PDA

View Full Version : A Way to Access Sales Numbers via API



Eldon.McGuinness
01-31-2015, 11:49 PM
I would love to be able to setup a sales notification system so I get notified when ever the analytics page sees there is an update. Now this does not need to be a push notification system, instead just a url to query that resulted in an XML or JSON output of current sales stats.

EX.

Query:
https://devs.ouya.tv/developers/analytics?apikey=XXXXXXXX&app=appname

Result:
{
"salesinfo": {
"downloads": 1000,
"purchases": 30,
"payingusers": 30,
"crashreports": 15
}
}

dra6onfire
02-01-2015, 03:36 AM
It would definitely be cool but unless there is some actual auth wrapped around it, anyone with some time would be able to hack the restful API and determine Ouyas overall sales. Since they won't release those numbers themselves, I doubt they are going to make it simple to scrape them. But if its doable, I would use it.

Eldon.McGuinness
02-01-2015, 04:16 AM
You think? I mean even with a reasonably complex pairing of say an authkey and some form of password two? Perhaps a 32 alphanumeric apikey or even add a 32 alphanumeric pass to go with it?


https://devs.ouya.tv/developers/analytics?apikey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&apipass=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&app=appname

dra6onfire
02-01-2015, 04:35 AM
If they do it right then sure. But for the above example, I wouldnt even start trying to brute for key pairs since most web services that operate like that are vulnerable to javascript and sql injection since most developers dont spend a lot of time making sure web services are sufficiently protected. Im totally for it being available. I just suspect that ouya doesnt have the time to do it right and not create a data leak that will result in a real breakdown of their software financials. They could do some oauth2 or some other business to authenticate the traffic though which is fairly easy to code for but that could easily be a decent time sink to stand up depending on who their devs are.
if I was making this service, there would be ssl and auth involved for sure.