• teo over 2 years ago

    Hi, Everyone. On February 1, 2014 we will be making the following changes to the Discogs API:

    1) We will no longer offer the Premium API service. Current customers have been notified.

    2) Image requests will now require an application id. Image requests will also be limited to one per second and 1,000 per day, per application id (instead of per IP address).

    You can create an application id here: https://www.discogs.com/settings/developers

    Please see the Image request documentation for information on including an application id with Image requests:
    https://www.discogs.com/developers/resources/database/image.html

    Again, these changes will take effect on Feb 1, 2014. We are making these changes to improve the overall performance of the Discogs website.

    Please let us know if you have any questions. thanks
  • little_alien over 2 years ago

    I use the thumbnail image in a personal single user database application of mine and public access has been disabled I see. https://www.discogs.com/developers/resources/database/image.html does not say how to include the ID. Or do I need to go the whole OAuth way just to include the thumb in my application?
  • jweijde over 2 years ago

    Like to know that too.
  • Naomis_bargains over 2 years ago

    It looks as if I have to download software onto my PC.

    Is this a browser add-on? If so, has it been approved by Mozilla?

    Will it interfere in any way with any other add-ons I have (in particular, Adblock Plus and Noscript)?

    Will it be doing anything else in the background other than allowing me to pictures when I request them?

    Will this lower my Firefox's security settings in ANY way?

    Overall, I'm VERY uneasy about this.
  • devinterface over 2 years ago

    Hi Teo, this url: https://www.discogs.com/developers/resources/database/image.html doesn't show how to use the application ID.
    Can you explain it better?
  • little_alien over 2 years ago

    devinterface
    Can you explain it better?

    Yes, please do.
  • vreon over 2 years ago

    little_alien
    Or do I need to go the whole OAuth way just to include the thumb in my application?

    Yes, that's correct.

    Naomis_bargains
    It looks as if I have to download software onto my PC. [...] Overall, I'm VERY uneasy about this.

    Don't panic! :) This change is for a separate system that's used by developers of third-party applications. Browsing the Discogs website will operate exactly as it has in the past, no extra addons or extensions required.

    devinterface
    Can you explain it better?

    Apologies for not having the documentation updated in advance of this change, we dropped the ball here. The Image resource will require OAuth authorization in exactly the same manner that others (like /oauth/identity) do.

    If there are any other questions or clarifications required, let me know and I'll respond here.
  • germanc64 over 2 years ago

    Hello,

    i didn't understand, why image requests are limited per application id.
    Every user of a third party app have to create a application id ?

    If this is the right way, you should rename it to customer id for better understanding.
  • elstensoftware over 2 years ago

    Wow, I assumed by "application id" being required you meant user-agent. At no point has OAuth been mentioned to me.

    You already know this, but it would have been nice to have been informed as a previous premium API customer.
  • vreon over 2 years ago

    germanc64
    i didn't understand, why image requests are limited per application id.
    Every user of a third party app have to create a application id ?

    The intent is to limit the number of image requests to 1,000 per day across an application's entire install base.

    elstensoftware
    Wow, I assumed by "application id" being required you meant user-agent. At no point has OAuth been mentioned to me.

    The OP does say "create an application id here: <link to OAuth Application creation page>", but you're right -- it should have read "consumer key" rather than application ID at least.

    elstensoftware
    You already know this, but it would have been nice to have been informed as a previous premium API customer.

    I agree. We'll do a better job of communicating and clarifying breaking changes like this in the future. You should definitely subscribe to the API Announcements thread (right hand side, "Notify Me of Replies") if you're not already.
  • GPackage over 2 years ago

    hello, I realize that now every user of a third-party application must have an account on discogs to access the images. is that so?
    there will be a few alternative service to this rule?
    thanks
  • usedgrooves over 2 years ago

    We began to get 401 unauthorized refusals yesterday afternoon.
    You must authenticate to access this resource.

    Since they did not happen until yesterday afternoon
    We had thought we dodged a bullet with this change. NOT!

    We use oAuth to upload our Listings all the time
    However we are still getting 401's when we send
    The image request with the full oAuth authentication
    GET http://api.discogs.com/image/R-4384288-1383239495-2146.jpeg HTTP/1.1
    Authorization: OAuth oauth_token="xxxxxx",oauth_consumer_key="xxxxxxxxxxxxxxxx",oauth_nonce="TseR3xA2",oauth_signature_method="HMAC-SHA1",oauth_signature="dddddddddddddd",oauth_version="1.0",oauth_timestamp="1391364890"
    User-Agent: MINDCEPT
    Host: api.discogs.com

    HTTP/1.1 401 Unauthorized
    Reproxy-Status: yes
    Access-Control-Allow-Origin: *
    Content-Type: text/plain
    WWW-Authenticate: OAuth realm="http://api.discogs.com"
    Server: lighttpd
    Content-Length: 47
    Date: Sun, 02 Feb 2014 18:14:33 GMT
    X-Varnish: 3448250291
    Age: 0
    Via: 1.1 varnish
    Connection: keep-alive

    You must authenticate to access this resource.

    I am obviously doing something wrong

  • bedhed3000 over 2 years ago

    bedhed3000 edited over 2 years ago
    vreon
    You should definitely subscribe to the API Announcements thread (right hand side, "Notify Me of Replies") if you're not already.

    Is this really the best place to get announcements? No updates for the last 2 months.

