ThemeForest

Change for Authors Using FTP

Carmen
585 posts Senior Community Officer
  • Attended a Community Meetup
  • Australia
  • Bought between 10 and 49 items
  • Community Ambassador
  • Contributed a Blog Post
  • Envato Staff
  • Exclusive Author
  • Grew a moustache for the Envato Movember competition
  • Has been a member for 1-2 years
+3 more
Carmen staff says

Hi everyone, Just letting you know we’re going to be deploying a change that means authors using FTP will only be able to login (to FTP) using their API key (currently it’s password OR API key).

When the change goes out, we’ve changed the FTP program to say; “login incorrect. Passwords are no longer accepted to authenticate via FTP, please use your API key instead. You can read more about the API here.

FAQs
Do I have generate my API key first? Yes you’ll have to generate one, you can find how how here.

What happens if I revoke that one and then re-generate another? If you revoke an API key then you will have to update the FTP program with an active API key

What if they have multiple API Keys? You can use any of your active API keys.

5 months ago via ThemeForest |
Jakartanese
33 posts
  • Indonesia
  • Exclusive Author
  • Sold between 1 000 and 5 000 dollars
  • Referred between 1 and 9 users
  • Bought between 1 and 9 items
  • Has been a member for 0-1 years
Jakartanese says

I just curious and don’t know technical consideration behind this. :) Is it more more confidential password than API? Because we only use password to access Envato’s site, and sometimes we easily give our API key to any 3rd party, such as application even that is not Envato’s official.

5 months ago via ThemeForest |
billyf
270 posts
  • Exclusive Author
  • Has been a member for 1-2 years
  • Malaysia
  • Sold between 10 000 and 50 000 dollars
billyf says
Jakartanese said
I just curious and don’t know technical consideration behind this. :) Is it more more confidential password than API? Because we only use password to access Envato’s site, and sometimes we easily give our API key to any 3rd party, such as application even that is not Envato’s official.
In that case, you should generate a new API key which is meant specifically for your FTP only ;)
5 months ago via ThemeForest |
jonathan01
1873 posts Bird is the word..
  • Elite Author
  • United States
  • Sold between 250 000 and 1 000 000 dollars
  • Has been a member for 5-6 years
  • Referred between 100 and 199 users
  • Bought between 100 and 499 items
  • Author was Featured
  • Microlancer Beta Tester
  • Exclusive Author
+3 more
jonathan01 says

At this time of the year may i suggest that a message is placed on authors dashboards or send out an email as many will not see this message and you will then receive a flood of posts no doubt in the new year asking why their FTP uploads are not working.

Just a suggestion.

Jonathan

5 months ago via ThemeForest |
CodingJack
5008 posts The Dude Abides
  • United States
  • Elite Author
  • Has been a member for 4-5 years
  • Exclusive Author
  • Author was Featured
  • Sold between 50 000 and 100 000 dollars
  • Item was Featured
  • Contributed a Tutorial to a Tuts+ Site
  • Author had a Free File of the Month
+4 more
CodingJack says
Jakartanese said
I just curious and don’t know technical consideration behind this. :) Is it more more confidential password than API? Because we only use password to access Envato’s site, and sometimes we easily give our API key to any 3rd party, such as application even that is not Envato’s official.

Even with this change I think it’s still ok. Because even if someone used your API key + ftp, all they can really do is upload something to your account storage. They’d still have to have your password to apply that to an official upload/update.

5 months ago via CodeCanyon |
Jakartanese
33 posts
  • Indonesia
  • Exclusive Author
  • Sold between 1 000 and 5 000 dollars
  • Referred between 1 and 9 users
  • Bought between 1 and 9 items
  • Has been a member for 0-1 years
Jakartanese says

+1 for Jonathan’s suggestion.

5 months ago via ThemeForest |
Jakartanese
33 posts
  • Indonesia
  • Exclusive Author
  • Sold between 1 000 and 5 000 dollars
  • Referred between 1 and 9 users
  • Bought between 1 and 9 items
  • Has been a member for 0-1 years
Jakartanese says
billyf said
In that case, you should generate a new API key which is meant specifically for your FTP only ;)
CodingJack said
Even with this change I think it’s still ok. Because even if someone used your API key + ftp, all they can really do is upload something to your account storage. They’d still have to have your password to apply that to an official upload/update.

Yes, never think about that, haha. Thank you billyf & CodingJack.

5 months ago via ThemeForest |
bdthemes
27 posts
  • Bangladesh
  • Exclusive Author
  • Has been a member for 1-2 years
  • Sold between 50 000 and 100 000 dollars
  • Most Wanted Bounty Winner
  • Microlancer Beta Tester
  • Bought between 10 and 49 items
  • Referred between 10 and 49 users
bdthemes says

Thanks for this information :)

5 months ago via ThemeForest |
RafaelOliveira
RafaelOliveira Recent Posts
Threads Started
971 posts
  • Microlancer Beta Tester
  • Brazil
  • Exclusive Author
  • Sold between 10 000 and 50 000 dollars
  • Most Wanted Bounty Winner
  • Referred between 100 and 199 users
  • Bought between 1 and 9 items
  • Has been a member for 2-3 years
RafaelOliveira says

Thx for the info :)

5 months ago via GraphicRiver |
urbazon
1583 posts
  • Author had a File in an Envato Bundle
  • Author was Featured
  • Contributed a Blog Post
  • Exclusive Author
  • Has been a member for 3-4 years
  • Interviewed on the Envato Notes blog
  • Referred between 1 and 9 users
  • Serbia
  • Sold between 10 000 and 50 000 dollars
urbazon says
billyf said
Jakartanese said
I just curious and don’t know technical consideration behind this. :) Is it more more confidential password than API? Because we only use password to access Envato’s site, and sometimes we easily give our API key to any 3rd party, such as application even that is not Envato’s official.
In that case, you should generate a new API key which is meant specifically for your FTP only ;)

It actually doesn’t matter, because they said any API key can be used to log in into ftp accout ;)

But, on the other hand, CodingJack is right, the only bad thing that can happen is that somebody logs into your ftp account and uploads something to it. They can’t download anything, nor can they do anything with the uploaded files afterwards. But still, I wouldn’t like somebody messing with my ftp account. :)

5 months ago via AudioJungle |

Search forums

Active threads

Payment reversal 3 replies, last by CarlosViloria 3 minutes ago
Insulting Messages received via TF profile message box! 0 replies
Petition Script 4 replies, last by Australia 11 minutes ago
Looking for wordpress business theme designer! 0 replies
Reversal again and again 12 replies, last by newkarir 16 minutes ago
Why some author's themes are easy to get Approved? 2 replies, last by MattMao 29 minutes ago
Change colour of Hover Link 2 replies, last by el_jojo 2 hours ago
by
by
by
by
by