Pages:
Author

Topic: [NXT] API 2 Brainstorming (Read 5023 times)

sr. member
Activity: 308
Merit: 250
February 08, 2014, 04:17:20 PM
#58
Account statistics; number of messages / aliases / assets owned, number of transactions done, number of forged blocks, forged block fees, creation date of account, etc..
member
Activity: 111
Merit: 10
January 24, 2014, 10:53:04 AM
#57

Ability to get all assets owned by an account. CFB already mentioned including a call for this.

yeah this one is important!
legendary
Activity: 1181
Merit: 1018
January 24, 2014, 08:36:02 AM
#56

heyhey, I made some experiments - my raspi needs TWO SECONDS to answer a query - while the testnet has a replytime of ~150ms

My concern is the following: when you have to resolve a chain of queries, like when going from block ->transactions -> transaction detail  -- 2 seconds per query does become a factor - you get to resolve 10 or 20 queries, get stuck for 20 to 40 seconds ?!?!?! Think about fast messaging ?!

legendary
Activity: 1181
Merit: 1018
January 23, 2014, 04:30:46 AM
#55
Ability to get transactions where sender = x and recipient = Y. Especially useful for Arbitrary messaging instead of having to loop through potentially thousands of transactions.

Do I understand correctly that atm it is neccessary to query ALL transactions and then filter the list in the client? yup. looks like it. I am actually catching up here...
legendary
Activity: 1181
Merit: 1018
January 23, 2014, 04:04:59 AM
#54

Ability to get all assets owned by an account. CFB already mentioned including a call for this.
sr. member
Activity: 308
Merit: 250
January 22, 2014, 09:12:06 AM
#53
Ability to get transactions where sender = x and recipient = Y. Especially useful for Arbitrary messaging instead of having to loop through potentially thousands of transactions.
sr. member
Activity: 308
Merit: 250
January 17, 2014, 12:08:22 PM
#52
Ability to set timestampend so that it returns transactions BEFORE the timestamp. Good for pagination.

As well as a way to set a limit.
full member
Activity: 168
Merit: 100
IDEX - LIVE Real-time DEX
January 17, 2014, 11:06:40 AM
#51

I'd rather have a solution to use api without any passphrase.

The best way to do this is to have the client do all of the signing and transmit transaction data to the server. No secret phrases would ever leave the client.
newbie
Activity: 17
Merit: 0
January 17, 2014, 07:45:12 AM
#50
Can't wait either... Smiley
full member
Activity: 168
Merit: 100
IDEX - LIVE Real-time DEX
January 16, 2014, 08:23:48 AM
#49

- forged blocks statistics for a given account :
I've been said I have to crawl blocks to know who has computed each, and sum the coins for each account number (I may be wrong...). If it sounds possible, a api call giving forging stats for a nxt account would be relevant

Try getAccountBlockIds in current API.
newbie
Activity: 17
Merit: 0
January 16, 2014, 04:28:27 AM
#48
Hello,

I have two main api addons to ask, because I'm faced with a few limitations in my mobile app :

- forged blocks statistics for a given account :
I've been said I have to crawl blocks to know who has computed each, and sum the coins for each account number (I may be wrong...). If it sounds possible, a api call giving forging stats for a nxt account would be relevant

- tokens to replace the passphrase into api calls :
To send money, one has to send his own passphrase through http. This is truly not secured, because communications can be listened, and modified 'reliable' nodes can store passphrases using a api proxy for example... I'd rather have a solution to use api without any passphrase. To do so, one may imagine the following services :

     getAppToken(application_name, application_secretkey) : returns a token (token_app), used to identify application provider. this token can be given publicly to the users who want to give the app access to their accounts

     allowApp(token_app,account_passphrase, array of allowed functions) : returns a token (token_account_app), which certifies that the account owner allows the app to access to a list of api calls (send money, send message, ...)

The token_account_app is sent by the user to the app owner, who can use it to sign secured API calls, with his own application_secretkey. The called node has to verify the matching between application_secretkey, token_account_app, and allowed api services. The application_secretkey allows to certify it is called from the application owner. (this is close to app_ID+app_secretkey used into google,fb,twitter apis for example).

