This page is about external, 3rd party apps that want to connect to the Marketplace API. And the possibility of an approval process.
- We want to avoid bad actors abusing the API, reducing service levels for others.
- We currently monitor APIs using graphite, logging etc.
- What would a bad actor look like?
- Bad API calls?
- Too much traffic?
- Flooding review queue?
- Alter apps in the review queue to try and push apps up the stack?
- File a bug? http://mzl.la/1rOF1Rx
- Review code (if possible)
- Give it a try, make sure it works.
- Anything else?
Revoking bad actors
- We can turn off their API tokens and disable access if they are using 2 legged OAuth.
- For 3 legged OAuth we can also revoke the main token and anyone else who gets a 3 legged token through it.
- Identify bad actors
- Contact the person in charge of the client
- Ask for a fix
- If we can't work it out, shut off the tokens.