Is there Documentation for api.scouting.org

DanKlco · November 13, 2022, 2:58am

Is there documentation for api.scouting.org? I started a postman collection based on what I saw in the browser requests:
Collection Web View | Postman

And started on a TypeScript client:

But obviously it’d be better to work off API documentation vs reverse engineering.

Matt.Johnson · November 13, 2022, 4:32am

No. No plans to release it either. The BSA, through intermediaries, has been very very clear.

Stephen_Hornak · November 13, 2022, 11:25am

@DanKlco - best advice is to stop what you are doing and get rid of what you have thus far.

DanKlco · November 14, 2022, 2:19am

I took it down. That’s really disappointing to hear. It’s hard to understand why the BSA / people seem so hostile to those trying to make things better.

DonovanMcNeil · November 14, 2022, 2:21am

@DanKlco BSA is correctly concerned about PII is the base answer and contacting youth.

CharleyHamilton · November 14, 2022, 2:22am

Keep in mind that many of these decisions likely trace back to risk management somewhere along the line. Folks in risk management tend to be conservative where the choice between “do something different” and “do not do something different” is offered.

DanKlco · November 18, 2022, 2:38am

I understand the concern, but I hope that whomever is working on these tools understands that security by obscurity isn’t a reliable means of security, especially when they’re already sending the information down to the browsers.

More or less, what the BSA is doing right now is putting a sign out in the yard saying “please don’t steal the safe under the bed in the front bedroom”

Matt.Johnson · November 18, 2022, 4:15am

They have only addressed the fact they won’t open the api. They haven’t talked one way or the other about their current security approach.

DougBateman · December 4, 2023, 12:40am

Hi Dan, is your postman collection still available? I’d like to use it too.