I'm really excited to announce the alpha of our new product SteemAccess.
SteemAccess is our solution to the problem of integrating third-party applications with steem without the requirement to disclose private keys to those applications. Instead the third-party application or website requests permission to act on your behalf and you may either accept or decline such requests.
Demo: https://www.steempower.org/oauth2/demo
Markdown Editor - Post Directly to Steemit
We are happy everyone has been enjoying our full markdown editor. We're happy to announce that our editor can directly post to Steem without needing to copy and paste your text into Stemit.
Type in your post title and category, fill in any tags and click Publish
SteemAccess Current Features
SteemAccess allows registered applications to perform the following actions with your steem account:
Read your profile information
Read information from your profile or blog - note that applications can not change your profile, only read it
Upvote posts on your behalf
Applications can upvote posts for you, this feature is used by Steem PowerTrail for example
Post content on your behalf
Applications can make posts for you, this is used by apps such as our editor
Security and Privacy
We take your security and privacy very seriously and that is why we built SteemAccess so that we can offer useful tools and apps to you without compromising your steem account. The only time our server sees your private key is immediately after you login and whenever it is needed to perform an action. Unencrypted private keys are never written to disk, only stored in memory. To protect your private key from being compromised we use the highest possible key length to encrypt it using the well-tested blowfish algorithm. From time to time we will also revoke all capabilities and switch encryption keys.
Third party apps are restricted to performing actions that you have authorised them to perform and we are working on a web interface that will allow you to revoke permissions at any time from any supported application. In addition, the current default is to expire all granted permissions after 1 hour.
API Updates
We've made some awesome updates to our API for everyone to enjoy.
We have various APIs available that enable you to integrate your own applications and scripts with steem. These APIs are intended to make life simpler for application developers and provide the tools needed to interact with steem so that you can focus on your own application and not the details of integrating steem.
The current API endpoints are listed below:
- REST
https://www.steempower.org/api-v0
Public read-only service
This endpoint offers a REST interface with resources represented as JSON. At present this is a read-only API and intended to enable applications such as blogs on external sites pulling data from the steem blockchain.
- OAuth2 user authorization form
https://www.steempower.org/oauth2/auth
Available only to specific developers, currently in alpha
This endpoint implements part of the OAuth2 standard and allows applications to request capabilities by presenting a form to the end user. You should NOT access this endpoint directly from your server but instead should direct the user's browser to it. Parameters are passed as standard HTTP GET query values and are documented below.
- OAuth2 popup JavaScript
https://www.steempower.org/oauth2/popup.js
Available only to specific developers, currently in alpha
In order to provide a consistent experience for end users you should present the OAuth2 authorization form as a popup window with a resolution of 532x824 pixels. Your redirect URL should also be compatible with this resolution.
This endpoint provides a javascript function that may be used to create such a popup from your own application.
- OAuth2 token retrieval
https://www.steempower.org/oauth2/token
Available only to specific developers, currently in alpha
You may obtain the granted capability URLs and username via this endpoint. Parameters are passed as GET query values. This endpoint should be accessed directly by your server and NOT via the user's browser. You should also consider the parameters and return value for this endpoint as sensitive information as the capability URLs are not tied to a specific IP address and may be used by anyone who possesses them by design.
- HTTP Capabilities
https://www.steempower.org/caps
Available only to specific developers, currently in alpha
This endpoint is the default endpoint for capability URLs generated on behalf of a steem user or any other entity. The usual way to obtain them is to use the OAuth2 protocol as described above. By making use of the capabilities API your application may act on behalf of the end user using a simple HTTP interface.
SteemPower Witness Vote
Help keep SteemPower running! Voting for us as witness pays for the development of apps and tools for Steem.
Vote for us as a witness the following way:
https://steemit.com/~witnesses click the arrow next to "charlieshrem"
Does this mean steempower.org has to have a copy of your key?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Good question - We never ask for your owner or active key, only your posting key. Your posting key gives us access to only post/vote on your behalf. The only time our server sees your posting key is immediately after you login and whenever it is needed to perform an action. Unencrypted posting key are never written to disk, only stored temporarily in RAM. To protect your posting key from being compromised we use the highest possible key length to encrypt it using the well-tested blowfish algorithm. From time to time we will also revoke all capabilities and switch encryption keys.
Posting keys can NEVER be used to touch any funds in your account.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I'm glad to see you are taking the storage of keys very seriously even if they are only posting keys.
I was going over the responsibility of hosting keys securely with a friend earlier today when discussing a new Steem based project. I was thinking of an encryption solution like you described but I think you just solved all my issues. I'll just let you host the keys.
Thanks!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
When you have time would you explain what "vote on your behalf" means exactly? Just like it sounds I'm sure tho, as in Vote Like A Bot? (good dot com for ya maybe)
Basically I can go to work or to sleep and SteemPower.org willjust upvote articles automatically, and I get paid?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Essentially, we are building SteemPowerTrail so you can follow the trail of curators who vote on good content or you can donate voting power to @curie or @robinhoodwhale
More information: https://steemit.com/steemit/@charlieshrem/steempowertrail-alpha-follow-curators-and-your-favorite-authors-donating-all-my-voting-power-to-curie
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Yup I remember that, thanks for the clarification.
Well in my few weeks here I've never voted for a witness, and I'm even a but sketchy on exactly what it means (hence the non-voting so far) but you just got my first one. You do tons here to make it better, thanks greatly, and I hope my vote helps you help others.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
It means just what it sounds like: an external app can get permission to upvote on your behalf. Once it has that permission it can indeed do it while you sleep.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Right, I was mainly asking the "and I get paid" question, for clarity, comparing this to steemvoter.com for instance (which I haven't signed up for, but might). Charlie seemed to indicate that his was for donating voting power to worthy others, if I understood correctly.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
WOW! My wish from the comment has been granted!
