API transparency and login timeouts.
I am working on a personal project to track my geoguessr statistics.
for this i am using a piece of python code that logs in, fetches my feed and then parses that and does whatever with it, im not sure yet. there are a couple of roadblocks i am encountering.
I am using the /v3/accounts/signin endpoint to login, so I can access my private feed.
Then i fetch the feed via the /v4/feed/private endpoint.
- If I log in more than about 20 times in a row, geoguessr times out my account for an hour. Nice security measure for preventing bruteforce password attacks, but why does it also count valid logins? Shouldn't that only count invalid logins? Otherwise people who are testing their code are just unnecessarily rate-limited.
- /v4/feed/private returns a mess of a json object, with payloads embedded within payloads. Sure it works for the official website itself, but why not clean this up so data-nerds like myself and many others can develop their own applications that interact with the API? several community projects, like the plonkit bots, are forced to work around all these weird API quirks.
for this i am using a piece of python code that logs in, fetches my feed and then parses that and does whatever with it, im not sure yet. there are a couple of roadblocks i am encountering.
I am using the /v3/accounts/signin endpoint to login, so I can access my private feed.
Then i fetch the feed via the /v4/feed/private endpoint.
- If I log in more than about 20 times in a row, geoguessr times out my account for an hour. Nice security measure for preventing bruteforce password attacks, but why does it also count valid logins? Shouldn't that only count invalid logins? Otherwise people who are testing their code are just unnecessarily rate-limited.
- /v4/feed/private returns a mess of a json object, with payloads embedded within payloads. Sure it works for the official website itself, but why not clean this up so data-nerds like myself and many others can develop their own applications that interact with the API? several community projects, like the plonkit bots, are forced to work around all these weird API quirks.
Follow this post
1
followers
Removed comment