Linden Lab Official talk:Registration API

From Second Life Wiki
Jump to: navigation, search
Essay.png This is a talk page. Please sign comments you leave here by putting four tildes (~~~~) at the end of your comment. For more guidelines, see Talk Page Guidelines.
Post questions about the Registration API here. If you can answer a question, please do. If not, Linden Lab will try to provide an answer.

Contents

Intermittent Error messages/outages

My call to GetCapabilities is ok, but on an intermittent basis, when I try to get the list of names, this is the result: "An fatal error has occurred (error ticket #19178). Please visit the support section at http://secondlife.com/support/ for further assistance. Note this error ticket code and a description of the problem. Error Description: undefined method `permission' for #<User:***********>."

I have noticed that other gateways suffer from the same outage at the same times, while others do not. What can I do to prevent the outages from impacting my gateway?

RegAPI Capabilities expire

  • A: We've now set them to not expire for 5 years, so this should not be a problem for now, and we'll fix this in the next revision of the RegAPI. (Glenn Linden, 5/22/07)
  • As of 5/17/07, all existing capabilities were set to expire in 5 years, so for the near term, you only have to worry about this with new RegAPI accounts. (Glenn Linden 5/17/07)

Do I need to renew the capability URLs every 30 days?

A: No. The need to renew the capability URLs every 30 days or for each session is *no longer necessary* in the current reg API (i.e. the one you are using now). The code was changed so the capability URLs' expiration dates is now 'long lived' - i.e. expiration date is 5 years. So the need to renew them (and resubmit your password) is no longer needed.

When will we get additional capabilities with the RegAPI?

  • A: We are working on implementing Groups capabilities for the RegAPI and expect to announce exact capabilities and timeline by end of September, 2008.

For other features, please request them through Issue Tracker. Inventory is being considered. Please provide use cases and business justification through this issue: MISC-1548. Note, you have to log in to add comments to an issue.

We strongly recommend you join the regapi mailing list to share information and send inquiries about the existing and new regAPI to others (regapi@lists.secondlife.com). To join, go to https://lists.secondlife.com/cgi-bin/mailman/listinfo/regapi.

Will the new version of the regAPI break old applications that use the original implementation?

  • A: No, good news, the new version will not break the old applications using the original implementation. Existing applications will continue to run but we will stop granting new access to it. Now, the maybe not so good news, the old version will be considered deprecated and will not be compatible with the new API. When we launch the new API, we will provide transition guidelines and encourage people to move to the new one.

Are there audit requirements on user acknowledgement of the TOS?

  • A: No

Are 3rd party registration sites required to provide a security image code confirmation function to prevent automated account registration attempts via their sites?

  • Not yet but we will be able to require that with the new reg api. (Glenn Linden 5/18/07)

For purposes of clarification, what is an example of usage that is NOT permitted by the following statement?

  • You may not use the Registration API other than as a means of collecting Account registration information from Your Website. (section 2.3.1 of API Terms of Use - http://secondlife.com/developers/api/tos.php)
  • A: The primarly limitation is against using it to create accounts that are used by a single person to get around our other account limitations or for fraud. (Glenn Linden 5/18/07)

Is there an ID number for the custom name? It looks like this is required by the API for account creation.

  • A: You should be able to acquire your custom name in the name queue for last names returned by the RegAPI - and then go into the list of returned names to see the ID number for it. This may take a little coding. (Glenn Linden 06/26/07)

I get the message 'A fatal error has occurred (error ticket #NNNNN). Please visit the support section at http://secondlife.com/support/ for further assistance. Note this error ticket code and a description of the problem.'

  • A: Usually you get this because you are providing improperly formatted data in the RegAPI. RegAPI error codes will tell you if you've sent bad data, but not if its misformatted. For example, using * instead of - to seprate elements of the date will give a server error rather than a RegAPI error. ( For the date example, the data is misformatted since the problem is the separator. It was neither an invalid date (31 Feb) - error 100(not a valid date) - nor a malformed string (07 instead of 2007) - error 110(Date string is malformed)--both of which report problems with the digits.)

Can I limit accounts to an Estate (island)?

You can limit accounts to an estate using the RegAPI:

create_user (POST) Creates a new Second Life user

POST to this url a LLSD XML document, representing a hash, containing at least "username" (string), "last_name_id" (integer), "email" (string), "dob" (string in YYYY-MM-DD format), "password" (string)

Optional arguments are "limited_to_estate" (integer), "start_region_name" (string), "start_local_x" (float between 0-128), "start_local_y", "start_local_z", "start_look_at_x" (float between 0-1), "start_look_at_y", "start_look_at_z"

If all is successful, a hash containing the new user's agent_id will be returned. If there are errors, instead an array containing the applicable error codes will be returned.

Estate number (integer) needs to be provided in the Post.

Note that this limits functionality of the accounts: An avatar limited to an estate isn't allowed to join any other groups (there really is no need since they are not participating in other groups outside the estate). It also makes sense then that avatars limited to an estate won't show up in searches...they are private to the estate. Other avatars of the same estate should see them and be able to add them to their own group. Glenn Linden 21:57, 7 April 2009 (UTC)

How do I set an Estate to limit access to a Group for registrations coming through the RegAPI?

This is not directly a RegAPI issue, but is a common issue when people want to only allow members of a group access to a region - but the RegAPI doesn't allow you to set membership in the group. Here's the process:

  1. Make island first public access and single land mass.
  2. Create one user as limited to estate.
  3. Sell the whole land mass to this user.
  4. Create a new group as this user.
  5. Deed the whole land mass to that group.
  6. Split off a small piece of land as your RegAPI landing area.
  7. Make the larger land mass group access only in about land.
  8. Register user and offer group membership after registered.

How do I close accounts I've created with the RegAPI?

An employee has left, or you otherwise need to close an account you've created with the RegAPI. To do that, you'll have to contact the Concierge team and have them either change the password or close the account.

Its imperative that this be changed. I have had problems disgruntled employees destroy more than a half dozen sims worth of builds before Concierge locked them out of their BnT last named accounts, and who knows how much content in inventory deleted. This is unacceptable. The whole rationale for last named accounts is content protection to protect company assets paid for under for-hire IP rules. This rationale is stymied by LLs continued refusal to give us the ability to control access to the accounts we own on demand. Concierge takes hours to days to complete a password/email change. We really need to be able to do this ourselves. IntLibber Brautigan 15:14, 31 October 2007 (PDT)

A: The only way to close an account created with the RegAPI is to contact Linden Lab Support. The owner of the RegAPI should contact Support and provide information on what account to close and why. Glenn Linden 21:39, 7 April 2009 (UTC)

Couldn't resolve host 'URI_CREATE_USER'

You need to define those in your php file. Here's an example:

// Capability URLs
// see https://secure-web3.secondlife.com/developers/third_party_reg/
define('URI_CREATE_USER', 'https://cap.secondlife.com/cap/0/12345678-abcd-ef12-1234567812345');
define('URI_GET_LAST_NAMES', 'https://cap.secondlife.com/cap/0/12345678-abcd-ef12-12345678a5678');
define('URI_CHECK_NAME', 'https://cap.secondlife.com/cap/0/12345678-abcd-ef12-12345678b9abc');

Is there a way to provide a direct secondlife binary download from my website ?

We've recently launched a service that I think will help you out. Try going to http://get.secondlife.com. This fetches you the latest version of the client for your operating system, no questions asked.

It guesses your OS based on your user-agent, so if you're using curl or something that doesn't have a user-agent, it'll return an HTTP 400.

If you're using a script, though, you can hit a specific OS-version:

Windows
http://get.secondlife.com/win
Mac
http://get.secondlife.com/mac
Linux
http://get.secondlife.com/linux

If you input an OS that we don't support, then it'll return a 404.

Registration email is not sent...?

As of yesterday (September 5th, 2007), apparently the final registration email is not sent to users registered through RegAPI. This was tested with some 5 accounts, all of them getting an "Ok" from RegAPI, but never getting their confirmation email. Accounts created through LL's own portal, however, worked flawlessly.

