BoomScapeOfficial Posted December 16, 2022 Posted December 16, 2022 Hello, I am adding to my API that I currently have. I am needing to add a check to see if the IP Address is matched against the banned IP Address table, as far as I know it should be done like so with the API "https://your-community.com/api/index.php?/core/members/ip/{ip}"; With {ip} being replaced with the IP with the users IP to check against it in our database. But this doesn't work, it just returns an error "errorCode": "3S291/2", "errorMessage": "BAD_METHOD" Does anyone know how this can be done, it seems extremely hard to use the API Documentation on IPB and seems to be missing a lot of the methods on the following page https://invisioncommunity.com/developers/rest-api/index/ I have also tried for example, would appreciate if someone could point me in the right direction here!/api/index.php?/core/members/&ipaddress
Daniel F Posted December 16, 2022 Posted December 16, 2022 https://invisioncommunity.com/developers/rest-api?endpoint=core/members/GETindex are the only methods, which are available ! Unfortunately there's no way to check the IP at the moment. If you need this, you'll need to implement your own endpoint for this!
BoomScapeOfficial Posted December 16, 2022 Author Posted December 16, 2022 1 minute ago, Daniel F said: https://invisioncommunity.com/developers/rest-api?endpoint=core/members/GETindex are the only methods, which are available ! Unfortunately there's no way to check the IP at the moment. If you need this, you'll need to implement your own endpoint for this! I am really lost as to how this isn't a method? Why am I paying $60 per 6 months and not even getting basic endpoints is beyond me.. This is all default stuff on other systems, really disappointing to hear this as you can IP Ban people, but they can still register through the API as their IP is never checked as there is no functionality for it? Really disappointing Is there even any documentation on how to add your own endpoints with IPB as I can't find anything online for adding custom endpoints to IPB
Management Charles Posted December 16, 2022 Management Posted December 16, 2022 Sorry to hear your specific endpoint need isn't in the platform right now but thanks for letting us know you need it. We have hundreds of API functions so it's reasonable that we cannot have every single possible permutation 🙂 We do add new API functions all the time though so we can look at adding something in a future release. If you are interested in adding custom code, you can read our docs on custom applications.
BoomScapeOfficial Posted December 16, 2022 Author Posted December 16, 2022 2 minutes ago, Charles said: Sorry to hear your specific endpoint need isn't in the platform right now but thanks for letting us know you need it. We have hundreds of API functions so it's reasonable that we cannot have every single possible permutation 🙂 We do add new API functions all the time though so we can look at adding something in a future release. If you are interested in adding custom code, you can read our docs on custom applications. To be honest it feels impossible to find things around this site so would be helpful if you linked something. Would also be super helpful for you guys to add this as a default API functionality, how it isn't is beyond me.. There isn't even any API usage that can look at 'core_banfilters', I'm literally stunned how you guys haven't added this. Though at the same time it makes sense as you never even know if a member is IP Banned as there is no filter for it, unless you manually search for it through the 'ban settings', overall it seems to be incredibly lazy how the banning system is done on IPB. For example, you can move a player to 'banned' group when banning them, but once the ban is automatically removed it doesn't even put them back in the previous group they had lol. I think others would agree, it's handled incredibly bad. I'd like to see improvements made to that and would really like to see some type of API functionality where I can check to see if the person registering is IP banned before letting them sign up through the API.
Management Charles Posted December 16, 2022 Management Posted December 16, 2022 We never added it because you're the first to ask for it 🙂. Everything has to start somewhere. You can find the Developer docs by clicking on the top navigation Help and then Developer Resources. AlexJ 1
BoomScapeOfficial Posted December 16, 2022 Author Posted December 16, 2022 1 minute ago, Charles said: We never added it because you're the first to ask for it 🙂. Everything has to start somewhere. You can find the Developer docs by clicking on the top navigation Help and then Developer Resources. I'll look into this, but please can you add that functionality to your to do list, I'm really surprised functionality like that has never been asked about before, as it really doesn't make sense to allow registration through an API, where the IP Ban is never checked.
Management Charles Posted December 16, 2022 Management Posted December 16, 2022 Just now, BoomScapeOfficial said: I'll look into this, but please can you add that functionality to your to do list, I'm really surprised functionality like that has never been asked about before, as it really doesn't make sense to allow registration through an API, where the IP Ban is never checked. I would guess no one has asked about it before because we gently discourage clients from relying on IP banning in our platform. In fact, I would hope someday it is phased out. It is not really a reliable way of controlling access in the modern internet specially as IPv6 becomes more popular. If you do need to IP-ban, it's better done at the firewall level on your network as that is what your firewall is good at doing. IP-banning in our platform I would argue is a bit of holdover from a different era of the internet.
BoomScapeOfficial Posted December 16, 2022 Author Posted December 16, 2022 Just now, Charles said: I would guess no one has asked about it before because we gently discourage clients from relying on IP banning in our platform. In fact, I would hope someday it is phased out. It is not really a reliable way of controlling access in the modern internet specially as IPv6 becomes more popular. If you do need to IP-ban, it's better done at the firewall level on your network as that is what your firewall is good at doing. IP-banning in our platform I would argue is a bit of holdover from a different era of the internet. That is a terrible way of banning IPs from accessing the website, staff members don't have access to our Server where this would be configured. Not sure why you'd discourage using IP bans, in certain cases it is required.
Management Matt Posted December 16, 2022 Management Posted December 16, 2022 We have 9 different IP addresses in our database tied to your account. Banning one of them probably won't make any material difference. 🙂 We have added a ticket to investigate an API endpoint that can take an email address or IP address and tell you if it's banned or not. There is no timeline on when this will be available, but we are listening. Jim M and AlexJ 2
AlexJ Posted December 16, 2022 Posted December 16, 2022 33 minutes ago, BoomScapeOfficial said: That is a terrible way of banning IPs from accessing the website, staff members don't have access to our Server where this would be configured. Not sure why you'd discourage using IP bans, in certain cases it is required. Suggestion to help find the solution: 1) IP: You should ban IP's not at a website side rather Cloudflare if you are using one. You can ban ASN's, IP's, Subnet's, etc. in Cloudflare including by Country, as well. 2) User: That you can only ban at IPS side.
BoomScapeOfficial Posted December 16, 2022 Author Posted December 16, 2022 1 hour ago, Matt said: We have 9 different IP addresses in our database tied to your account. Banning one of them probably won't make any material difference. 🙂 We have added a ticket to investigate an API endpoint that can take an email address or IP address and tell you if it's banned or not. There is no timeline on when this will be available, but we are listening. Thank you for adding this to your todo list, I appreciate that, the big issue for me is because this all connects with our Game Server, and we handle bans from their account on IPB, ofcourse I can just implement an IP Ban system on the game end of things, but this isn't good practice when it comes to unbanning that players IP. 1 hour ago, AlexJ said: Suggestion to help find the solution: 1) IP: You should ban IP's not at a website side rather Cloudflare if you are using one. You can ban ASN's, IP's, Subnet's, etc. in Cloudflare including by Country, as well. 2) User: That you can only ban at IPS side. As I mentioned above, banning their IP from cloudflare wouldn't make a difference in my specific case, as the API which isn't accessed through the website, but through our game server which is hosted on a separate server. The user never needs to access the website for registering. Of course I could add extra steps to the sign up process, like making the user confirm their email, but I prefer not to do this, which makes the sign up process easier for the user. Matt 1
Recommended Posts