Personal API key with subscription model
Would it be possible to generate personal API keys when you pay for a subscription? This way we can directly support authors using an existing system (well, once it's out of beta) while not being restricted to an app that we don't want to use.
The infrastructure is already there, just need to set up usage restrictions so it's hard to share. In the future it could even be made so that external parties can connect accounts to their CF account and use an API to fetch the key so you don't have to copy-paste.
Using the existing infrastructure for the API keys as created for 3rd party addon managers, this should be very little effort to set up. 3rd party providers could then provide a default non-monetized key which users could overwrite with their own. Additionally this would mean people could keep using their favorite addon manager despite being rejected for an API key for whatever arbitrary reason.
Sounds like a win/win for every party involved.
-
Linaori
- Feb 26 2022
- Future consideration
-
Jan 5, 2023
Admin response
Thank you for the idea suggestion, we will look into it!
Related ideas
Authenticating your application and managing its access to the Chargebee API are done using API Keys. Only new subscriptions may be created using this key.
Would love to see this as the new "CF" (if it can even be called that anymore) API has just crazy restrictions in place
API keys are generally not considered secure; they are typically accessible to clients, making it easy for someone to steal an API key. Once the key is stolen, it has no expiration, so it may be used indefinitely, unless the project owner revokes or regenerates the key. While the restrictions you can set on an API key mitigate this, there are better approaches for authorization. https://stumbleguysonline.io
Douboe agree from both - business perspective and usability perspective. One of the main things regarding curseforge - is simply you are under a pressure to use Windows, while multiMc doesnt need that without additional wrappers.
I strongly agree on this suggestion.
https://minecraft.curseforge.com/forums/general-curseforge/support/245377-curseforge-for-linux
Considering Ajour was faster, efficient and had CLI to update my addons so I don't even need to open a GUI, yeah.
How the heck an open-source project runs better than a professional software is beyond me. Let me use what I WANT.
I want this as the current MultiMC maintainer/developer. Ideally the user logs in with their account (via OAuth device flow or similar) and gets full access, if they are a subscriber.
Honestly this sounds like a pretty reasonable suggestion. So long as there is some validation of the key so it cant be shared this sounds like a good compromise.