    It sounds like folks familiar with OAuth 1.0 should be fine, but do you have any idea when the docs will be updated?
  • elstensoftware over 2 years ago

    In a rush I've worked out how to use OAuth this afternoon. Would have preferred to have been doing something else with my Sunday but there you go! Wasn't so bad... it's a three step process:

    1) Obtain a request token from the request token URL. This appears to be a URL (or is a URL with the request token in the query string)
    2) Redirect the user to the URL. This is to a page on the discogs.com domain. The user then authorises which either gives them a code they can insert into your app or you previously register a callback which gets called with the code (I did the former for now).
    3) Using the auth code you can then retrieve an access token which can be used to sign requests
  • imoto.morefun over 2 years ago

    Hi, I am wondering if your document would give us more info about getting images.
    I want to know the example of full path to get images with what parameters are required.

    ex): http://api.discogs.com/image/R-3400703-1331018194.jpeg?oauth_consumer_key=XXXXX&oauth_cunsumer_secret=XXXXX

    Thank you for you support all the time.
  • ijabz over 2 years ago

    So have I got this right, you dont want tagging applications to access your image database anymore. Because clearly a limit of 1000 images a day shared over all installations of the software is pointless.
  • mkdg over 2 years ago

    it depends. If there is some offline bulk data transfer available, which would allow developers to create their own image cache, then they could use this limit to update only the changes during the day. Otherwise it's really pointless. I for my part am quite pissed. I use discollector on an Ipad as primary discogs access and definitlely dont do a lot of image traffic as the app caches images. But simply to get thrown out is not a good solution. I for my part would even be willing to pay a premium fee (say $12/yr) to get access to the images back.
  • bedhed3000 over 2 years ago

    mkdg
    I for my part would even be willing to pay a premium fee (say $12/yr) to get access to the images back.

    There was a premium API service, but not anymore.

    I use the API to display a simple Javascript widget on my website that displays the last 10 records I've added to my collection. I use the thumbnail from each release, but now that I have to authenticate in order to display the thumbnails, so I'll have to just display the release info without the record cover. It would be nice if we could at least display the release thumbnail without having to authenticate. They are tiny images compared to most of the actual release images. Other API's, such as Soundcloud's, don't make you authenticate to use their image resources. You just have to provide your consumer key as a parameter in your API calls. Couldn't we do it this way? You'd still be able to track image requests on an app X app basis.
  • ijabz over 2 years ago

    Im speaking from the pov of an application rather than a website it sounds like the problem was to do with websites hot linking images, but if so why penalize applications such as taggers. But I'm still confused about if I ten people have an application installed is there a way they can access to 1000 images a day each, or only 1000 between them, would be nice if discogs actually replied when questions asked.
  • point. over 2 years ago

    same problem with foo_discogs free tagger for foobar2000, just assume how many users could use it
  • barlit over 2 years ago

    One would assume that a large percentage of people contributing artwork would be extensive users of taggers. Why contribute if access to the data is next to impossible? 1000 images per day per application is not worth the time to implement the new authentication scheme.

    Instead of developers implementing better access to Discogs and constantly adding functionality you're going to have people trying to get around the issue. Already people are talking about caching. It all seems rather pointless. In the end all the loyal Discogs users suffer.
  • mkdg over 2 years ago

    Well, obviously image transfer is a bandwidht intense thing, so I can fully understand cutting corners here, especially as there's probably at least a 1:10,000 ratio of Image contributions vs. usage. And a lot of the softwares grabbing images do not even have a feature to contribute anything.

    But it should still be possible in the api to base it on a user as being allowed to transfer this amount, probably by paying a premium fee.

    It still would help if some of the Image-Using softwares would build up their own access webfarm, which implements sufficient caching to reduce the burden on the main infrastructure. This is only fair.

    Mike
  • MD_PRD over 2 years ago

    I really wonder if the Discogs-staff made the right decision. I'm forced to disable the feature to get images. Too bad, Discogs is a very important feature for my application but I refuse to impose impact on my end-users.
  • tsw004 over 2 years ago

    Speaking from the pov of an mp3tag user this change is very disappointing. I use an mp3tag script to tag my mp3s from the discogs database but I'm now unable to use the discogs images for album art. Or rather I can still use the images but I now have to manually download them from the discogs website. So the end result is no change to discogs bandwidth requirement but a lot of extra work for me to tag my mp3s.
  • marcoc1712 over 2 years ago

    @elstensoftware could you please give us some details? I'm using Scribe, I get the token buf I'm not able to use it.
    if I use the URL I get (http://www.discogs.com/oauth/authorize/authorize?token=xxx) i receive an error 404, i I use the url I've got for discogs (http://www.discogs.com/oauth/authorize) I went to the login page (if not already logged in) then I get an error like:

    We're sorry, but we were unable to complete your request.

    When reporting this problem to Discogs Support or in the Discogs Help Forums, please describe what you were doing. Also, provide the following information:

    error code: 8142465

    uri: http://www.discogs.com/oauth/authorize

    How did you solved?

    thanks in advance, Marco.
  • andrewboie over 2 years ago

    If anyone has some example Python code showing how to do this it would be much appreciated
  • ijabz over 2 years ago

    (Disclaimer I am SongKong developer) if Discogs are not going to change this to per user tagger users should perhaps consider alternatives such as MusicBrainz. Until a year ago Musicbrainz only offer limited cover art support but now they provide an api to the CoverArtArchive that contains an ever growing high quality cover art repository https://musicbrainz.org/doc/Cover_Art_Archive/API . Taggers such as SongKong and Bliss already make use of this repository.
  • tsw004 over 2 years ago

    ijabz
    (Disclaimer I am SongKong developer) if Discogs are not going to change this to per user tagger users should perhaps consider alternatives such as MusicBrainz. Until a year ago Musicbrainz only offer limited cover art support but now they provide an api to the CoverArtArchive that contains an ever growing high quality cover art repository https://musicbrainz.org/doc/Cover_Art_Archive/API . Taggers such as SongKong and Bliss already make use of this repository.


