Bitcasa cloud storage introduced API for developers

I have two news. Traditionally - good and bad.

Good news

Yesterday the notice came that Bitcasa finally launched the API , while in beta. Also presented are SDKs in PHP and JAVA , which are published on GitHub. In the future, promise SDK for Python, iOS, Android, Ruby and others.

Immediately after registration, 5 GB of space is provided, and it is possible to get up to 20 free GB from refs (by gigabyte per installation) and other “quests”. For $ 99 / year, 1 TB is offered, and $ 999 / year is an unlimited place.

The API allows you to do the following:
')
Catalogs

• View list
• Creature
• Deletion
• Rename
• Move
• Copying

Files

• Loading
• Download
• Deletion
• Rename
• Move
• Copying

And now the bad news

It was useful to test, and it turned out that while everything is too damp, and there are frank files. So about the observed shortcomings.

Not seen how using the API to get the username and available / used quota. It is also not known if there are any restrictions on file sizes. Downloading (download) supports the Range header, respectively, allows you to download any piece of the file. But with Upload, traditionally for many cloud storages, it is not so rosy, and uploading (uploading) in parts or continuing downloads after a disconnection is impossible.

For authorization of applications is used, something similar to OAuth 2, but incompatible with OAuth 2. I ask why I do almost the same thing, just to name the parameters a little differently? Instead of code, use authorization_code , instead of client_secret - secret , instead of redirect_uri - redirect , etc. There is also no state parameter that allows you to transfer various data from the application to redirect. IMHO, for this you need to hammer a nail into the head of developers ... Well, there is a standard, why make your bike break off the parts from the finished one, especially not offering any advantages? Well, not mastered to implement OAuth 2 completely, even if at least what is there will be compatible. And now it turns out that on all repositories that use OAuth 2 authorization, you can use the same module, but for Bitcasa you need a separate ...

When you try to login, it constantly requires you to enter your login and password, even though you are already logged in. Also, no messages that some application wants to access your files and buttons to allow or not. Despite the presence of Redirect Uri in the application settings, Bitcasa ignores it (perhaps because it’s still in the Sandbox application) and forwards it to any address specified in the request.

In this case, only authorization using the authorization code is used. It is also somewhat unusual that the token is transmitted in the query string, which is somehow more familiar to use the Authorization header.

Despite the fact that Bitcasa is positioned as a secure storage with encryption on the client side, there is no mention of the need to encrypt files before downloading them using the API, there is also no encryption in the PHP SDK. Is that the paths of files in base64 are encoded.

In general, the feeling is that the most difficult thing for developers of the next cloud storage API is to make it as different as possible and incompatible with other storage APIs.

Let's hope that the described clumsiness will correct in the future ...