IDEAS

Help shape the future of CurseForge!

Personal API key with subscription model

Would it be possible to generate personal API keys when you pay for a subscription? This way we can directly support authors using an existing system (well, once it's out of beta) while not being restricted to an app that we don't want to use.


The infrastructure is already there, just need to set up usage restrictions so it's hard to share. In the future it could even be made so that external parties can connect accounts to their CF account and use an API to fetch the key so you don't have to copy-paste.


Using the existing infrastructure for the API keys as created for 3rd party addon managers, this should be very little effort to set up. 3rd party providers could then provide a default non-monetized key which users could overwrite with their own. Additionally this would mean people could keep using their favorite addon manager despite being rejected for an API key for whatever arbitrary reason.


Sounds like a win/win for every party involved.

  • Linaori
  • Feb 26 2022
  • Future consideration
c. Author Reward Program
  • Jan 5, 2023

    Admin response

    Thank you for the idea suggestion, we will look into it!

  • Attach files
  • deoaki pokiun commented
    22 Nov, 2022 04:32am

    Authenticating your application and managing its access to the Chargebee API are done using API Keys. Only new subscriptions may be created using this key.

    ×

    Attachments Open full size

  • Bradley B commented
    20 Nov, 2022 11:57pm

    Would love to see this as the new "CF" (if it can even be called that anymore) API has just crazy restrictions in place

    ×

    Attachments Open full size

  • haine neelan commented
    18 Oct, 2022 04:02pm

    API keys are generally not considered secure; they are typically accessible to clients, making it easy for someone to steal an API key. Once the key is stolen, it has no expiration, so it may be used indefinitely, unless the project owner revokes or regenerates the key. While the restrictions you can set on an API key mitigate this, there are better approaches for authorization. https://stumbleguysonline.io


    ×

    Attachments Open full size

  • Guest commented
    19 Jun, 2022 11:19am

    Douboe agree from both - business perspective and usability perspective. One of the main things regarding curseforge - is simply you are under a pressure to use Windows, while multiMc doesnt need that without additional wrappers.

    I strongly agree on this suggestion.

    https://minecraft.curseforge.com/forums/general-curseforge/support/245377-curseforge-for-linux

    ×

    Attachments Open full size

  • Can Aygin commented
    8 Jun, 2022 09:13pm

    Considering Ajour was faster, efficient and had CLI to update my addons so I don't even need to open a GUI, yeah.

    How the heck an open-source project runs better than a professional software is beyond me. Let me use what I WANT.

    ×

    Attachments Open full size

  • Petr Mrázek commented
    19 May, 2022 07:56pm

    I want this as the current MultiMC maintainer/developer. Ideally the user logs in with their account (via OAuth device flow or similar) and gets full access, if they are a subscriber.

    ×

    Attachments Open full size

  • Yamza commented
    18 May, 2022 05:35pm

    Honestly this sounds like a pretty reasonable suggestion. So long as there is some validation of the key so it cant be shared this sounds like a good compromise.

    ×

    Attachments Open full size

Related ideas