More advanced power purchasing

24 views
Skip to first unread message

Jonathan

unread,
Dec 22, 2009, 3:53:00 PM12/22/09
to Powershop Developers
Rather than provide an API only for topping up, why not allow
purchasing of any kind of power (specials/packs)?

Matt Dillon

unread,
Dec 22, 2009, 4:42:22 PM12/22/09
to Jonathan, Powershop Developers
Hi Jonathan

I've just been talking to Ari about this - his response:

The real reason is to cap the damage a malicious attack could do - ie worst case scenario is no worse than a monthly auto purchase. we don't want an attacker going rampant on a customer account. So I would say that it is for customer security - we may offer more functionality in the future, but security comes first.

Cheers

Matt Dillon
Powershop
021 762 538
matt....@powershop.co.nz

On 23/12/2009, at 9:53 AM, Jonathan wrote:

> Rather than provide an API only for topping up, why not allow
> purchasing of any kind of power (specials/packs)?
>

> --

iisfaq

unread,
Feb 15, 2010, 3:00:19 PM2/15/10
to Powershop Developers
I too would like the ability to make purchases of other products via
the API.

I guess the security issue must be looked at but if there is a limit
imposed such as $250NZD per transaction and $1000 NZD per month
imposed at a Powershop level then generally people would be safe. They
would also have to opt in and maybe by opting in they identify their
maximums up to the system imposed limit.

Chris

On Dec 23 2009, 10:42 am, Matt Dillon <matt.dil...@powershop.co.nz>
wrote:

Ari Sargent

unread,
Feb 15, 2010, 5:50:48 PM2/15/10
to Powershop Developers
This is certainly something we will consider for inclusion in the
future.

Jared Armstrong

unread,
Mar 8, 2010, 6:00:42 AM3/8/10
to Powershop Developers
I agree with others - only being able to make "top up" purchases is
severely limiting, since as far as I'm aware, many customers mainly
purchase the value packs or specials (including myself).

Despite the utility provided by the app I'm about to write - I will
still probably log in to make purchases for the value packs.

I can understand the concern about "malicious apps" purchasing power
etc. However, I don't see that this would be a common issue simply
because there is no incentive for an app writer to make such malicious
purchases (other then sheer amusement).

I think an acceptable compromise would be, as Chris has said, a
limitation on the amount purchasable per day/month - ideally as a
function of the user's current power usage metrics.

I understand that security comes first - but at the moment I'm asking
myself why I don't just ask my app user for their Powershop email and
password. By doing so, I'd gain all the functionality of the API and
also a lot of the functionality it's missing (at expense of simplicity
of access and long term maintainability). Obviously I'm not going do
this - but at present it would be a more powerful option. A thought
to consider when planning improvements to the API.

Despite all this, I still think it's still pretty damn cool that my
power company has given me an API to play with at all :D

Cheers :)

Jared

Reply all
Reply to author
Forward
0 new messages