Note: This post is specifically for third party developers and anyone who uses the Splinterlands public API. It does not involve any player-facing changes.
Splinterlands provides a public API that allows developers and data analysts to interact with and query data from the game. We love all of the third party development that has taken place around the game and want to encourage and support that; however, we also need to prevent spam and abuse of the API calls which can negatively affect the performance of the game for everyone.
To that end, we will be implementing the following policy regarding the use of the public APIs:
- Spamming or other abuse of API calls will result in source IP addresses being blocked and/or rate limiting and/or other preventative measures to be implemented without notice.
- Breaking changes to any API calls will be announced on our blog at least 7 days before the change goes into effect, except in extreme cases where the change is necessary to ensure the smooth operation of the game.
- Splinterlands does not assume any responsibility for any losses or damages incurred from downtime, errors, or other issues that may occur with the public API.
As we mentioned above, we really want to encourage and support continued third party development around the game, but we need to ensure that it's done in a way that doesn't cause problems. If you have any questions about proper usage of the APIs, please feel free to contact @yabapmatt on the Splinterlands Discord Server and we will be happy to help.
Login API Call Change
Starting on Monday, January 20th, the /players/login
API call will require a valid signature to be sent as a query string parameter signed with the private posting key of the specified Steem blockchain account.
The message to be signed is the current timestamp (in milliseconds) appended to the account name. For example: yabapmatt1578625303226
. Some code snippets to generate the signature using the Steem Keychain browser extension and some JS libraries are included below.
Once you have generated the proper signature, you can make the /players/login
API call as follows:
https://steemmonsters.com/players/login?name=[username]&ts=[timestamp]&sig=[signature]
Please note that the timestamp that is sent to the login call with the ts
parameter must be the same as the one used in the signed message.
Message Signature Examples
To sign the message via the Steem Keychain browser extension you can call:
steem_keychain.requestSignBuffer(username, username + timestamp, 'Posting', r => {
if(r.result) {
// r.result is the signature
} else {
// Error
}
})
To sign the message using the dSteem JS Library you can call:
dsteem.PrivateKey.fromString(private_posting_key).sign(Buffer.from(dsteem.cryptoUtils.sha256(username + timestamp))).toString()
To sign the message using the EOS JS ECC Library you can call:
eosjs_ecc.sign(username + timestamp, private_posting_key);
Thank You For Your Support
The Splinterlands team wants to extend a big thank you specifically to all of the third party developers who have provided apps, tools, services, and data analysis for the game. We love all of the unique and innovative things you have created which help improve the overall experience for everyone, and we appreciate your support and understanding as we work towards growing this ecosystem in a smart and sustainable way.