Modify Account Security, Distributed API, and Allowed Referrer Settings
Posted by on 11 April 2011 09:46 AM
If using the "Advanced Method" API (sending secret key) or a 3rd-party script with the "Lock to Account" feature enabled, the system will add your referrer automatically, and these instructions are unnecessary.
If using the "Simple Method" (embedded) or manually adding allowed referrers, then see below:
Using the "Distributed API" will override your list of referrers.
Locate the Account Security section in the ShrinkTheWeb Dashboard
Click the Manage Security Settings link.
This opens the Security form, were you will find your Access Keys and a field to specify referrer domains/IPs.
Lock Access to Account
This feature is enabled by default. It locks your account credentials to the referrers or sites you specify. Disabling this feature is not recommended as it may open your account to possible abuse.
Note: "Lock Access to Account" may NOT be disabled by Free users for abuse reasons.
Allow ONLY Distributed API Security
This feature is disabled by default and not available to Free Accounts. It is designed for users who need the highest level of security by preventing access by any means other than the distributed API security method. This option overrides "Lock to Account" and "IP Override" and ignores the "Allowed Referrers" list. Sample code for this feature can be found in the STW PHP Sample code.
This feature is disabled by default. It is designed for users who use the embedded method, by default, but also have distributed applications (mobile, social, etc) where all IPs must be allowed. This feature should only be enabled by advanced users.
Note: "Override Lock to Account for IPs Only" may NOT be disabled by Free users for abuse reasons.
Lock to Account (Allowed Referrers) List Entry
Adv Method Requests (i.e. via a script or 3rd Party Plugin) - Uses your server's IP address
Direct Requests (i.e. putting into your browser for testing) - Enter your local IP address (What Is My IP)
Check that the information you have added is correct and click the button when ready.
Note: Only the domains/URLs and IPs specified in your "Allowed Referrers" list will be able to use your account unless the "Lock to Account" is disabled. If "Override Lock to Account for IPs Only" is enabled, then ALL IPs will be allowed but domains/URLs not on the list will still be blocked.
If you have confirmed all your settings are accurate, enable "Full Logging" for further troublshooting.
Note: Using a shared IP Address is not supported with Free accounts. If you are using a shared IP address, that has already been reserved by another user, you will receive the following error when trying to add it to your "Lock to Account (Allowed Referrers)" list:
"The domain or IP (127.0.0.1) is already listed in another account!"
Note: Referrers can not be used in multiple accounts and multiple accounts are NOT allowed.
Q: "How many referrers may I add to an account?"
Q: "What if I want to show screenshots on Social Sites or in Mobile Apps?"
Q: "Why can't I add certain sites, like Facebook, Twitter, Google, etc?"