Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MAL API is down #588

Closed
Akamaru opened this issue May 24, 2018 · 117 comments
Closed

MAL API is down #588

Akamaru opened this issue May 24, 2018 · 117 comments

Comments

@Akamaru
Copy link

@Akamaru Akamaru commented May 24, 2018

It seems that MyAnimeList has had a vulnerability in the API and has now disabled it.
Taiga does not work anymore and shows an error.

MyAnimeList returned an error: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Foud</h1> <p>The requested URL /api/account/verify_credentials.xml was not found on this server.</p> <p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocu...

image

I know it's not an taiga issue and erengy can't fix this. We have to wait for MAL.

@Hyoretsu
Copy link

@Hyoretsu Hyoretsu commented May 24, 2018

Looks like it wasn't just me

@taigalover
Copy link

@taigalover taigalover commented May 24, 2018

Phew, wasn't just me either

@erengy erengy changed the title MAL API Issue MAL API is down May 24, 2018
@moyitpro
Copy link

@moyitpro moyitpro commented May 24, 2018

This is like a train wreck. The new official MAL API stop working and now this. This is very frustrating.

@erengy
Copy link
Owner

@erengy erengy commented May 24, 2018

It's a serious issue. They completely disabled the API without prior notice to third-party developers, and even went as far as removing the API documentation page. This affects all applications that make use of the official API. It's undoubtedly a new low in their track record.

There's no telling when the issue is going to be resolved, but contacting DeNA's customer support seems to be the best way to file your complaints at the moment. From what I can tell, this whole thing is related to DeNA (MAL's parent company) rather than the MAL staff.

Note that you can continue using Taiga while the MAL API is down, to some extent. But you won't be able to sync your list, retrieve new anime information, etc. Taiga will send any queued updates to MAL when the API becomes available.


Relevant forum topics:
https://myanimelist.net/forum/?topicid=1731317
https://myanimelist.net/forum/?topicid=1731329

@moyitpro
Copy link

@moyitpro moyitpro commented May 24, 2018

Ugh, not this again. I guess I should focus more on adding AniList support to Hachidori.

@onlybrad
Copy link

@onlybrad onlybrad commented May 24, 2018

I don't even remember what email I used to create my MAL account. So not only I can't recuperate my account, I can't even resync my anime list with a new account because the API is down...

@erengy
Copy link
Owner

@erengy erengy commented May 24, 2018

We've been told that the API outage is for an indefinite period of time. MAL staff are unable to comment further on the issue; they encourage us to speak with DeNA's customer support instead. Apparently there's been some disagreement between them and DeNA on the matter.

We currently don't know what this is all about, but it wasn't due to a security breach. If I had to speculate, it might be related to GDPR (aka "we've updated our privacy policy" regulation) coming into effect tomorrow. Perhaps they couldn't work out the issues in time and ended up shutting down the API entirely. In any case though, DeNA handled the situation quite poorly so far. We're hoping to get a proper response tomorrow.

In the best-case scenario, the API will come back online soon and Taiga will continue working as usual. In the worst-case (?) scenario, many third-party application developers, including myself, will stop using MAL altogether and suggest other people to do the same.

@guft
Copy link

@guft guft commented May 25, 2018

Yes I believe it is GDPR related. Over the last week many online services have updated their privacy policies and forced users to reset passwords and reconfirm permissions. Considering that MAL's entire purpose is tracking stats and information about its users, it makes sense they would have to jump through a large number of hoops to be GDPR compliant. Taking the API down is a drastic step, but considering GDPR's fines for noncompliance are 20 million euros or 4% of global revenue (whichever is greater) it makes sense they would do this if they are afraid they are not in compliance. However, keeping the site on lockdown is not good for their business either, so if they can't satisfy regulator demands they will likely resort to blocking EU users and restoring the API everywhere else, which is what many other online services have resorted to doing in the last week.

@Ruhrpottpatriot
Copy link

@Ruhrpottpatriot Ruhrpottpatriot commented May 25, 2018

GDPR is a bullshit excuse! That regulation is in effect since TWO years, today the transition period ended that was put into place by the EU to allow relevant services to migrate their stuff. That means, they had two years time to make everything GDPR compliant, yet sat on their asses and did nothing.