    Thanks for the suggestion ijabz, I guess MusicBrainz (and freedb) databases are ok for mainstream music and/or music that has been released on cd, but in my experience they're useless for obscure music. Personally I'm interested in obscure and vintage dance music (12" vinyl) for which discogs is the gold standard and the only viable option.
  • ijabz over 2 years ago

    @tsw004 whilst I would agree that Discogs does have better coverage of both Vinyl and Vintage Dance then Musicbrainz it is unfair to lump MusicBrainz in with either freedb or mainstream music. I think it would be interesting for you to check a selection of your music to see if it is available on MusicBrainz - I for one would be interested in the results.
  • elstensoftware over 2 years ago

    Over at OneMusicAPI ( http://www.onemusicapi.com ) we've been a user of Discogs for some time. On the question of caches, let's make the assumption that interest in releases follow a long tail style pattern (e.g. lookups for images for The Beatles are orders of magnitude more common than your local indie band).

    Depending on the distribution I believe the long tail can be a good application for caching.

    That's why we've been building a cache at OneMusicAPI since news of this change was sent out... but before we enable it we're going to check some of the possible legal issues. I've not seen a separate licence for the images in Discogs. If the licence is the same as the data (public domain) it should be fine to allow access to the cache.
  • dansauk over 2 years ago

    I believe all data here is covered by the same license
  • tsw004 over 2 years ago

    ijabz
    @tsw004 whilst I would agree that Discogs does have better coverage of both Vinyl and Vintage Dance then Musicbrainz it is unfair to lump MusicBrainz in with either freedb or mainstream music. I think it would be interesting for you to check a selection of your music to see if it is available on MusicBrainz - I for one would be interested in the results.


    @ijabz At the risk of going somewhat off topic I checked a few of the record labels I collect against Discogs, RollDaBeats (the only other database that comes close to matching discogs in my experience) and MusicBrainz respectively. The results I think are quite conclusive. Most of the record labels I chose are fairly major players, albeit within a very niche musical sub genre. For smaller record labels and not on label releases I almost always find no information on MusicBrainz.

    Label
    (Number of Releases listed) URL

    Tone Def Records
    (39) http://www.discogs.com/label/3850-Tone-Def-Records-2
    (30) http://www.rolldabeats.com/label/tone_def_records
    (2) http://musicbrainz.org/label/a1c3a517-3a88-44f0-ba30-329df43258b5

    Boogie Beat Records
    (48) http://www.discogs.com/label/6431-Boogie-Beat-Records
    (46) http://www.rolldabeats.com/label/boogie_beat_records
    (0) Not listed on MusicBrainz

    Production House
    (142) http://www.discogs.com/label/296-Production-House
    (115) http://www.rolldabeats.com/label/production_house
    (15) http://musicbrainz.org/label/660391fd-e69f-4593-9af3-6dd1e717d85f

    Dee Jay Recordings
    (64) http://www.discogs.com/label/6153-Dee-Jay-Recordings
    (53) http://www.rolldabeats.com/label/dee_jay_recordings
    (2) http://musicbrainz.org/label/53836a49-a7c5-4725-a842-0cd7d1435423

    Contagious Records
    (14) http://www.discogs.com/label/16226-Contagious-Records-2
    (12) http://www.rolldabeats.com/label/contagious_records_2
    (0) Not listed on MusicBrainz

    Lucky Spin Recordings
    (66) http://www.discogs.com/label/2783-Lucky-Spin-Recordings
    (41) http://www.rolldabeats.com/label/lucky_spin_recordings
    (4) http://musicbrainz.org/label/e35bc28a-8329-483c-bd85-32e747feebf5
  • little_alien over 2 years ago

    vreon
    little_alien: Or do I need to go the whole OAuth way just to include the thumb in my application?
    Yes, that's correct.

    Hmmz, understandable from discogs' perspective, but I'll just leave out the images then I think :/
  • micha2007 over 2 years ago

    hm...seems that getting /users/<username>/collection/folders also needs oauth? otherwise it will return something, but not the current data?
  • ijabz over 2 years ago

    tsw004 okay in your case Discogs is clearly better, all I would say is that the record label entity were added to MusicBrainz later on so I'm expect a few of the releases seemingly missing in Musicbrainz do exist but with the record label missing, so not listed for the record label. If anyone wantt to add them from Dicogs to Musicbrainz you can try using http://geordi.musicbrainz.org/ or https://userscripts.org/scripts/show/36376
  • stardust-aarhus over 2 years ago

    elstensoftware
    3) Using the auth code you can then retrieve an access token which can be used to sign requests


    I managed to perform steps 1 and 2 successfully, but step 3 contains some kind of magic which I am not familiar with ;-)
    a. How do I use the auth code when retreiving the access token?
    b. How do I sign a request when I want to display an image?

    A plain example would be of great value! My aim is to produce an image tag in html, using php. BTW, I am using the oauth-php library.

    Thanks in advance :-)
  • dandydev over 2 years ago

    Unless I'm missing something, this effectively kills third party Discogs clients in the same manner that Twitter did. It seems like a CDN would have been a better solution. Users with large collections can easily chew up the 1000 images a day limit. Even with liberal caching, this is not enough. I guess I'll be researching other APIs. Does anyone have other suggestions for supporting a mobile app within these limits?
  • milothedj over 2 years ago

    You don't have to actually download the images. Just copy/pasting them with your mouse will work just as well.

    tsw004
    Speaking from the pov of an mp3tag user this change is very disappointing. I use an mp3tag script to tag my mp3s from the discogs database but I'm now unable to use the discogs images for album art. Or rather I can still use the images but I now have to manually download them from the discogs website. So the end result is no change to discogs bandwidth requirement but a lot of extra work for me to tag my mp3s.


