Technical Support

Ask a Question

GET /actions/claim-qr might lead to security leak

I realized that we are asked to pass `qr_hash` as an url parameters in the `GET /actions/claim-qr` endpoint. Because any valid `qr_hash` alone can be used to claim the POAP, I would consider it as a sensitive secret input. While HTTPS protects traffic from being sniffed, server framework and middleware commonly log full URLs. This means `qr_hash` can be accidentally leaked even if the developer has exercised abundant caution. This obviously isn't an immediately exploitable vulnerability but I am afraid there might be POAP codes in server logs in the wild due to use of this endpoint.

query regarding

const sdk = require('api')('@poap/v1.0#f9zrilbz36y2l'); sdk.auth('api-key'); sdk.auth('access-token'); sdk.gETActionsClaimQr() .then(({ data }) => console.log(data)) .catch(err => console.error(err)); this is the nodejs code given in poap docs to call this api in nodejs. In poap docs when filling api key and access token from poap docs site it is working fine from there. but when calling this function from my side it is giving unauthorized access . Can you tell me how?

Can I know how many days does it take to process the API key request?

I have submitted the access form already on Friday 24th Feb 2022. So, I was just wondering when would I get access to the keys or if there is a need for anything else to process the request. Please let me know. Thank you.

How can I check on the status of my api key request?

I did not receive an email validating i filled out the request, It's been a couple of days so just want to make sure the request form worked and curious how i'd be sent my the keys.

Requested Authentication token but didn't receive it

I requested for POAP API as well as authentication token but only received POAP API

Getting unauthorized while using enpoints to claim POAPs

Trying the qr-codes endpoint for claiming POAPs and getting a 403 unauthorized /event/{id}/qr-codes Tried to check if the secret code is valid using /event/validate but getting unauthorized there as well My event id is 102279. Please help me understand how I can claim using the flow shown here -

could i change the expired date after the expiration

hello, unfortunately i could not change it anymore - although i have the edit-nr.

API returns invalid data for certain POAP?

Hello, I'm Lemon from Guild we are currently troubleshooting a gating issue with a POAP drop. the dropped POAP is not visible by the explorer/gallery and users who claimed can't seem to validate they hold this asset because the API returns an empty response. I created a POAP with the same settings and claimed on my wallet and I can get a response and gate with it. My POAP id: 100411, theirs: 45588 Why there is no response for theirs? I would guess the private event but it has nothing to do with it. I'm asking for technical help with the API. Thanks in advance, Lemon

Get total number of event by API

Hi, I want to now is there any api to get the total number of event? "/paginated-events" is pass "total" but I found it not represent the total number of events

How can I get more qr-codes once the event is created?

If I requested for 10 codes but then I need more, how can I get more qr-codes? Thanks