Is Kitsu still working? If so MAL has seen the last of me.

While we're at it. How do I clear the sync queue?

@moyitpro
Copy link

@moyitpro moyitpro commented May 25, 2018

@Ruhrpottpatriot

MAL importing on Kitsu still work and Taiga and other third party clients that work with Kitsu should still work.

@Azraelle
Copy link

@Azraelle Azraelle commented May 25, 2018

REEEEE

@Kovaelin
Copy link

@Kovaelin Kovaelin commented May 25, 2018

MAL's going to lose a lot of users if they don't fix their API.

@Ruhrpottpatriot
Copy link

@Ruhrpottpatriot Ruhrpottpatriot commented May 25, 2018

@moyitpro Yeah, I figured that out. But not I have to manually update my list, since Taiga first pulls the list, then pushes it back. That resulted in a loss of data for me.

@erengy Could you implement a way to force push the list to the selected online service. Sometimes the user knows that the online service is outdated and just wants to overwrite it with new data.

@Zenithtb
Copy link

@Zenithtb Zenithtb commented May 25, 2018

@Ruhrpottpatriot - interesting idea - using Taiga as a pull-me-push-you of data to be able to change service... I like your thinking!

@taigalover
Copy link

@taigalover taigalover commented May 26, 2018

Taiga will send any queued updates to MAL when the API becomes available.

So do we now use our old password or new password to login to Taiga? So when (if) the API becomes available, taiga can send the queued updates?

@Azraelle
Copy link

@Azraelle Azraelle commented May 26, 2018

Anilist is adding back xml import. I'm jumping the ship.

@Ruhrpottpatriot
Copy link

@Ruhrpottpatriot Ruhrpottpatriot commented May 26, 2018

@Azraelle I heard that MAL has an xml export function multiple times now. Where can I find it?

@Azraelle
Copy link

@Azraelle Azraelle commented May 26, 2018

@asakurato
Copy link

@asakurato asakurato commented May 26, 2018

screenshot_gmail_20180526-220221
Just received this from DeNa (MAL support), so maybe there is hope

@Akamaru
Copy link
Author

@Akamaru Akamaru commented May 26, 2018

@Ruhrpottpatriot
Copy link

@Ruhrpottpatriot Ruhrpottpatriot commented May 26, 2018

Which, is a complete bullshit excuse as an admin (Xinil) has stated in the forum, that there was no security breach.

@tophf
Copy link

@tophf tophf commented May 27, 2018

A weird workaround could be writing a Chrome/Firefox extension that communicates with Taiga via nativeMessaging and keeps MAL site in a hidden iframe with a content script inside that can supposedly do everything the API provided via page DOM. It can even run in a shell tray when all browser windows are closed unless the user explicitly exited the browser via Ctrl-Shift-Q or Exit command. Such extension seems relatively easy to implement.

@spillerrec
Copy link

@spillerrec spillerrec commented May 27, 2018

Thanks for this issue even though it is not due to Taiga, as I came here to see what was going on.

To me it sounds like it might be a third party website that stole peoples login information, though the timing is suspiciously close to the GDPR deadline. (Correction for above, it is up to 20 million euros or 4% of revenue, whichever is greater.)
I do think it is a very bad idea that the API uses the username/password for credentials, now that they apparently have a store and can save peoples credit card information. Very bad idea... Some sort of API key system (such as SSH keys or whatever) where you can have multiple keys and set permissions for each would be much better.

I would give it a bit more time before putting in too much work on a workaround. I would prefer if everything was done in Taiga though, so there is no dependency on browsers and IPC. Just too much that can go wrong and I fear it wouldn't work in Wine either. I doubt their internal API is so weird that you can't simulate the requests without using a full-featured web browser.

For convenience, here is the MAL link to export your anime/manga list:
https://myanimelist.net/panel.php?go=export

@marwanpro
Copy link

@marwanpro marwanpro commented May 27, 2018

Fine I will develop a C# API tomorrow.

@moyitpro
Copy link

@moyitpro moyitpro commented May 27, 2018

@spillerrec
I have worked with the new MAL API before they closed down the new official MAL API. It was using OAuth2 with PCE challenge, which is more secure than using Basic Auth. If the username and password thing was an issue, they should of retrofit OAuth2 to the old API and require developers to register their apps to obtain a OAuth2 client and secret to the old API until the new API is ready.