Did anything change dramatically with the RegAPI? I couldn't find any suggestions here on extra tags or commands required to activate the sending of the confirmation email... is there a way to compute the URL for the confirmation email automatically?

Gwyneth Llewelyn 00:43, 6 September 2007 (PDT)

Is this fixed yet? We really need to be able to verify users before allowing them to log in. I dont know why others are not more concerned about limiting griefers using 3rd party sites to create griefing accounts, the Patriotic Nigras use the L Word and Dreamland sites all the time to create griefing alts, with no account verification at all.

IntLibber Brautigan 15:08, 31 October 2007 (PDT)

Can we cache the Last Names list?

On secondlife.com we cache the last name list every 12 hours.

Understood, however one thing we are doing is we need a whitelist of avs registered through our regapi for our security profilers to give a pass to rather than boot them out for being noobs. Is caching av names on our site for a week to work with this whitelist function a problem? IntLibber Brautigan 15:10, 31 October 2007 (PDT)

(As I understand this, you're caching a list of av account names you've created rather than caching the Last Name List for the week. As long as the list is secure so others can't access SL account information from your site, that's ok. Glenn Linden 22:50, 9 April 2009 (UTC))

When we query the Last Names List, we get a different list of names each time

A quick check with our engineers identifies the issue: we have an active list of thousands of names, that changes every few days. To reduce user overwhelm at a very long name list, we return a random truncated list when you query the list - hence the apparent change in available names when you do multiple queries.

It's still ok to cache for 12 hours; you're welcome to query and cache more frequently if you wish. (updated Glenn Linden 22:50, 9 April 2009 (UTC))

Is there anyway adding personal information via RegAPI?

  • Q: Some residents who registerd via RegAPI disabled their account due to not having personal information on LL's DB. It is understandable that LL try to avoid illegal money transfer things, but currently they have no way to resigt that's info or even not know they have to provide such info. If RegiAPI doesn't support such process, 3rd party's site should notice resisters that they would disabled their account if they move many money without adding personal info. -Nock Forager 7:20, 1 December 2007 (PST)
  • A: Nock, good point. The RegAPI does not enable creation of personal information, since the website may or maynot provide appropriate privacy for it. It's very important to notice people registering with the RegAPI that they need to log into Secondlife.com and update their personal information after they've registered. Glenn Linden 21:38, 7 April 2009 (UTC)!

Estate and RegAPI Ownership Question

  • Q: The RegAPI documentation says that in order to limit a new user to an estate, you must own the estate. I'm the one who "owns" the RegAPI account, but I am not the person who pays the bill for our estate. However, the estate is group owned and I am one of the owners of the group - will that suffice? Or does the guy who gets billed have to get another RegAPI account and we have to use that?
  • A: The current regAPI requires that the capabilities owner be the owner of the estate. In new regAPI (under development), the capabilities owner needs to be the owner of the estate or an estate manager.

RegAPI Calculates the Age only by using the Year

  • Q: I am trying to register kids onto our school's estate. Some have turned 13 this calendar year, but the RegAPI reports back that they are not yet 13 - which is WRONG. The only way to get them online is to make the birthyear 14 years before the current year (2008 - 14 = 1994), regardless of the month or day. Anyone with any thoughts....
  • A:

Moving start location from private estate to Mainland

If I register a user with limited access, restricting them to my parcel only, is there another call that I can make later to allow them to access the mainland as well? --Dedric Mauriac 20:56, 12 February 2009 (UTC)

A: No, once they're limited to an estate, it's set in their account parameters. Glenn Linden 21:35, 7 April 2009 (UTC)

multiple accounts from one IP address

I don't need the whole of the Registration API. All I want is to make it possible for lecturers and students to create their own accounts from the University. Is there some way I can arrange for this instead of using something as technical as the Registration API? Bluesky Larkham 16:53, 6 December 2009 (UTC)

A: Yes, you can use DirectSLURL, which takes people through Linden Lab's registration but puts their start location at the location you set in the SLURL. See the Wiki page on SLURLs]

Where can I download Registration API libraries?

When I try to download a library from the reg API examples page, for instance PHP library, it goes to a page that cannot be reached.

Examples

PHP library can't be reached

Timm Short