911 posts Never trust a ballerina with a moustache
  • Has been part of the Envato Community for over 3 years
  • Located in Australia
  • Interviewed on an Envato blog
  • Has collected 10+ items on Envato Market
+6 more
Carmen
says

Hi everyone, Just letting you know we’re going to be deploying a change that means authors using FTP will only be able to login (to FTP) using their API key (currently it’s password OR API key).

When the change goes out, we’ve changed the FTP program to say; “login incorrect. Passwords are no longer accepted to authenticate via FTP, please use your API key instead. You can read more about the API here.

FAQs
Do I have generate my API key first? Yes you’ll have to generate one, you can find how how here.

What happens if I revoke that one and then re-generate another? If you revoke an API key then you will have to update the FTP program with an active API key

What if they have multiple API Keys? You can use any of your active API keys.

41 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Located in Indonesia
+2 more
Jakartanese
says

I just curious and don’t know technical consideration behind this. :) Is it more more confidential password than API? Because we only use password to access Envato’s site, and sometimes we easily give our API key to any 3rd party, such as application even that is not Envato’s official.

703 posts
  • Has been part of the Envato Community for over 3 years
  • Has sold $40,000+ on Envato Market
  • Has referred 1+ members
  • Sells items exclusively on Envato Market
+1 more
billyf
says

I just curious and don’t know technical consideration behind this. :) Is it more more confidential password than API? Because we only use password to access Envato’s site, and sometimes we easily give our API key to any 3rd party, such as application even that is not Envato’s official.
In that case, you should generate a new API key which is meant specifically for your FTP only ;)
2701 posts Bird is the word..
  • Became a Top 20 Author of the Month
  • Had an item that was trending
  • Located in United States
  • Elite Author: Sold more than $75,000 on Envato Market
+10 more
jonathan01
says

At this time of the year may i suggest that a message is placed on authors dashboards or send out an email as many will not see this message and you will then receive a flood of posts no doubt in the new year asking why their FTP uploads are not working.

Just a suggestion.

Jonathan

5458 posts The Dude Abides
  • Became a Top 20 Author of the Month
  • Located in United States
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $125,000+ on Envato Market
+11 more
CodingJack
says

I just curious and don’t know technical consideration behind this. :) Is it more more confidential password than API? Because we only use password to access Envato’s site, and sometimes we easily give our API key to any 3rd party, such as application even that is not Envato’s official.

Even with this change I think it’s still ok. Because even if someone used your API key + ftp, all they can really do is upload something to your account storage. They’d still have to have your password to apply that to an official upload/update.

41 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Located in Indonesia
+2 more
Jakartanese
says

+1 for Jonathan’s suggestion.

41 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Located in Indonesia
+2 more
Jakartanese
says

In that case, you should generate a new API key which is meant specifically for your FTP only ;)

Even with this change I think it’s still ok. Because even if someone used your API key + ftp, all they can really do is upload something to your account storage. They’d still have to have your password to apply that to an official upload/update.

Yes, never think about that, haha. Thank you billyf & CodingJack.

45 posts BD Themes
  • Elite Author: Sold more than $75,000 on Envato Market
  • Won a Most Wanted contest
  • Has sold $125,000+ on Envato Market
  • Has referred 500+ members
+6 more
bdthemes
says

Thanks for this information :)

1162 posts
  • Made it to the Authors' Hall of Fame
  • Had an item featured in a magazine
  • Won a Most Wanted contest
  • Helped several times protecting Envato Market against copyright violations
+9 more
RafaelOliveira
says

Thx for the info :)

2485 posts
  • Has been part of the Envato Community for over 5 years
  • Has referred 10+ members
  • Has sold $40,000+ on Envato Market
  • Interviewed on an Envato blog
+8 more
urbazon
says


I just curious and don’t know technical consideration behind this. :) Is it more more confidential password than API? Because we only use password to access Envato’s site, and sometimes we easily give our API key to any 3rd party, such as application even that is not Envato’s official.
In that case, you should generate a new API key which is meant specifically for your FTP only ;)

It actually doesn’t matter, because they said any API key can be used to log in into ftp accout ;)

But, on the other hand, CodingJack is right, the only bad thing that can happen is that somebody logs into your ftp account and uploads something to it. They can’t download anything, nor can they do anything with the uploaded files afterwards. But still, I wouldn’t like somebody messing with my ftp account. :)

by
by
by
by
by
by