Way to go @charlieshrem and @garethnelsonuk
I plan to use this from here on out! ;)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
We listen :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
That's what I like to hear!
Shrem on! ;)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
GREAT NEWS!!! Thank you for your hard work and dedication to quality work. Looking forward to using these tools. Namaste :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Please let me know what you think of this project @charlieshrem.
https://steemit.com/vip/@voteinterestpool/vote-interest-pool-vip-feature-contentjunkie
I'd appreciate any feedback you have.
You guys are working fast at steempower.org. everything is looking great! Hopefully catch you in steemspeak radio again :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I am constantly astounded by the speed with which new things are developed for Steemit. This is anarchy in function :-)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Very cool!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Very interesting and useful stuff. Possibly long reaching for all sorts of applications.
May I ask a stupid question?
When I enter my posting key into the Steem posting key field - who guarantees that it isn't stored someplace? Except your words, of course :)
At the end it is the matter of trust. Or am I wrong?
PS: I could ask the same question at FB or G+ or ..., of course :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Your key is stored, but stored encrypted - and even the encrypted form is not actually saved to disk in our server.
The server could of course store the key instead of encrypting it though and you only have my and charlie's word on that. If it helps, it'd be quite silly to actually hijack someone's account while trying to build things for the community .
Then of course there's the fact you can generate a second posting key in the cli wallet and use that instead. If SteemPower ever becomes untrustworthy then you can revoke that key.
You are correct in saying that you could ask the same on facebook or whatever - but at least with SteemAccess we are actually taking precautions to NOT store your key until it's used. Then of course third party apps can be authorised safely because SteemAccess can revoke caps if the third-party app is malicious.
I'm quite proud of this system actually - all of this works without a database at all (seriously - there is no database) unless you count the blockchain as a database. A bit of crypto magic means that we encrypt your key and any parameters needed to perform the action requested by the app, and then we go insane and send this to the app - which can now use the cap to do stuff until it's expired (an expiry timestamp is simply checked against current time - still no database).
When making an HTTP request, you send the URL you're after back to the server. The server then just treats it as a string, decrypts it, checks for expiry or revocation and then does what was requested and sends back results.
Your posting key is basically stored with the authorising app, but in a way they can't access it.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thank you very much for along and thorough answer. I can see that you care about this. Congrats.
I don't have doubts in you or your services. I was simply voicing the most prominent question. And I've got a great answer.
By the way - I consider blockchain to be the database. The mother of all future databases :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Power Trail seems promising!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Is not working for me @charlieshrem :(
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
We're having some issues due to load, they should be resolved soon. In the meantime, save your post as a draft or copy+paste it into a text file and retry in 20 minutes or so.
You can also of course just copy+paste direct into steemit. Please do not be concerned about your posting key as the authorisation will expire an hour after being granted.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I've tried twice so will wait an hour or so...
It's saved as a draft, but also in Google Drive, just in case ;)
Will copy and paste into steemit in the meantime.
And no worries, I'm not concerned about my posting key, I have read all the info before doing anything :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Boom! fixed
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Nope :(
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I ran a test post just after fixing and it did go through, some things to check on your end:
If none of this works please let me know your exact browser version and your IP address you used so I can check the logs.
You can email this info to me at [email protected] - use "steempower nelyp" as the subject line and i'll do whatever I can to make it work for you.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hi @garethnelsonuk. Ok, will try all that you said and let you know.
Thank you for replying and thank you so mucho for your help. I appreciate it :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
like anyway we can share something from say FB or Twitter on Steemit?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
That's a cool idea that i'll investigate.
It should be fairly easy to do the other way round too - share your steem posts to facebook and twitter automatically. If there's interest i'll code that today.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Good job!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Nice extensiblity!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I'm excited to use the Markdown Editor. Will use it soon , Thanks!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thanks... I'll try it now!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
awesome :D
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Good work on this! Hope it continues to improve..
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Excellent.... all the pieces are coming together.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Awesome looking forward to trying this out :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
AWESOME PROGRESS!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
This is great! I look forward to all the new and exciting things you guys are working on! I can't wait for the mass adoption of Steemit.com and the Steem currency! :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
So much to learn about all this stuff lol, it blows my mind every day. Keep up your good work @charlieshrem -- Have a good week!!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Nice one, will definitely try it out!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Small suggestion, you could make your entire script run frontend so the users can see what's happening to their keys, and attach some kind of sessionID to it on your backside so the auth checks against the stored sessionID.
This would eliminate sending keys to your backend. Crypto users will always be paranoid about sending keys to unknown pages.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
That wouldn't work for apps that need to do stuff while you're offline, we're looking into trustless authentication though.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Yeah, this is great, thanks for the information - STEEM-ON! - Resteemed
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I just reviewed the site. Interesting .
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I just tried to find that review of yours and couldn't see it - i'd love to read it so please send me a link.
All feedback (good or bad) is useful :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
This post has been linked to from another place on Steem.
Learn more about linkback bot v0.4. Upvote if you want the bot to continue posting linkbacks for your posts. Flag if otherwise.
Built by @ontofractal
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Great news. Will you also offer a zap on zapier or an ifttt - if this than that?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Can you explain what you are talking about?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
This is very exciting!! I am very excited to start learning more about how to use Steem!! I am a brand new user! Thanks to Cardiff!!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Well done, thanx for the information :-)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Are we able to schedule posts with these apps?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
That's the eventual goal yes :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
The editor is pretty amazing. Thanks for your work on it.
Is it possible to get it to read the "push-right" and left commands, even if they're not included in the edit bar? I'm trying to use it to dial in some aspects of my article, and can type these commands manually, but without the images showing I can't tell what's going to happen. :)
Thanks again.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit