Jump to content

API usage

ulululu

By ulululu
in Casino Discussion

Featured Comment

ulululu Proficient

ulululu

Posted
Posted

Since tonight all mirrors are protected from api-usage by cloudflare security.

Is this a permanent change?

Live support said so, can some of the devs deny or confirm this please? Maybe @Faris?

Api was like the best feature on stake.

  • Moderator
Faris Grand Master

Faris

Posted
  • Moderator
Posted

I agree that the API feature is one of the best features on this platform and I don't think the Stake team will disable this feature permanently. I've been using the API since 2018 or 2019 and I can't describe to you how hard it is to get used to this situation, playing on the web for API users will not be easy.

I am confident that the Stake team will not let the API users down and will do something about it soon. We must understand them too, they must protect this platform from attackers. 

This was my personal opinion so don't take it as an official answer :) 

11 minutes ago, ralfonso said:

It seems like none of the mirror sites work now, at least for me. 

Playstake.io shows all of them are offline

All mirror sites are working fine right now, they show up offline due to disabled API, if you click on the domain you will see it is working.

ulululu Proficient

ulululu

Posted
  • Author
Posted
18 minutes ago, Faris said:

I agree that the API feature is one of the best features on this platform and I don't think the Stake team will disable this feature permanently. I've been using the API since 2018 or 2019 and I can't describe to you how hard it is to get used to this situation, playing on the web for API users will not be easy.

I am confident that the Stake team will not let the API users down and will do something about it soon. We must understand them too, they must protect this platform from attackers. 

This was my personal opinion so don't take it as an official answer :) 

All mirror sites are working fine right now, they show up offline due to disabled API, if you click on the domain you will see it is working.

I agree on the protection part, stake was wide open for the last years.

I just asked in the forum because live support gave me the following answer:

https://gyazo.com/c03d8d9cb4641b5d1b5efcefb00b9013

WhimseyOn Contributor

WhimseyOn

Posted
Posted

I asked earlier about the mirrors being down, they are still down for me, except if I go on my mobile network. They work fine there. This is very odd, seems like the mirrors have no function to what they where supposed to do anymore. Which was give access globally. My passport and my identity belongs to a country where I am legally allowed to use the site, I however currently live at a place where it is not allowed. I also understand that security is important, but it all worked fine 4 hours ago, why fix something that ain't broken?

To further elaborate, some mirrors allows me access to the site, but authenticating my login with google is still blocked on said mirrors. Extremely frustrating. 

ulululu Proficient

ulululu

Posted
  • Author
Posted
3 minutes ago, Faris said:

I'm deeply saddened by this news

We all know stake live support, this might not be correct, that's why i am looking for an official statement from eddie or similar :/ 

Shanaya24 Proficient

Shanaya24

Posted
Posted
2 minutes ago, IceTeaP said:

Without API, time to leave stake. Well done Eddie ;)

exodus already started with a daily wager of around 4k I never get anything from the race normally around 6 - 7k to come in the top 5000 but yesterday i got a buck

kingnayim2 Rising Star

kingnayim2

Posted
Posted

since the web client uses the api, they can't just remove it. it's moved from api.stake.XXX/graphql to stake.XXX/_api/graphql which now protected by cloudflare.

you can still make api requests to: https://stake.jp/_api/graphql

However you need the cloudflare cookie (cf_clearance) which is obtained from that stupid cloudflare bot check page

I found this on github: undetected-chromedriver which does that in python

it worked for me by obtaining the cf_clearance and using it on request headers

ulululu Proficient

ulululu

Posted
  • Author
Posted
1 hour ago, kingnayim2 said:

since the web client uses the api, they can't just remove it. it's moved from api.stake.XXX/graphql to stake.XXX/_api/graphql which now protected by cloudflare.

you can still make api requests to: https://stake.jp/_api/graphql

However you need the cloudflare cookie (cf_clearance) which is obtained from that stupid cloudflare bot check page

I found this on github: undetected-chromedriver which does that in python

it worked for me by obtaining the cf_clearance and using it on request headers

I found this too, didn't have the time to check yet though.

kingnayim2 Rising Star

kingnayim2

Posted
Posted
10 hours ago, ulululu said:

@kingnayim2 Could you elaborate a bit? Do i only need the cf_clearance cookie? Does not seem to work for me.

@ulululu yes but it needs to match the ip address and the user agent it got created/set.

example code:

 

import undetected_chromedriver as uc

driver = uc.Chrome()

driver.get('https://stake.jp')

cf_timeout = 20

while 'Just a moment...' in driver.title:

    sleep(1)

    cf_timeout -= 1

    if cf_timeout <= 0:

         #handle error

 

COOKIES["cf_clearance"] = driver.get_cookie("cf_clearance")["value"]

HEADERS["User-Agent"] = driver.execute_script("return navigator.userAgent;")

 

... later

requests.post(API_URL, json=data, headers=HEADERS, cookies=COOKIES)

 

and update cookies whenever the request hits cloudflare page

ulululu Proficient

ulululu

Posted
  • Author
Posted
11 minutes ago, kingnayim2 said:

@ulululu yes but it needs to match the ip address and the user agent it got created/set.

example code:

 

import undetected_chromedriver as uc

driver = uc.Chrome()

driver.get('https://stake.jp')

cf_timeout = 20

while 'Just a moment...' in driver.title:

    sleep(1)

    cf_timeout -= 1

    if cf_timeout <= 0:

         #handle error

 

COOKIES["cf_clearance"] = driver.get_cookie("cf_clearance")["value"]

HEADERS["User-Agent"] = driver.execute_script("return navigator.userAgent;")

 

... later

requests.post(API_URL, json=data, headers=HEADERS, cookies=COOKIES)

 

and update cookies whenever the request hits cloudflare page

Thanks ima test it with python i guess, all testing with .net has failed so far though. Like even with the cookie and browserlike headers i got 403.

florian.lemaire Newbie

florian.lemaire

Posted
Posted

I have asked to the support team and this is their answer:

 

Quote

Hello there.

Unfortunately API key will remain disabled until further notice. Due to some security issues, this decision will not be changed for some time, we are deeply sorry if this affected your experience here but this is done in greater interest.

Good luck.

 

BigMum Proficient

BigMum

Posted
Posted
On 10/5/2022 at 1:42 AM, ulululu said:

Where is the f***** official statement @Edward 

They pull this kind of crap all the time. Plus after disabling API, i bet the admin is making more money than imagined, so Let it Ride might be their thought.

On 10/4/2022 at 1:04 PM, ulululu said:

I agree on the protection part, stake was wide open for the last years.

I just asked in the forum because live support gave me the following answer:

https://gyazo.com/c03d8d9cb4641b5d1b5efcefb00b9013

I bet stake support is half the time unknown about what they are writing or copying xD

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...