Announcement

Collapse
No announcement yet.

Logging in without an SSL certificate

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Logging in without an SSL certificate

    At the moment I am writing a BOT to replace the SOAP version and everything is working including being able to login without an SSL. I see a lot of talk about using OpenSSL and self signing and linking the certificates to your account etc.

    This BOT is just for me - I'm not re-selling it so does that mean I still need to go through this process as at the moment I can make a direct HTTP request to the LoginURL and then collect the cookie ssoid to save to a file, and re-use with my AppKey to place bets, cancel bets, get prices and so on.

    Is this a mistake, something that is going to change or can I carry on using this method?

  • #2
    SSL Certificate

    Hi Monkeymagix
    I'm in exactly your situation. I'm pretty sure you can continue without an SSL cert. Betfair have, however, strongly recommended that personal users such as us employ the SSL certificate for extra security. I generated a certificate, which took a little bit of homework (with openSSL), although I haven't uploaded it to Betfair, as I'm not sure that I want to go down this route. There is a lot of talk about SSL susceptibility to the Heartbleed virus at the moment, so whether it really does make your app safer is open to question. Betfair have in fact stated somewhere that their systems are safe from Heartbleed.
    With regards
    Mike

    Comment


    • #3
      Thanks

      Hi

      Thanks for replying.

      So Betfair are not at some point going to turn around and turn off any accounts trying to access the API without using an SSL.

      As the endpoints are actually HTTPS anyway then the data being transferred from my PC (my BOT) to Betfair is surely already encrypted. So what extra security does having my own SSL cert give me?

      Also do you have the links and URLs / Guides that you used for your Self Signed SSL creation etc. I have had a hunt around the web but there seems to be no simple easy "how to" guide etc - which has been the same as this whole API-ING "adventure", a very long walk into nightmare forest without a torch.

      The amount of code I have had to write and from what it looks like for not much benefit plus downsides such as runners not having their country codes in their names or non alpha numeric characters which means getting a racecard before hand and then doing various loops of checking to ensure you get a match with the right horse etc.

      Plus their change from ISO3 country codes to ISO2 - why?

      I don't really get some of their data changes and it's been a slog to get this far. I just don't want someone to make my BOT unusable due to not having my own SSL certificate.

      Thanks

      Rob

      Comment


      • #4
        SSL Certificate

        Rob, They won't insist that you use an SSL cert or make your app unusable - it's just their recommendation. I'll sort out the links I used for you re SSL (I suspect from what you've said you won't create a cert - same as me).
        Mike

        Comment


        • #5
          SSL Certificate

          Rob, I found this tutorial useful:

          The whole series of tutorials was interesting, but is based around Python. I use Visual Basic but still found the series helpful. In any case, the SSL specific tutorial doesn't require a knowledge of Python (maybe you know this language anyhow).
          With regards
          Mike

          Comment


          • #6
            Thanks - Logging Out

            Thanks for that article.

            I spoke to the Betfair Dev team and they said there was no threat of them turning off the ability for users without SSL's to access the site.

            Also as the site is HTTPS anyway the content from my PC to them is encrypted so having my own SSL wouldn't add any more security unless I was selling my product and allowing others to use it etc.

            By the way I don't suppose you have the code you are using for logging out of Betfair. Even though I am passing my session in the X-Authentication header I am getting a "no session" error in the response.

            I am writing my code in C# but it doesn't matter what language you are using I just need to know what headers to pass and the appropriate values e.g

            X-Authentication: [SESSION ID]
            Convert post data into stream = &product=[APPKEY]&url=[ENCODED(https://www.betfair.com/)]
            response.ContentType = application/json-rpc

            etc etc.

            I am just having problems logging out and wonder if you could help me. I have tried copying other peoples examples and so forth but nothing seems to help.

            Thanks a lot!

            Comment


            • #7
              Logging out

              Hi Rob
              Sorry for late reply - have had a busy time with York!
              At the moment I'm not formally logging out with my proto-API-NG app. I'm simply closing the app. I'll be adding logout & maybe keep alive functionality later. However, davecon and others have covered this elsewhere on the forum. I'll dig out the link for you.
              With regards
              Mike

              Comment


              • #8
                Logging out link

                Rob, Here is the link:

                The correspondence here, along with davecon's basic app (earlier in that thread) should cover all you need for logout operations. It's in Visual Basic (davecon converted from C# using free Instant VB software). I would imagine there is similar software to convert it back. If not, you might have to prevail on davecon to provide the source C# code, or maybe you know how to do this already, as you say the language doesn't matter.
                With regards
                Mike

                Comment


                • #9
                  Hi

                  Thanks for that link, the logging was killing me, I just couldn't get it to work whilst logging in was easy.

                  I can convert VB.net to C# so that shouldn't be too much of a problem.

                  Thanks for your help

                  Rob

                  Comment

                  Working...
                  X