  • ijabz over 2 years ago

    milothedj
    You don't have to actually download the images. Just copy/pasting them with your mouse will work just as well.


    You have totally missed the point, he means he has to manually go the website to get the images rather than getting them automitically through the api. Whether you do Save As or Copy/Paste is immaterial.

  • elstensoftware over 2 years ago

    stardust-aarhus

    I managed to perform steps 1 and 2 successfully, but step 3 contains some kind of magic which I am not familiar with ;-)
    a. How do I use the auth code when retreiving the access token?
    b. How do I sign a request when I want to display an image?

    The access token is what you get when the user is presented their page in Discogs to log on. From there it depends on the API you use. In signpost (Java) it's:

    provider.retrieveAccessToken(consumer, authCode)

    And then for each request:

    consumer.sign(conn)

    Note the "consumer" and "provider", while OAuth concepts, are objects provided by the API.
  • milothedj over 2 years ago

    No, I understood the point. I have deal with the same thing now. The key word was "download". I was just pointing out that he didn't have to actually download the images to his computer, just copy/paste them off the site. It's an extra step to be sure. Maybe he used the wrong word and I misunderstood.

    ijabz
    milothedjYou don't have to actually download the images. Just copy/pasting them with your mouse will work just as well.

    You have totally missed the point, he means he has to manually go the website to get the images rather than getting them automitically through the api. Whether you do Save As or Copy/Paste is immaterial.


  • tsw004 over 2 years ago

    milothedj
    No, I understood the point. I have deal with the same thing now. The key word was "download". I was just pointing out that he didn't have to actually download the images to his computer, just copy/paste them off the site. It's an extra step to be sure. Maybe he used the wrong word and I misunderstood.

    ijabzmilothedjYou don't have to actually download the images. Just copy/pasting them with your mouse will work just as well.

    You have totally missed the point, he means he has to manually go the website to get the images rather than getting them automitically through the api. Whether you do Save As or Copy/Paste is immaterial.


    I'm fully aware that I can copy/paste the image and this is in fact what I do. Perhaps 'download' was the wrong choice of word although the image is downloaded by the browser, of course, before it's copy/pasted. One of the points I was trying to make was that in my case this change will not reduce the discogs bandwidth that I use, rather it's just an inconvenience. I suspect other users will do likewise and will simply grab the images from the website instead. In actual fact I'm probably hitting the discogs website for more bandwidth now as I have to navigate more pages and my web browser downloads all the images for every release whereas I think the mp3tag script only downloaded the first image.
  • einmarbo over 2 years ago

    Hallo

    i interface Discogs API via Windows desktop application. My application is written in Delphi.

    before API Terms of Use change, in my application i download the image directly from the URL image of the cover :(http://api.discogs.com/image/R-150-4205937-1358693502-5007.jpeg)

    Now I have taken my "application id" required ..

    But i dont know how to authenticate my request with http
    which are in detail the URL commands i have to launch before
    http://api.discogs.com/image/R-150-4205937-1358693502-5007.jpeg?

    could you please give me some details

    Many Thanks
    Marco
  • maitreya over 2 years ago

    maitreya edited over 2 years ago
    ----------
  • electro.moskito over 2 years ago

    There is a little trick to get the images without authentication, and limits!
    Just query http://www.discogs.com/viewimages?release=4871 and parse the html reply.
    You will find
    http://s.pixogs.com/image/R-4871-002.jpg
    http://s.pixogs.com/image/R-4871-1098445101.jpg]
    http://s.pixogs.com/image/R-4871-1098445156.jpg

    I know thats not the correct way, but it demonstrates that the limitation is pointless.
  • vreon over 2 years ago

    electro.moskito
    I know thats not the correct way

    In fact, it's a violation of our Terms of Service, and a great way to get your IP blocked. Please don't point web scrapers at anything under the www subdomain.
  • elstensoftware over 2 years ago

    s.pixogs.com isn't under the www subdomain... Looks like the R-123-123.jpg part is interchangeable with the same filename from api.discogs.com.
  • electro.moskito over 2 years ago

    vreon
    it's a violation of our Terms of Service, and a great way to get your IP blocked.


    Yes I know. And I will not use it. I just want to figure out, that this is a real security issue!

    And where is the difference between
    http://api.discogs.com/image/R-xxx-xxx.jpeg
    and
    http://s.pixogs.com/image/R-xxx-xxx.jpg ?

    With the exact same name of the image, you get it even without parsing the website!
    Random names could fix this.
  • b33dewd over 2 years ago

  • dansauk over 2 years ago

    and for those using C# check this out, it de-mystified it for me quite quickly

    http://deanhume.com/Home/BlogPost/a-simple-guide-to-using-oauth-with-c-/49
  • diskaosvova over 2 years ago

    HELLO,

    some body can use :
    http://www.php.net/manual/en/oauth.examples.fireeagle.php

    ????

    for me every time so error:

    OAuthException Object
    (
    [message:protected] => Invalid auth/bad request (got a 404, expected HTTP/1.1 20X or a redirect)
    [string:Exception:private] =>
    [code:protected] => 404
    [file:protected] => /home/benja/public_html/image.php
    [line:protected] => 42
    [trace:Exception:private] => Array
    (
    [0] => Array
    (
    [file] => /home/benja/public_html/image.php
    [line] => 42
    [function] => getAccessToken
    [class] => OAuth
    [type] => ->
    [args] => Array
    (
    [0] => http://api.discogs.com/oauth/access_token_info
    )

    )

    )

    [previous:Exception:private] =>
    [lastResponse] => {"message": "The requested resource was not found."}

    Here exist some body from discogs.com ??!!
    where some work example !?

    Thanks
  • ijabz over 2 years ago

    vreon
    electro.moskitoI know thats not the correct way
    In fact, it's a violation of our Terms of Service, and a great way to get your IP blocked. Please don't point web scrapers at anything under the www subdomain.


    So at least we know discogs are actually reading this thread even if not engaging in discussion. Whilst I can understand needing to stop hot-linking from websites don't you think you owe us an explanation for the draconian way you've implemented this to prevent taggers getting images.

  • bubbleguuum over 2 years ago

    s/api.discogs.com/s.pixogs.com

    And there's no need for a scrapper for that. Fail.

    If you want to add annoying restrictions at least do it properly...
  • diskaosvova over 2 years ago

    hello,

    downloaded official php discogs api https://github.com/ricbra/php-discogs-api
    nothing about how use oauth ????!!!

    thanks
  • radu122 over 2 years ago

    Please enlighten me. I have to have a browser in order to authenticate?

    Or is there a way to use OAuth exclusively in a third-party desktop app?
  • dansauk over 2 years ago

    You can use a WebView in a windows app to authenticate
  • umjames over 2 years ago

    dandydev
    Unless I'm missing something, this effectively kills third party Discogs clients in the same manner that Twitter did. It seems like a CDN would have been a better solution. Users with large collections can easily chew up the 1000 images a day limit. Even with liberal caching, this is not enough. I guess I'll be researching other APIs. Does anyone have other suggestions for supporting a mobile app within these limits?


    I'm in the same boat as you. I was in the final stages of releasing a mobile app that would allow you to look up artists, releases, and labels from Discogs when the images stopped appearing.

    It makes you wonder what the people at Discogs are thinking. Forcing people to have a Discogs account just to look at images, and thinking 1000 images per day is enough for all of an application's users is just a STUPID IDEA. I guess they only want people to use Discogs via their website, which most people I know have never heard of. If that's the case, why even offer an API at all? I guess they'll be making that move soon enough.

    I guess I'll have to re-tool my app to use the MusicBrainz API. They don't seem to have these restrictions. It's a shame, since I actually like Discogs catalog better, especially the dance music which is more up-to-date. But what can I do? Discogs is FORCING US OUT.
  • bedhed3000 over 2 years ago

    bubbleguuum
    And there's no need for a scrapper for that.


    Shhhhh...
  • MD_PRD over 2 years ago

    vreon
    electro.moskitoI know thats not the correct way
    In fact, it's a violation of our Terms of Service, and a great way to get your IP blocked. Please don't point web scrapers at anything under the www subdomain.


    Well, vreon ... Referring to the terms of service but not documenting the changes properly is utterly arrogant!

    I'm sorry, I aboslutely love Discogs but this is a bloody shame!

  • radu122 over 2 years ago

    dansauk
    You can use a WebView in a windows app to authenticate


    I think I didn't put the question right.

    Is there any way to use it in a third party desktop application, with no user interaction? My app is just a server. It just downloads what the clients are playing on their devices.
  • little_alien over 2 years ago

    radu122
    Is there any way to use it in a third party desktop application, with no user interaction? My app is just a server. It just downloads what the clients are playing on their devices.

    Old link, but pretty much covers it: https://getsatisfaction.com/oauth/topics/how_does_oauth_work_with_non_browser_based_consumer_applications

    Which is my trouble with OAuth too. Plus, if you look at the flow http://oauth.net/core/diagram.png it's just so complex! Can't we just have a secure SSL connection with a simple user auth key you can pass with each request? Isn't that safe enough? In stead of just an application ID, Discogs can still limit resources on a user basis. They could even combine application ID and user key for more flexibility.
  • Hieper over 2 years ago

    dandydev
    Unless I'm missing something, this effectively kills third party Discogs clients in the same manner that Twitter did. It seems like a CDN would have been a better solution. Users with large collections can easily chew up the 1000 images a day limit. Even with liberal caching, this is not enough.


    This.

    I have a mobile Discogs client application in the iOS App Store. Adding OAuth to an image loading request is only about 3 lines extra work for me, but if all my users must share the 1000/day limit, what's the point?

    It's also hard to imagine why this limit should include even 35k thumbnails. I could live with a reasonable download limit on large images. Surely Discogs can serve tiny thumbnails without straining its servers.

    My support request for clarification has gone unanswered for 9 days now, which is not typical for Discogs support. Perhaps something is brewing (or spoiling?) at the Discogs.com HQ?
  • pkanz over 2 years ago

    We did have our Premium API which allowed for increased image request rates, but we discontinued this on February 1st due to lack of demand and it required us to allocate resources to maintaining it. We felt it was better to apply those resources to improving the Database and improving submissions to the Database. Providing images to 3rd party developers is not part of our core purpose.
  • akbet over 2 years ago

    Hello,

    If discogs said "1000 images a day limit" - they must give that !!!!
    But now that not work not from http://api.discogs.com/image/R-xxx-xxx.jpeg
    not from
    http://s.pixogs.com/image/R-xxx-xxx.jpg ?

    If you said - exist limit in API- Please show code what can possibility with help PHP take these 1000 images !!!