@KrisKamweru
Copy link

@KrisKamweru KrisKamweru commented May 28, 2018

I think I'll just be switching over to Kitsu. Would there be any reason why I should not, i.e. is Kitsu inferior in any way to MAL?

@darkred3
Copy link

@darkred3 darkred3 commented Oct 21, 2019

Read some of the previous comments. There's already a different app that's gone public and erengy is working on releasing a test version soon.

@tophf
Copy link

@tophf tophf commented Oct 21, 2019

I see, apparently I've mistaken what "public" means in their terminology. They mean it'll be open to those who writes their own apps. Gee, I wonder if more than 3.5 users even need that.

@erengy
Copy link
Owner

@erengy erengy commented Oct 28, 2019

Taiga's integration with the new MAL API is done, except for a few issues (e.g. handling of expired tokens and different season intervals). Seeing how things are going, I decided to merge it with v1.4 rather than releasing v1.3.2.

Development on MAL's side is rather slow. I've reported about a dozen issues in the past two months, but AFAIK none have been fixed so far. There isn't even an app management page at their website, so users cannot see or revoke apps accessing their accounts. While the new API is better than the previous one, it's not quite ready for public consumption yet.

I'm currently trying to get them to invite more people to the "open" beta, hoping that it'll speed things up. In the meantime, I'll continue working on some other features of v1.4.

@darklinkpower
Copy link

@darklinkpower darklinkpower commented Oct 29, 2019

at least there's light at the end of the tunnel. I'm not a programmer but I wonder why it took so long to develop the API? Was it something very difficult or did it have to do with something unrelated, like mismanagement of the site?

@erengy
Copy link
Owner

@erengy erengy commented Nov 7, 2019

We've been waiting for a better MAL API for almost ten years. Can't explain that with technical difficulty, especially since I've personally seen people deploy similar APIs within a few weeks.

I believe it was a mixture of the following:

  • Changing owners: CraveOnline (2008-2015), DeNA (2015-2019), Media Do (2019-)
  • API not being a priority
  • Having concerns over API usage
  • Being understaffed
  • Codebase getting stale and too complex over the years
@tokiioKH
Copy link

@tokiioKH tokiioKH commented Nov 7, 2019

So, basically MAL just messin up then? Any ETA when you are going to push the Taiga v1.4 update?

@movibeast
Copy link

@movibeast movibeast commented Dec 11, 2019

Any ETA when you are going to release Taiga v1.4 update? I am waiting for the update from last 2 months

@serjflint
Copy link

@serjflint serjflint commented Dec 11, 2019

@movibeast It was only 2 months for you. Last release 1.3.1 was in 2018. AFAIK there is a huge rework going for the next release. It is not even at alpha stage now.

@movibeast
Copy link

@movibeast movibeast commented Dec 14, 2019

Yay, that's true. For real?? Wow I am gonna wait for some more time and really excited for new version!

@tokiioKH
Copy link

@tokiioKH tokiioKH commented Feb 15, 2020

Any ETA yet for v1.4?

@xRUSSELL
Copy link

@xRUSSELL xRUSSELL commented Mar 9, 2020

How many times have I checked this Github page since last year! Every time I had my hopes up & after scrolling down my hopes also gets down. Looks like I need to settle down in Anilist because taiga sucks with Kitsu & it doesn't support Simkl. no more waiting for the API but the Taiga v1.4 update. Can't wait XD

@crse
Copy link

@crse crse commented Mar 9, 2020

Sorry for a little bit OOT.
@xRUSSELL Can you explain which part Taiga - Kitsu integration "sucks"?
I'm using it everyday and it works as intended.

@ifonefox
Copy link

@ifonefox ifonefox commented Mar 10, 2020

@xRUSSELL Instead of waiting for 1.4 to release, you can compile Taiga yourself. The latest development version supports MAL.
https://github.com/erengy/taiga/wiki/How-to-Compile

@serjflint
Copy link

@serjflint serjflint commented Mar 10, 2020

@ifonefox on 11/07/2019 erengy said about the development branch.

