Hi There, Steam have the ability to "authenticate with steam" to allow 3rd party sites to get basic information and know that the user has genuine access to that steam account. Is there a similar system with R3E? We currently use the following to get a users owned content: https://game.raceroom.com/users/[USERNAME]/purchases?json But that requires manual input of the drivers username which is open to abuse. We had hoped that maybe the users steamid would be part of the data returned and so we could then tie RaceRoom to steam and steam requires authentication, thus making it a little more secure / less open to me just putting in anyones username. Thanks.
Why is it an abuse if this info is open to everyone at this moment? Go to a player's profile and click "Purchased content" and there it is.
Sorry I explained myself poorly. We use the RaceRoom username to tie accounts on our system to a drivers results. If a driver deletes there account from our system then we also delete the result data linked to that account. If I can freely enter anyones raceroom username and say it is "my" raceroom account, then when I delete the account on our system we will delete someone elses results. Under GDPR we need to delete data that contains personal information that can be used to identify a user so we need to find a way of ensuring that the RaceRoom account a user links to on our system is really theres.
I don't get it. If one person registers in your system and puts in his RR profile name, how can another person put in the same profile? But I do understand the need to verify that a user puts in a profile that is really his. I can think of a couple of ways, but they both require manual proving from your team. Like asking the user to temporarily change the header in their profile with a unique/random picture they get from your team, and after verification they can revert it back.
well... having a private server one can ask users to join it as proof of association... is called driver licence elsewhere
That doesn't provide their RaceRoom username. We need the RaceRoom username. We already do authentication with steam to get steamid Yes we've come up with a similar idea but not very user friendly. Every step the user is required to do is one more reason for them not to. People are quick to give up unfortunately!