    Official api.discogs not show any OAuth examples

    Thanks,

  • jinru over 2 years ago

    jinru edited over 2 years ago
    Hi Discogs staff,

    Correct me if I'm wrong. It's 1000 image requests per day per application not per user. So if I have 1000 users using my app, it's like one image request for each user per day?

    Thanks Discogs!

  • johnnysassoli over 2 years ago

    there is anybody that knows HOW TO GET THE APPLICATION ?
    are there samples code????
  • Hieper over 2 years ago

    pkanz
    Providing images to 3rd party developers is not part of our core purpose


    I think there is the misunderstanding: you're not providing the images to us developers, you're providing them to our, and most of all: your users. Users who may very well have uploaded the images that they now won't have a chance to download...

    Discogs lists as one of its core values: 'Our data will always be open and free to the public.' I want to argue that it would be more open if that access was not restricted to the html interface, but would remain fully available through the API.

    Another core value: 'Discogs is a collaborative effort that wouldn't be possible without a community of music obsessives focused on a common goal'. I consider myself part of that community, the Discogs developer community. It would be appreciated if Discogs were open about the reason this decision (severely throttling image serving) was taken.

    But perhaps 'core purpose' and 'core values' don't overlap in this case?
  • pkanz over 2 years ago

    hieper Community members who have contributed images (and anyone else) still do have the option of downloading images via web a browser or via our API. Users have always been limited to the 1000 images per day via our API, we've just added the requirement of using OAuth and application id. Adding the new requirements was the best way we could minimize the abuse and reduce the impact of persons taking advantage of the service (and not have to increase fees or start charging everyone) and still keep our data free and open. There's been no change to how users can access data, just images. From what I can tell, there are developers who have adapted their application and are back to normal.

    We did have the option for developers to utilize higher request rates via our Premium API, but only a handful of developers took advantage of it. We choose to discontinue this due to the cost and overhead of maintaining it.

    We made the announcement back on November 26th, 2013 that we were going to make the change. But not until February 1st, when we implemented the change, did it became an issue. Don't think there were any offers to collaborate, except for "how about we pay you". We tried that and it didn't work, so we turned down those offers. If someone would like to collaborate with us on creating an mobile application that will allow for adding new additions to the Database (takes pictures, create draft, and upload), then that's the type of collaboration we would like to talk about.

    It comes down to resource allocation - what is the best way we can allocate our limited resources (capitol and labor) that will have the best benefit to the Discogs Community. We've chosen addressing outstanding site issues rather then increasing our ability to serve images en masse (which would create more problems for us).
  • dandydev over 2 years ago

    pkanz
    Users have always been limited to the 1000 images per day via our API


    While the previous post is a reasonable explanation of the situation for the most part, the above statement is not accurate. Users are not being limited to 1000 images per day each. As I understand it, each app is being limited to 1000 images per day. This means all of a third party app's users must share that 1000 image daily limit, correct?
  • akbet over 2 years ago

    where that 1000 images per day via your API ?
    How we can process that with help PHP ?

    Thanks
  • pkanz over 2 years ago

    dandydev Each Discogs Community Member who would like to use the Discogs API for their app would need register their application via https://www.discogs.com/settings/applications. If you are a developer of an application, then you would need to have your users create a Discogs account (if they don't already) and go through the OAuth registration process. If your app shares the OAuth credentials, them yes, your app is limited to 1000 image requests per day. If your app has unique OAuth credentials, then each unique OAuth credential is limited to 1000 image requests per day.
  • radu122 over 2 years ago

    pkanz
    From what I can tell, there are developers who have adapted their application and are back to normal.


    What about developers who have applications that do not have user interaction, how do we adopt OAuth then?
  • dansauk over 2 years ago

    pkanz
    If your app has unique OAuth credentials,


    How do I know this ? how can I find out if my app has unique OAuth credentials ?

    it's just that the documentation is poor for the API, and OAuth documentation in general on the web is pretty sparse too....
  • AlwinHoogerdijk over 2 years ago

    pkanz
    From what I can tell, there are developers who have adapted their application and are back to normal.


    Well, we WERE back to normal (Music Collector). Implemented OAuth, combined with a caching system. Worked nicely.
    But then you blocked our IP again. What's up?
    I would love to get a response to my Support Requests.
  • dandydev over 2 years ago

    pkanz
    If you are a developer of an application, then you would need to have your users create a Discogs account (if they don't already) and go through the OAuth registration process. If your app shares the OAuth credentials, them yes, your app is limited to 1000 image requests per day. If your app has unique OAuth credentials, then each unique OAuth credential is limited to 1000 image requests per day.


    This is also incorrect. I am using each user's own OAuth credentials, but I am not seeing any images in my app. I don't even have 1000 releases in my own collection, so it's clearly limiting the entire app, not my individual OAuth account.
  • pkanz over 2 years ago

    dandydev - I'm not seeing your user-agent in the logs making image requests today. I see the oauth_signature GETs. I am seeing your IP making image requests (w/o your user-agent, you should change this), but they are returning 403's. You might need to open a SR and a developer will need to get back with you.
  • kdixon over 2 years ago

    kdixon edited over 2 years ago
    pkanz
    hieper If someone would like to collaborate with us on creating an mobile application that will allow for adding new additions to the Database (takes pictures, create draft, and upload), then that's the type of collaboration we would like to talk about.

    It comes down to resource allocation - what is the best way we can allocate our limited resources (capitol and labor) that will have the best benefit to the Discogs Community. We've chosen addressing outstanding site issues rather then increasing our ability to serve images en masse (which would create more problems for us).


