Difference between revisions of "Linden Lab Official talk:Registration API"

From Second Life Wiki
Jump to navigation Jump to search
m (adding Template:Talk, since most comments are unsigned)
Line 1: Line 1:
Post questions about the Registration API here.  If you can answer a question, please do.  If not, Linden Lab will try to provide an answer.
{{talk}}Post questions about the Registration API here.  If you can answer a question, please do.  If not, Linden Lab will try to provide an answer.


==Intermittent Error messages/outages==
==Intermittent Error messages/outages==

Revision as of 02:29, 16 March 2009

Post questions about the Registration API here. If you can answer a question, please do. If not, Linden Lab will try to provide an answer.

Intermittent Error messages/outages

My call to GetCapabilities is ok, but on an intermittent basis, when I try to get the list of names, this is the result: "An fatal error has occurred (error ticket #19178). Please visit the support section at http://secondlife.com/support/ for further assistance. Note this error ticket code and a description of the problem. Error Description: undefined method `permission' for #<User:***********>."

I have noticed that other gateways suffer from the same outage at the same times, while others do not. What can I do to prevent the outages from impacting my gateway?

RegAPI Capabilities expire

  • A: We've now set them to not expire for 5 years, so this should not be a problem for now, and we'll fix this in the next revision of the RegAPI. (Glenn Linden, 5/22/07)
  • As of 5/17/07, all existing capabilities were set to expire in 5 years, so for the near term, you only have to worry about this with new RegAPI accounts. (Glenn Linden 5/17/07)

Do I need to renew the capability URLs every 30 days?

A: No. The need to renew the capability URLs every 30 days or for each session is *no longer necessary* in the current reg API (i.e. the one you are using now). The code was changed so the capability URLs' expiration dates is now 'long lived' - i.e. expiration date is 5 years. So the need to renew them (and resubmit your password) is no longer needed.

When will we get additional capabilities with the RegAPI?

  • A: We are working on implementing Groups capabilities for the RegAPI and expect to announce exact capabilities and timeline by end of September, 2008.

For other features, please request them through Issue Tracker. Inventory is being considered. Please provide use cases and business justification through this issue: MISC-1548. Note, you have to log in to add comments to an issue.

We strongly recommend you join the regapi mailing list to share information and send inquiries about the existing and new regAPI to others (regapi@lists.secondlife.com). To join, go to https://lists.secondlife.com/cgi-bin/mailman/listinfo/regapi.

Will the new version of the regAPI break old applications that use the original implementation?

  • A: No, good news, the new version will not break the old applications using the original implementation. Existing applications will continue to run but we will stop granting new access to it. Now, the maybe not so good news, the old version will be considered deprecated and will not be compatible with the new API. When we launch the new API, we will provide transition guidelines and encourage people to move to the new one.

Are there audit requirements on user acknowledgement of the TOS?

  • A: No

Are 3rd party registration sites required to provide a security image code confirmation function to prevent automated account registration attempts via their sites?

  • Not yet but we will be able to require that with the new reg api. (Glenn Linden 5/18/07)

For purposes of clarification, what is an example of usage that is NOT permitted by the following statement?

  • You may not use the Registration API other than as a means of collecting Account registration information from Your Website. (section 2.3.1 of API Terms of Use - http://secondlife.com/developers/api/tos.php)
  • A: The primarly limitation is against using it to create accounts that are used by a single person to get around our other account limitations or for fraud. (Glenn Linden 5/18/07)

Is there an ID number for the custom name? It looks like this is required by the API for account creation.

  • A: You should be able to acquire your custom name in the name queue for last names returned by the RegAPI - and then go into the list of returned names to see the ID number for it. This may take a little coding. (Glenn Linden 06/26/07)

I get the message "An fatal error has occurred (error ticket #NNNNN). Please visit the support section at http://secondlife.com/support/ for further assistance. Note this error ticket code and a description of the problem."

  • A: Usually you get this because you are providing improperly formatted data in the RegAPI. RegAPI error codes will tell you if you've sent bad data, but not if its misformatted. For example, using * instead of - to seprate elements of the date will give a server error rather than a RegAPI error. ( For the date example, the data is misformatted since the problem is the separator. It was neither an invalid date (31 Feb) - error 100(not a valid date) - nor a malformed string (07 instead of 2007) - error 110(Date string is malformed)--both of which report problems with the digits.)

Can I limit accounts to an Estate (island)?

You can limit accounts to an estate using the RegAPI:

create_user (POST) Creates a new Second Life user

POST to this url a LLSD XML document, representing a hash, containing at least "username" (string), "last_name_id" (integer), "email" (string), "dob" (string in YYYY-MM-DD format), "password" (string)

Optional arguments are "limited_to_estate" (integer), "start_region_name" (string), "start_local_x" (float between 0-128), "start_local_y", "start_local_z", "start_look_at_x" (float between 0-1), "start_look_at_y", "start_look_at_z"

If all is successful, a hash containing the new user's agent_id will be returned. If there are errors, instead an array containing the applicable error codes will be returned.

Estate number (integer) needs to be provided in the Post.

How do I close accounts I've created with the RegAPI?

An employee has left, or you otherwise need to close an account you've created with the RegAPI. To do that, you'll have to contact the Concierge team and have them either change the password or close the account.

Its imperative that this be changed. I have had problems disgruntled employees destroy more than a half dozen sims worth of builds before Concierge locked them out of their BnT last named accounts, and who knows how much content in inventory deleted. This is unacceptable. The whole rationale for last named accounts is content protection to protect company assets paid for under for-hire IP rules. This rationale is stymied by LLs continued refusal to give us the ability to control access to the accounts we own on demand. Concierge takes hours to days to complete a password/email change. We really need to be able to do this ourselves. IntLibber Brautigan 15:14, 31 October 2007 (PDT)

Couldn't resolve host 'URI_CREATE_USER'

You need to define those in your php file. Here's an example:

// Capability URLs
// see https://secure-web3.secondlife.com/developers/third_party_reg/
define('URI_CREATE_USER', 'https://cap.secondlife.com/cap/0/12345678-abcd-ef12-1234567812345');
define('URI_GET_LAST_NAMES', 'https://cap.secondlife.com/cap/0/12345678-abcd-ef12-12345678a5678');
define('URI_CHECK_NAME', 'https://cap.secondlife.com/cap/0/12345678-abcd-ef12-12345678b9abc');

Is there a way to provide a direct secondlife binary download from my website ?

We've recently launched a service that I think will help you out. Try going to http://get.secondlife.com. This fetches you the latest version of the client for your operating system, no questions asked.

It guesses your OS based on your user-agent, so if you're using curl or something that doesn't have a user-agent, it'll return an HTTP 400.

If you're using a script, though, you can hit a specific OS-version:

  • Windows:

http://get.secondlife.com/win

  • Mac:

http://get.secondlife.com/mac

  • Linux:

http://get.secondlife.com/linux

  • If you input an OS that we don't support, then it'll return a 404.

Registration email is not sent...?

As of yesterday (September 5th, 2007), apparently the final registration email is not sent to users registered through RegAPI. This was tested with some 5 accounts, all of them getting an "Ok" from RegAPI, but never getting their confirmation email. Accounts created through LL's own portal, however, worked flawlessly.

Did anything change dramatically with the RegAPI? I couldn't find any suggestions here on extra tags or commands required to activate the sending of the confirmation email... is there a way to compute the URL for the confirmation email automatically?

Gwyneth Llewelyn 00:43, 6 September 2007 (PDT)

Is this fixed yet? We really need to be able to verify users before allowing them to log in. I dont know why others are not more concerned about limiting griefers using 3rd party sites to create griefing accounts, the Patriotic Nigras use the L Word and Dreamland sites all the time to create griefing alts, with no account verification at all.

IntLibber Brautigan 15:08, 31 October 2007 (PDT)

Can we cache the Last Names list?

On secondlife.com we cache the last name list every 12 hours.

Understood, however one thing we are doing is we need a whitelist of avs registered through our regapi for our security profilers to give a pass to rather than boot them out for being noobs. Is caching av names on our site for a week to work with this whitelist function a problem? IntLibber Brautigan 15:10, 31 October 2007 (PDT)


Is there anyway adding personal information via RegAPI?

  • Q: Some residents who registerd via RegAPI disabled their account due to not having personal information on LL's DB. It is understandable that LL try to avoid illegal money transfer things, but currently they have no way to resigt that's info or even not know they have to provide such info. If RegiAPI doesn't support such process, 3rd party's site should notice resisters that they would disabled their account if they move many money without adding personal info. -Nock Forager 7:20, 1 December 2007 (PST)

Estate and RegAPI Ownership Question

  • Q: The RegAPI documentation says that in order to limit a new user to an estate, you must own the estate. I'm the one who "owns" the RegAPI account, but I am not the person who pays the bill for our estate. However, the estate is group owned and I am one of the owners of the group - will that suffice? Or does the guy who gets billed have to get another RegAPI account and we have to use that?
  • A: The current regAPI requires that the capabilities owner be the owner of the estate. In new regAPI (under development), the capabilities owner needs to be the owner of the estate or an estate manager.

RegAPI Calculates the Age only by using the Year

  • Q: I am trying to register kids onto our school's estate. Some have turned 13 this calendar year, but the RegAPI reports back that they are not yet 13 - which is WRONG. The only way to get them online is to make the birthyear 14 years before the current year (2008 - 14 = 1994), regardless of the month or day. Anyone with any thoughts....
  • A:

Moving start location from private estate to mainline

If I register a user with limited access, restricting them to my parcel only, is there another call that I can make later to allow them to access the mainland as well? --Dedric Mauriac 20:56, 12 February 2009 (UTC)