About the Author

author photo

Adam Trachtenberg is the Director of the LinkedIn Developer Network, where he oversees developer relations and marketing for the LinkedIn Platform. Before LinkedIn, Adam worked at eBay in platform product management and marketing. Even earlier, he co-founded Student.Com and TVGrid.com. Adam is the author of PHP Cookbook and Upgrading to PHP 5. He lives in San Francisco.

See All Posts by This Author

Building an eBay Firefox Toolbar

My latest obsession at work is an eBay Firefox toolbar. I’d like to start an open source project that incorporates eBay Web services with Firefox, so it’s easy to track items you’re bidding on, watching, and selling.

I’ve done a Vulcan mind meld with the Firefox Toolbar Tutorial, and I’m becoming one with XUL Planet.

Does anyone else know of additional Firefox extension resources? In particular, I see there’s a SOAP interface, but I don’t know if this is for real use or not. :)

Last, I have this odd problem of needing to encrypt a certain portion of my code to protect eBay Web Services API security keys. I don’t mind people seeing the toolbar code, just the specific keys I may embed. If only there was a compiler. XPCOM seems like one solution, but it’s a road I don’t really want to travel down.

Popularity: 2% [?]

There Are 4 Responses So Far. »

  1. Adam,

    Encrypting keys like that is pretty much an exercise in futility anyway. The only secure way to encrypt the data is to hash it in such a way that you can’t decrypt the keys, but that’s not really too useful for you since you’ll need to extract those keys again anyway for the toolbar to use them.

    What I’d *really* love to see is a no-key-required read-only public web services API from you guys – something that lets me get the status of my bid, and find out if I’ve been outbid, etc, but nothing that would have to change any data on the server. I’d really love to have an eBay Bid Status applet in my panel (on Linux) where I could drop in an auction ID and let the applet auto-update once every minute or so. This would save eBay lots of bandwidth – the XML for this would be a lot more lightweight than me refreshing the web page for the auction once a minute, and I know that you’d have a lot of people writing Open Source plugins, extensions, etc, using it if there were no keys required to interact with it.

  2. Yea, I know the only way to secure a piece of data is to put it on a box and then pull the Ethernet cable. But, hey, then the application wouldn’t be too useful, would it? Security is always a tradeoff between convenience and protection.

    I don’t ask for 100% protection, just that it’s big pain to decrypt them. Besides, it’s not as if I can’t deactivate the keys if I check the logs and see that they’ve been hacked out.

    Anyway, onto your second point. We’re still working on the trade off between complete open access and some form of micropayment access via keys. I totally agree that a read-only public web services API would definitely get us more open source buyer tools — they only question is what’s their value and what’s their cost?

    There’s certainly value, and I can probably sit down and calculate that.

    The cost is harder to estimate ahead of time. If we have a whole bunch of scripts polling our servers every minute, then that actually begins to add up to a real cost in terms of boxes, bandwidth, monitoring, etc. Sure it’s less then if you’re hitting the web site, but people don’t really query the web site every minute from their browser unless they *really* mean it. However, that’s trivial to do from a script even if you’re out to lunch.

    We don’t want to end up needing to add hundreds of boxes to serve up hits that’s nobody’s paying attention to.

    One idea I’ve had is that every eBay user gets a certain number of free personal calls. You can divvy them up among any set of applications that you want. That way, we don’t need to worry about securing developer or application keys because the calls are bound to the person. And, there’s still an incentive to write efficient applications, since you don’t want to use up your personal calls.

    I can’t say we’ll end up doing this — it’s just something I’m kicking around.

  3. Are you aware of any new tools for firefox 2.0 and ebay?

    I wanted to download a blog tool for ebay and firefox, but it was only made for firefox 1.5.

  4. There’s a tutorial at http://linuxbox.co.uk/firefox_extension_tutorial.php, but it’s really just a beginners guide. Obviously there’s the moz dev site too, which has a lot of useful info (just a question of finding it)

Post a Response