API Token and Websocket requests

  • Culture

    I'm currently hosting Grafana stats for screeps players on screepspl.us, but one of the largest limitations currently is that each user needs to run the agent on their own PC.
    It is done this way so that credentials remain in the user's control.
    Is there plans for a token system where a user could supply a persistent token or use oauth to give access to the API? (Presumably with scope limited to wherever the user chooses (Memory.stats for my setup))
    The API does use a token currently, but as far as I can tell, it expires upon use, thus requiring saving the new token from the response or re authenticating. 

    Also, thought, the websocket protocol has a watch system for memory, but on paths that are objects, it only shows "[object Object]" unless serialized in user code. It would be nice to have the ability to see a JSON representation of the data instead. 

  • Culture

    Yes please! I know the API is a somewhat "unofficial" thing but you guys seem to like what we keep building with it, and I think being able to do things like have console output without actually running the rest of the client can help reduce load.

    The biggest hurdle right now to making some really cool stuff is the lack of an API key system. 

    For the first version a permissions system isn't required- the API key should just not be able to create new keys or change passwords.

  • Agreed. I'd take an initial version with revocable API keys for read-only access that also store date/time of last access and last access IP address please.

    Later, API keys that can be restricted to just what you want (e.g., Memory, console, code uploads or downloads, etc.).

  • Dev Team

    Yes, we indeed have API keys feature in our TODO list (see here and here), but there are a lot of other important tasks in it at the moment. We probably should add this to our public roadmap anyway.