'll leave it this way for 2 weeks and then put it back to requiring authentication.
andrew

Posted: Feb 09, 2011
Score: 0 Reference
Perhaps I'm stupid too but I coded to your documentation and I don't have the AppID and signature in there either. I just have lots of deeply unhappy customers.

It would be great if you could notify us in advance of making any further changes to the API.

Thanks,
Andrew
Jake

Toodledo Founder
Posted: Feb 10, 2011
Score: 0 Reference
I am sorry for the inconvenience. I have reverted it back, so it should be working again. The documentation clearly indicates the required authentication mechanism, but we should have been more cautious in fixing this bug. In the future, we will make more announcements about pending changes to the API that might cause backwards incompatibility. Please update your app with the necessary authentication and let us know when it is ready so that we can fix the bug for good.
andrew

Posted: Feb 17, 2011
Score: 0 Reference
Hi,

TaskAngel now has the change to account/lookup.php in the released build. Thank you very much for giving us time to implement and test this.

Regards,
Andrew
You cannot reply yet

U Back to topic home

R Post a reply

To participate in these forums, you must be signed in.