Page 1 of 1 (9 items)
This post has 8 Replies | 0 Followers

Posts 24
William Hatfield | Forum Activity | Posted: Wed, Nov 10 2010 10:31 AM

Here are things that would be helpful in improving the api.

 

1) access to more bibles.  Can we get around the licensing issues by using the same login procedure as biblia.com uses?  Other websites do this all the time to encourage usage. I would think this would fit well with logos' business model.  It also is done a lot with mobile apps - they get your login for the site and use it to bring the info to your phone.

2) drop the built-in formatting from the [EachVerse] tag

3)doing some basic word study or passage guide stuff would be nice...also would be a good way to sell books to people who get into bible study using biblia.com and want more power in their study.  is it possible to bring this over from library.logos.com?

The api is a promising start.  Just wondering what the next steps are.

 

Thanks!

Will

 

Posts 408
LogosEmployee
Bryan Smith | Forum Activity | Replied: Wed, Nov 10 2010 11:00 AM

Thanks for the feedback, William.

We do hope to eventually provide access to more resources, but the issue is a bit complicated. We could use the same standard login for you (the developer), but unfortunately a license owned by you does not grant you permission to distribute to your users. In order for this to work in a way that is safe (safe not just because of licensing, but also for the end users whose credentials need to be kept secure) we need to authenticate users of your application to verify that they have a license for the resource they're viewing.  This requires an authentication system that we currently don't have in place. 

As I said, we hope to move toward this feature in the future, but we're currently pretty busy with other projects. :) In the meantime, we will be maintaining the existing functionality, and may occasionally add new APIs depending on how often the feature is requested and the relative ease of implementing it.

Thanks,

Bryan

Posts 24
William Hatfield | Forum Activity | Replied: Wed, Nov 10 2010 6:22 PM

Hmmm.

All I'm really asking for is the ability within the api to allow a user of my program to enter their login info for biblia.com for example, pass that info to you through the api and allow you guys to authenticate that they are an authentic user and  they are licensed for book xyz.  To me that's what you are already doing with your own login on biblia.com, right?  I don't want to authenticate users of my program but pass the info on to you so that you can authenticate it and then let me pass them back info they are licensed to see.

Is that possible or easy?

Will

 

Posts 408
LogosEmployee
Bryan Smith | Forum Activity | Replied: Wed, Nov 10 2010 6:53 PM

The issue is that the "chain of custody" with the credentials is broken when the user gives them to the application consuming our API. While I'm sure that most developers would handle the credentials securely, we have no way of knowing that this is the case. For us to ask our users to give their credentials to other sites/applications (that may or may not be trustworthy) would violate the trust that our users have placed in us.

Systems like OAuth would allow end users to grant permission to a 3rd party (you, the developer using our API) , while submiting their credentials *directly* to us, without the possibility of them being intercepted and used for malicious purposes. Such a system is what we would need to implement before providing this functionality. It's certainly possible (and likely), but it's not entirely simple for us to integrate into our existing system.

Posts 24
William Hatfield | Forum Activity | Replied: Thu, Nov 11 2010 7:25 AM

Makes sense.  So it's more a security issue than a licensing one.  In that case, I think you should bump the priority up to get this done.  There's a lot of avenues that will open up to get Logos' superior products in front of people if this is taken care of, IMO.

 

Thanks!

Posts 10
Mark Carey | Forum Activity | Replied: Thu, Dec 16 2010 7:47 AM

Hah! I was just about to suggest OAuth or OAuth2 as an access control mechanism to allow access to more resources.

Well it looks like its on the radar at least. 

Also hoping to get rid of the apikey as a GET parameter.  Yuk!

Posts 24
William Hatfield | Forum Activity | Replied: Tue, Jan 4 2011 2:38 PM

Bryan,

 

Any idea how soon OAuth (or whatever) might be implemented?  I've done my homework on how to do OAuth and I'm ready to go when you guys are...

 

Will

 

Posts 408
LogosEmployee
Bryan Smith | Forum Activity | Replied: Tue, Jan 4 2011 2:59 PM

Sorry, I don't have an ETA on this. All our developers are currently busy with other projects.

Posts 24
William Hatfield | Forum Activity | Replied: Wed, Jan 5 2011 1:58 PM

ok thx

Page 1 of 1 (9 items) | RSS