Announcing SteemAccess: Enabling Third Party Apps to Interface with Steem

editor_popup.png

I'm really excited to announce the alpha of our new product SteemAccess.

SteemAccess is our solution to the problem of integrating third-party applications with steem without the requirement to disclose private keys to those applications. Instead the third-party application or website requests permission to act on your behalf and you may either accept or decline such requests.

Demo: https://www.steempower.org/oauth2/demo

Markdown Editor - Post Directly to Steemit

We are happy everyone has been enjoying our full markdown editor. We're happy to announce that our editor can directly post to Steem without needing to copy and paste your text into Stemit.

Publish

Type in your post title and category, fill in any tags and click Publish

Post

SteemAccess Current Features

SteemAccess allows registered applications to perform the following actions with your steem account:

Read your profile information

Read information from your profile or blog - note that applications can not change your profile, only read it

Upvote posts on your behalf

Applications can upvote posts for you, this feature is used by Steem PowerTrail for example

Post content on your behalf

Applications can make posts for you, this is used by apps such as our editor

Access

Security and Privacy

We take your security and privacy very seriously and that is why we built SteemAccess so that we can offer useful tools and apps to you without compromising your steem account. The only time our server sees your private key is immediately after you login and whenever it is needed to perform an action. Unencrypted private keys are never written to disk, only stored in memory. To protect your private key from being compromised we use the highest possible key length to encrypt it using the well-tested blowfish algorithm. From time to time we will also revoke all capabilities and switch encryption keys.

Third party apps are restricted to performing actions that you have authorised them to perform and we are working on a web interface that will allow you to revoke permissions at any time from any supported application. In addition, the current default is to expire all granted permissions after 1 hour.

API Updates

We've made some awesome updates to our API for everyone to enjoy.

We have various APIs available that enable you to integrate your own applications and scripts with steem. These APIs are intended to make life simpler for application developers and provide the tools needed to interact with steem so that you can focus on your own application and not the details of integrating steem.

The current API endpoints are listed below:

This endpoint offers a REST interface with resources represented as JSON. At present this is a read-only API and intended to enable applications such as blogs on external sites pulling data from the steem blockchain.

This endpoint implements part of the OAuth2 standard and allows applications to request capabilities by presenting a form to the end user. You should NOT access this endpoint directly from your server but instead should direct the user's browser to it. Parameters are passed as standard HTTP GET query values and are documented below.

In order to provide a consistent experience for end users you should present the OAuth2 authorization form as a popup window with a resolution of 532x824 pixels. Your redirect URL should also be compatible with this resolution.

This endpoint provides a javascript function that may be used to create such a popup from your own application.

You may obtain the granted capability URLs and username via this endpoint. Parameters are passed as GET query values. This endpoint should be accessed directly by your server and NOT via the user's browser. You should also consider the parameters and return value for this endpoint as sensitive information as the capability URLs are not tied to a specific IP address and may be used by anyone who possesses them by design.

This endpoint is the default endpoint for capability URLs generated on behalf of a steem user or any other entity. The usual way to obtain them is to use the OAuth2 protocol as described above. By making use of the capabilities API your application may act on behalf of the end user using a simple HTTP interface.

SteemPower Witness Vote

Help keep SteemPower running! Voting for us as witness pays for the development of apps and tools for Steem.

Vote for us as a witness the following way:

https://steemit.com/~witnesses click the arrow next to "charlieshrem"

H2
H3
H4
3 columns
2 columns
1 column
53 Comments