Doing so, the user does not have anymore to send his passphrase to send money, for example. He can also call a disallowApp(token_app,account_passphrase), which returns the same token_account_app, but remove all allowed functions. Doing so, the application can not call anymore any API functions. The allowed functions list could be stored into the blockchain, or even locally on the application dedicated node (ie the user allows a specified node to do API calls).

I've tried to keep it simple, and this is certainly not perfect. This is a very first proposal, in order to talk about with nxt teams. Maybe we could also use aliases to identify applications, or even hack the messages process to validate transactions... Whatever solution is used, I do think it is relevant not to send user's passphrase into the api calls made from external services.

Feedbacks welcome. Thanks,

Olivier

PS : another subject... Wouldn't it be possible to imagine an API call made to check a nxt node code has not been modified (in order to hack accounts for example) ? I know... this function could be modified by the node owner, to return the good checksum... so, this should be made externally, by a external peer. For example, the API service returns the server local main files, calling an external peer hashing service (hashing algorithm being secret, and peer dependent). If it matches, one can say the node uses not modified files. To hack this, one should have to modify hashing algorithm on all peers, which sounds quite difficult. The tested node could also send fake files, but maybe there is a solution to hash running code (and not local files) ?... don't know... this is just a thought.
sr. member
Activity: 308
Merit: 250
January 13, 2014, 05:33:25 AM
#47
add server date to getState as well as lastBlockDate.
sr. member
Activity: 308
Merit: 250
January 13, 2014, 05:29:31 AM
#46
Enable jsonp so that javascript can call peer via bot access like so: (to get around same origin policy)

?...&callback=myCallback

Can also implement CORS: http://enable-cors.org/server.html
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
January 13, 2014, 04:33:48 AM
#45
An API call to get the AM size limit (currently 1000) would be helpful (in order to chop up data and send it in max. size chunks efficient).
sr. member
Activity: 308
Merit: 250
January 13, 2014, 04:23:17 AM
#44
API call to get peers that have public bot access enabled.
sr. member
Activity: 308
Merit: 250
January 12, 2014, 03:59:31 PM
#43
Is it possible to have an api that searches for incoming account transactions with a specific description?  (payment with attached description)

This would be good to verify payments.. Sort of like the system with bank transfers can have a message attached to it.
newbie
Activity: 12
Merit: 0
January 11, 2014, 11:28:48 PM
#42
For High-level:

getAllAccounts() - possibly with filtering parameters and sort/limit

I'm not sure what the Account object provides currently, but these would be useful:

getBalance()
getTotalTransferAmounts() - returns total amount of NXT transferred.  filter by in/out
getTransactions() - filter by activity type (in/out/alias creation/etc.)
getTimeFirstActivity() - filter by activity type (in/out/alias creation/etc.)
getTimeLastActivity() - filter by activity type (in/out/alias creation/etc.)
getBlocksGenerated() - correct term?
getFeeEarned() - correct term?
getAliases()
full member
Activity: 168
Merit: 100
IDEX - LIVE Real-time DEX
January 10, 2014, 11:00:55 AM
#41
I put generateBlock and a placeholder for a call to determine when an account could try to generate a block.

C-f-B?

Shouldn't we leave block forging for clients? Coz it's the same as signing transactions, u have to use ur secret key.

Yes, that's the purpose of generateBlock, but we also need an API for determining when a client can generate blocks like the response that is used to update the timer in the current client. Basically, an API that encapsulates the TF logic to suggest when a client can attempt to generate a block.

legendary
Activity: 2142
Merit: 1010
Newbie
January 10, 2014, 09:57:38 AM
#40
I put generateBlock and a placeholder for a call to determine when an account could try to generate a block.

C-f-B?

Shouldn't we leave block forging for clients? Coz it's the same as signing transactions, u have to use ur secret key.
full member
Activity: 168
Merit: 100
IDEX - LIVE Real-time DEX
January 10, 2014, 07:36:35 AM
#39
Api call to see number of peers that accepted a transaction. This allows us to set a good value for pushTreshold.

This would be new functionality since right now Peer.sendToAllPeers (called by broadcastTransaction) doesn't keep any responses.
Pages:
Jump to: