Using the API
This page covers how to use the API and how to be protected against bad actors.
Getting the latest SSL Key
To ensure bad actors do not use HTTP Debugger or other Packet sniffing tools, the Curl option
curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, "sha256//xxxx");
is enabled by default (Located in DTCNet.cpp @ L28). We strongly suggest to not remove/disable public key pinning unless you have a safe alternative to detect Man In The Middle attacks and custom Certificates.
The SSL Key is always passed to the Start App, so you can use it instead of hardcoding the string manually.
(If you dont care, skip to Initializing the Library)
If needed or to verify, the script below will return you the latest public key hash:
The result will look something like this:
fsz2SLIEyMFm0kpR6QW5sxorvp6+E7yiJhpY+qy0rQU=
The final string in the curl option should be (so don't forget the sha256//)
curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, "sha256//fsz2SLIEyMFm0kpR6QW5sxorvp6+E7yiJhpY+qy0rQU=");
SSL Key changes usually once 2 months, but sometimes more frequent as well. You will be notified when the SSL Key changes. If you set the SSL Key from the memory buffer, no changes have to be made.
Initializing the Library
The Library has LOGGING ENABLED. It can be toggled via the macro #define ENABLE_LOGGING true in DTCCom.h. You will see several messages about this in the Compilation Output as if this is turned on as well.
For Production, please turn all logging about the backend OFF. Users should not be exposed to internal logs!
If you use the DTCCom library, the SSL key is automatically forwarded. To initialize the DTCCom library, use
static void init(const std::string& APIKey, const std::string& sessionID, const std::string& SSLKey);
Note: this does not make any network request yet, it just saves the parameters.
Session ID verification
Our servers expect a request every 10 minutes, so your Session stays valid. Invalid Sessions cannot interact with any Client endpoint and will return invalid requests.
It is recommended to check the Session ID at the beginning of your program so bad actors won't get too far.
If you are using the DTCCom library, you can use
/**
* Verifies the sessionID. THIS SHOULD BE CALLED EVERY 10 MINUTES (+-60 seconds MAX)
* @return Returns the status. False indicates the session is invalid
*/
static bool verify_session();
A failed Session Verification doesnt always mean a bad actor, the network request may failed due to
- Network issues
- SSL Key changes
- Server Downtime
Downloading a File
You can only download File IDs that are paired to your App. Check out file pairings if you are unsure what this means.
/**
Gets a File by ID and returns the File if successful
@param ID The ID of the File
@return The File or nothing if the Request was invalid
*/
static std::string downloadString(const std::string& ID);
/**
Gets a File by ID and returns the bytes if successful
@param ID The ID of the File
@return Vector of bytes
*/
static std::vector<unsigned char> downloadFile(const std::string& ID);
Download a Variable
Variables are globally, they don't have to be bound to an App.
/**
Gets a Variable by ID and returns the Variable if successful
@param ID The ID of the Variable
@return The Variable or nothing if the Request was invalid.
*/
static std::string downloadVariable(const std::string& ID);
Send a Webhook
Webhooks can be sent by our services, so you don't have to keep the URL in the binary. You don't specify the ID of the Webhook, only one ID can be bound per App. Check out App Werbhooks if you are unsure what this means.
/**
* Sent a message to a Webhook
* @param message The message that should get sent
* @return Whether the Webhook got sent successfully or not
*/
static bool sendWebhook(const std::string& message);
Get User Info
In case you want to fetch the users' username or User ID, you can do this with the function below:
struct userInfo
{
std::string username;
std::string UID;
};
static userInfo getUserInfo();