It's very much unstable right now. I don't think it's ready even for an alpha release.

Master branch was updated 10 months ago.

@xRUSSELL
Copy link

@xRUSSELL xRUSSELL commented Mar 11, 2020

@xRUSSELL Can you explain which part Taiga - Kitsu integration "sucks"?

@ifonefox Sorry I didn't mean that much negative of the way with the word "Suck" but I said it because
I lose my list in Taiga when I'm offline & I don't lose it with Anylist.

@xRUSSELL Instead of waiting for 1.4 to release, you can compile Taiga yourself. The latest development version supports MAL.

Thanks, I will compile Taiga as it seems less hard then waiting XD

@crse
Copy link

@crse crse commented Mar 12, 2020

@xRUSSELL My friend also experience that bug when using Anilist. It's not Kitsu-specific bug.

@scese250
Copy link

@scese250 scese250 commented Apr 4, 2020

Thanks, I will compile Taiga as it seems less hard then waiting XD

did you compiled it? If so, can you share the installer? @xRUSSELL

@BigPimPimm
Copy link

@BigPimPimm BigPimPimm commented Apr 4, 2020

@xRUSSELL Instead of waiting for 1.4 to release, you can compile Taiga yourself. The latest development version supports MAL.
https://github.com/erengy/taiga/wiki/How-to-Compile

I tried this. Every time I try to build the installer I get the same error. 😓
"Error in script "C:\Users\ME\taiga\setup\Taiga.nsi" on line 128"

Anyone with more success or anyone willing to share the installer?

@spillerrec
Copy link

@spillerrec spillerrec commented Apr 4, 2020

Worked fine for me, not sure how I feel sharing the installer when the dev isn't sharing a preview build themselves. (And in general encouraging people to run builds made by untrusted people.)
Line 128:

  File "..\bin\Release\Taiga.exe"

I think this might be because it has not been build correctly and can't find the file, try to see if you have the Release/bin/Taiga.exe file. Note that if you build from Visual Studio, it defaults to the Debug build, so you have to switch it manually to Release.

@BigPimPimm
Copy link

@BigPimPimm BigPimPimm commented Apr 4, 2020

Note that if you build from Visual Studio, it defaults to the Debug build, so you have to switch it manually to Release.

Yup, that's exactly what it was. Can't believe I missed that multiple times.
Thanks @spillerrec !

@erengy
Copy link
Owner

@erengy erengy commented Apr 5, 2020

Besides what @spillerrec mentioned, third-party developers are required to let MAL know before releasing an application using the new API. So, I'd appreciate it if you don't publicly share any builds of Taiga for the time being.

I've been kind of waiting for MAL to fix the remaining issues with the API, but there hasn't been much progress in the past few months... I think I'll just give up and release v1.4.0-beta as is.

@scese250
Copy link

@scese250 scese250 commented Apr 5, 2020

It's frustrating waiting more time because I don't like Anilist, guess I'll ask to someone else to compile for me the beta build.

@tokiioKH
Copy link

@tokiioKH tokiioKH commented Apr 5, 2020

Releasing v1.4.0-beta would be really nice.

@movibeast
Copy link

@movibeast movibeast commented Apr 7, 2020

Yes please release v1.4.0 beta

@darkred3
Copy link

@darkred3 darkred3 commented Apr 7, 2020

So I compiled the 1.4.0-alpha but Taiga is showing less than half of all my entries. Is that a known bug?

Edit: I just compiled the newest ver and now everything seems to be working smoothly

@Mantas-B Mantas-B mentioned this issue May 24, 2020
@erengy erengy unpinned this issue Jun 13, 2020
@erengy
Copy link
Owner

@erengy erengy commented Jun 13, 2020

v1.4.0-beta is now available for testing. See the changelog for more information.

This is the first public release using the new MyAnimeList API. They haven't fixed the issues I previously mentioned here, unfortunately. But overall it should be in a usable state. Special thanks to @paulo27ms for testing the alpha version.

Note that if you're having trouble viewing MAL's website due to the current 403 Forbidden issue, you will most likely not be able to use Taiga either.

@erengy erengy closed this Jun 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
You can’t perform that action at this time.