From MozillaWiki
Jump to: navigation, search
Stop (medium size).png
The Marketplace has been placed into maintenance mode. It is no longer under active development. You can read complete details here.

This page is about external, 3rd party apps that want to connect to the Marketplace API. And the possibility of an approval process.

Bad actors

  • We want to avoid bad actors abusing the API, reducing service levels for others.
  • We currently monitor APIs using graphite, logging etc.
  • What would a bad actor look like?
    • Bad API calls?
    • Too much traffic?
    • Flooding review queue?
    • Alter apps in the review queue to try and push apps up the stack?

Approval process

  • File a bug?
  • Review code (if possible)
  • Give it a try, make sure it works.
  • Anything else?

Revoking bad actors

  • We can turn off their API tokens and disable access if they are using 2 legged OAuth.
  • For 3 legged OAuth we can also revoke the main token and anyone else who gets a 3 legged token through it.
    • Process
      • Identify bad actors
      • Contact the person in charge of the client
      • Ask for a fix
      • If we can't work it out, shut off the tokens.