    I have been trying to foster this type of collaboration since day one. If you are trying to motivate collaborators to help you do things like add images & create releases from a mobile app, do you think denying them access to those photos is a good move?

    I have reached out & been in contact throughout development. I've even come to Portland to visit the office!
    If you are truly interested in collaborating, please send me a message.

  • pkanz over 2 years ago

    kdixon We don't view it as denying access to the images, we've just added an additional check. The check will require developers to modify their app and require consumers of the images to be a Discogs Community Member. Using the free beer model - we're handing out "pints" not "kegs". Maybe in a few years we can hand out "kegs", but until then, it's "pints".
  • akbet over 2 years ago

    Hello
    sorry, where example how That fork for image fetch ?
    We have done application registration - but we can't fetch images - at all !!!!!

    where some work PHP example ?

    Thanks,
    OrdaSoft team
  • elstensoftware over 2 years ago

    pkanz
    We made the announcement back on November 26th, 2013 that we were going to make the change.

    To be fair: yes you made *AN* announcement, but it wasn't in anywhere near enough detail to prepare for the change. My issue with this is not the new limits, but the change to OAuth which has required quite a lot of development work to cater for.

    Here's the pertinent part of the email I received:

    Also, please note that we are changing the general API terms of use. Image requests will now require an application id and will be limited to one request per second and 1,000 per day, per application id. See the forum post for more details:
    http://www.discogs.com/forum/thread/52950c194c5e2e7adca760a0

    OAuth is not mentioned once in either the email nor the thread, until twenty days ago, after the change was made!

    And if "application id" is your way of referring to OAuth, might I suggest slightly more verbosity in future emails?
  • umjames over 2 years ago

    pkanz
    If you are a developer of an application, then you would need to have your users create a Discogs account (if they don't already) and go through the OAuth registration process.


    Have you given thought to the idea of allowing Discogs account creation/login via social network logins? So instead of application developers forcing users to create another account just to view images, they can sign-in via Facebook or Twitter (something they probably already have) and get the same access to images.
  • dansauk over 2 years ago

    umjames
    So instead of application developers forcing users to create another account


    Users of applications don't need to create another account. They sign in with their existing account through the OAuth system implemented in the application

  • ijabz over 2 years ago

    dansauk
    umjamesSo instead of application developers forcing users to create another account

    Users of applications don't need to create another account. They sign in with their existing account through the OAuth system implemented in the application


    I think umjames means that now users have to create a Discogs account, if they dont use Discogs actively they may not have an account hence another account

    One such example is music taggers such as Songkong, although I use Discogs and promote it in my website most of my customers are not that interested in Musicbrainz or Discogs they just want their music 'fixed'. So now I have a choice of requesting users create and login to Discogs account from SongKong which some will find annoying and others will not understand, or just ignoring artwork from Discogs. The MusicBrainz api is considerably better than Discogs but Discogs does have two advantages more releases, and better artwork coverage however this change severely impacts on the second advantage.
  • triplem74 over 2 years ago

    I have implemented the above discussed restrictions and included the rate limits for my own tagger (written in python). This was without any issues. For sure, the limit of 1000 pics is "questionable" if your application is used in or on several machines from several users, but other then that, it can be handled. Eg. repeat the "download" once a day and store a semaphore in the directory or in your db or whatever for all already downloaded releases.

    Sure this is a pita, but it works. I would like to ask the discoggers, if it would be possible to "certify" an application to comply to the necessary standards. This would then raise the quality of requests and this means, that the limit could somewhen get raised "again".

    --- snip ---
    pkanz wrote: If someone would like to collaborate with us on creating an mobile application that will allow for adding new additions to the Database (takes pictures, create draft, and upload), then that's the type of collaboration we would like to talk about.
    --- snap ---

    This is for mobile apps, but me is currently working on a tagging utility. There are possibilities to interact and to improve data quality (inside your DB) as well, but those are rather limited and/or heavy to implement (eg. let the tagger just use releases with "data correct" tags, which would mean, that the user has to go to discogs and try to correct the data or get a vote on this one). Probably there are more use-cases which can be tought up, probably you (the reader) have one already? Just tell me, and we could discuss this with discogs, if this brings any benefit for all of us.

    All those guys developing mobile apps: Do you earn money with this app? Probably you should have spent some of this money to support discogs? (no flamewar please, just a thought).

    Anyway, me is still seeing discogs as the number one database on the net, when it comes to popular music. I would like to bring this discussion to a more "what can we do to work together with discogs to make us all happy" kind of discussion and leave the "this sucks..." kind of thing.
  • ijabz over 2 years ago

    But how do we 'discuss this with discogs' it seems to me they dont engage with users or developers making things difficult.
  • bedhed3000 over 2 years ago

    bedhed3000 edited over 2 years ago
    Here's an idea, (and keep in mind that I am just theorizing about what is possible with OAuth here):
    Use a dummy "service account" as the account used to authenticate for all of your app's activity. Then use OAuth to "silently" authenticate in the background with that account so that you can use the image resources.

    It seems like this should be possible in any programming language, unless there is something about the Discogs API that would prevent it from happening. Would this be discouraged by Discogs? Anyways, just throwing an idea out there.

    **EDIT**
    It looks like Twitter allows this type of thing:
    https://dev.twitter.com/docs/auth/oauth/single-user-with-examples
    https://dev.twitter.com/docs/auth/application-only-auth

    Discogs would probably need to make some changes on their end to allow it, but I think it would be worth it for them to update the API for the benefit of developers.
  • umjames over 2 years ago

    ijabz
    I think umjames means that now users have to create a Discogs account, if they dont use Discogs actively they may not have an account hence another account


    That is exactly what I meant.
  • CrackVictim over 2 years ago

    ijabz
    I think umjames means that now users have to create a Discogs account, if they dont use Discogs actively they may not have an account hence another account.


    This is the big part of the problem - most people could happily live with the previous 1000 images per IP/user per day limit - but only without having users to signup to Discogs first, that caveat is just too much.

    I (and possibly other developers) see Discogs as a vital resource like Wikipedia for Records and it feels that we do not get any support when utilising the resource they want us to use and Discogs is more concerned with the Marketplace and becoming the worlds best record shop. This is understandable to an extent as this is what brings in the money to fund the other things but, as suggested further back, developers would be happy to pay a little each month/year for better access and to fund the necessary to support this valuable functionality.

    Discogs discontinued the premium API service due to 'lack of demand', but I am not surprised as when I enquired part of the quote I got was...

    Access is pre-pay, with a minimum $500 payable by check or wire transfer in $USD.

    ...there is clearly demand for better API access (as seen in this thread) but for our free service the $500 upfront minimum was WAY over budget - a lower-cost fixed monthly fee would be much more appealing and I am sure others would agree.

    Also, have Discogs considered a crowdfund campaign to raise funds for servers to handle the API it's users want?...Just an idea.

    I hope there is still time to re-think!
  • Sikke303 over 2 years ago


    little_alien
    I use the thumbnail image in a personal single user database application of mine and public access has been disabled I see. https://www.discogs.com/developers/resources/database/image.html does not say how to include the ID. Or do I need to go the whole OAuth way just to include the thumb in my application?


    you can write your own crawler, that's the only way to bypass ... but then you have usually lower quality images ! I crawl for images when api is down or i reach my image limit..
  • ijabz over 2 years ago

    ijabz edited over 2 years ago
    If I just used pixogs domain and made my application force a limit of 1000 images per 24 hours per installation would that be okay.
  • kevz_a over 2 years ago

    Hello everyone,
    I am a student currently making a program for a client. My client would like to include an online database which would be ran using API coding. However, i do not have much knowledge in this field. Could someone please help me out.
    Please reply to me here on via email: kevinabioye@gmail.com
    Thank you in advance,
    Kevin
  • dansauk over 2 years ago

    ijabz
    If I just used pixogs domain and made my application force a limit of 1000 images per 24 hours per installation would that be okay.


    No, that's a sure fire way to get your IP banned

  • umjames over 2 years ago

    Is the OAuth endpoint down? I my calls to get a request token are now returning as HTTP 400 errors (Bad Request). It was working yesterday and I didn't change anything.

    Also, yesterday when trying to sign-in to Discogs (as part of the user authorization part of OAuth 1.0a), if I logged in with a username/password (as opposed to Facebook), I was redirected to my profile screen instead of the screen that allows the user to authorize application access like it used to.

    I hope this potential outage is to fix this error.
  • Sikke303 over 2 years ago

    umjames
    Is the OAuth endpoint down? I my calls to get a request token are now returning as HTTP 400 errors (Bad Request). It was working yesterday and I didn't change anything.

    Also, yesterday when trying to sign-in to Discogs (as part of the user authorization part of OAuth 1.0a), if I logged in with a username/password (as opposed to Facebook), I was redirected to my profile screen instead of the screen that allows the user to authorize application access like it used to.

    I hope this potential outage is to fix this error.


    I had the same problem.... see http://www.discogs.com/forum/thread/5313934ba86b6d5b9e8a7ab5 :)
  • bertiemango over 2 years ago

    This is all very in depth and beyond me.. But if I may I want to add my opinion as an end user. I have a discogs account i use and love discogs a lot. I also have been using the 'crate digger' app for iphone. It was great a real, simple interface to see my collection. With the added bonus of it syncing with discogs so I could add and remove albums etc easily the artwork was all important.
    Life was good..
    But...
    Discogs saw fit to change it, for whatever reasons, now it is useless to me.
    I will still use discogs.
    But I am missing an amazingly simple app that work as a real app should it help me in activities i enjoy..
    Real shame....
  • savagepink-us over 2 years ago

    I agree with [user=bertiemango]. I liked using Milkcrate and Discollector. If Discogs doesn't have plans to develop their own mobile apps, it seems silly to cut off apps that are doubtless exposing more people to the site. I understand the direction of resources and I don't think app developers should have a problem with users needing a Discogs account to access the data - it's not a problem for most people to spend 2 minutes to sign up.

    Maybe Discogs should pick the best collector app out there and approach the developers for collaboration?

    Times like these I wish I knew how to do mobile software development! ;)
  • sm2uyn over 2 years ago

    I too agree with bertiemango. Have been using Crate Digger on my iPhone to browse my collection when at record stores. Not the same without images.
  • Petesmusic_UK over 2 years ago

    Hi,
    Have been using app to get information using release ID in to csv file, it was working fine and now it throws error out can not reach server 404? any idea Why?

  • Hitman.pt about 1 year ago

    Just a question I'm sending my User-Agent and OAuth to get the image all I get it's an image saying "I (heart) Discogs" what the hell? Lost time implementing OAuth for nothing
  • rodneyfool about 1 year ago

    Hitman.pt
    Just a question I'm sending my User-Agent and OAuth to get the image all I get it's an image saying "I (heart) Discogs" what the hell? Lost time implementing OAuth for nothing


    Hi Hitman.pt, that image is usually returned to image-harvesting applications and those exhibiting abusive behavior.

Log In You must be logged in to post.