Deviant Login Shop
 Join deviantART for FREE Take the Tour
We've launched a set of APIs for deviantART and sta.sh, some of which were previously available but yet to be documented in a central place.

What can be done with these APIs?



Embed artwork from deviantART on your website or app, get feeds of quality art based on any keyword, submit any content to sta.sh for instant sharing.

The API calls we've made available are deliberately simple but open many doors. For example, we provide the ability to update a sta.sh item that has already been submitted through to the API. That opens the possibility of creating a live link between your app's instance of the artwork and the version we host. It makes it even possible to create live deviations that are updated automatically: fav.me/d4aeapg This is the kind of possibility one might not consider at first glance when reading the specification.

Examples



The APIs have gone through a beta period and several products are already using them:




Other APIs?



We have already received requests for new APIs to integrate with deviantART and sta.sh and we will consider all suggestions we receive. Bear in mind that the decision process for adding new API calls can be lengthy, because when we add an API call we want to support it forever.

We don't want to be like some other large social network's API for which calls are deprecated every 6 months and rules changes all the time. We intend to provide stability, if we add an API call, it's meant to stay. Which is why we're being careful about what we add.

Get started



All the information and working code samples be found on our new developers page: www.deviantart.com/developers/


5962999454 1633eeeb7d B by randomduck




The Place
dt developer group is 100% remote. We wrote about it in We're all remote before. Well, what we did not mention is that once per year, we get to see each other (often for the first time), and work in the same room on exciting new projects.

Untitled by drigh
...so we all decided to go to this place!

Untitled by randomduck
(it looks much nicer in HDR)

Untitled by drigh
Among the many sights: A rare action shot of pachunka racing swiftly to the conference room at night, shooting beams of light and magic and rollerskates

Untitled by drigh
Ah, Sunny San Francisco!







DT People
Ten years ago, a crack commando unit was sent to prison by a military court for a crime they didn't commit.... Wait, no. That's not us. We're an assortment of developers from around the world who largely are not in prison.

Conehead by mudimba
A typical Irishman.


DEVlANT always has bugs in his sights. :lmao:

P7170245 2 by randomduck
chris, enamored by the prospect of installing Java, hardly able to contain himself.


We're still not sure who this is. Possibly poodude.

Quiet Moment by mudimba
A strict requirement for joining DT is the ability to look randomduck killer-cool in a night shot like. Do you have what it takes? Apply Now

mr $jekor by allixsenos
jekor, unable to see straight after a 20-hour fillibuster about why emacs is the ultimate editor... His real reasoning? M-x tetris

Wait'll They Get a Load of Me by mudimba
We admit our Product Managers here are as creepy and demented as anywhere else.

sneaking up on ArtBIT by allixsenos
Cell phone reception at Marin Headlands was so spotty that ArtBIT resorted to wearing antennae'ed helmets in hopes of picking up a better signal.





The Raccoons
There were a lot of raccoons there. They possessed no fear of humans. They have the ability to unzip bags and rummage through them. Apparently they desire our medication. It's a bit weird.

Raccoons! by 20after4
I can haz ibuprofen?

5972542452 Ecc75c6036 B by randomduck
Seecret Raccoon Brotherhood Alliance headquarters, mortal foes of the elite red scooter gang

Img 20110721 214136 by randomduck
Contrary to popular belief, any site breakage during the meetup was caused by these masked jerks with freakin' laser beams.

5963257462 5b4c749784 B by randomduck
"Suhweeeet, it looks like they're leaving! Now's my chance to sync AND enter read-only mode!"

Untitled by randomduck
"I bet I can pee on ArtBIT's jacket from here!"

5963007498 20b80eb808 B by randomduck
20after4 vanished mysteriously one chilly July night to engage in hand to hand combat with a horde of graham-cracker wielding raccoons. Some say they were after his tomato router.  drigh assissted, notoriously denying after the fact that he *only* kills man. A svelte raccoon sporting LGnome's gray jumper still parades the headlands, high on ibuprofen. Best part: free decals!






The Work
During our Pair Coding and Two Hackathons sessions, we got to build a lot of stuff together, in the same space, for one of the few times in DT history. So here goes of the story of thousand commits, 127 deployments, 17 tech-talks and 7 ignite-talks, 55 project pitches and 16 completed ones, two lost+found developers, 1 rogue server, 19 pair-coding sessions, chat session with community and a long read-only.

Untitled by randomduck
Now, some of the work involves thinking. It's not easy.

Pairing off session by KnightAR
The wonderful room where the work happened. Gosh, there's a lot more of us than there used to be. Pair coding partners were picked by drawing random ducks out of two boxes. Yes, we found over 20 unique ducks. This possibly explains a sudden change in dt member avatars toward .. ducks.
:iconbanks: :iconamoniker: :iconartbit: :iconrandomduck: :iconkouiskas: :iconloopstart: :iconartbitfailplz:


Untitled by randomduck
mudimba and kouiskas working hard(ly?).

We code in helmets by KnightAR
The Flow helmet...

Untitled by randomduck
Now, this shot is a blurry night shot. Why? We can't get DT to stop working even at 1AM.

Untitled by randomduck
kemayo is oblivious to base murder being perpetuated behind him on poor departed jekor

Untitled by randomduck
Yes we do have a lot of macbooks, why do you ask?

Untitled by randomduck
Admit it; you like the song, says ArtBIT. Little known fact: dt is working on a new primitive web language, similar to LOLCode, based around the collected works of Rick Astley. This should be a significant upgrade from the COBOL/LOGO combination that we are currently using.

Untitled by randomduck
aMoniker pair codes with a raccoon sneaking on the roof ledge

Untitled by randomduck
A mutant sneak peek of sorts? A combination of nearly every single Hackathon project in one screenshot.





The Food
Three healthy, regularly scheduled meals a day was a mind-blowing new experience for most of dt. Several varieties of raccoon basted finely in the juices of other raccoons - a culinary treat had by all, served on the side with biscuits, not scones.

Untitled by randomduck
8 A.M. breakfast. Turnout is staggering. Never before has mudimba been seen at this hour.  And apparently the food was tied with our phones at capturing our interest.

a working lunch by allixsenos
Sometimes you have to finish a demo during lunch. Well, LGnome does, anyway.

P7170240 2 by randomduck
spyed loves corn, amirite?

P7170258 2 by randomduck
Nah, too obvious.





The Fire
Approximately every other night there was a campfire. There we sat, and were contractually obligated to not consume alcohol.

Untitled by randomduck
Bip bideh bip bideh bip bideh beaaaah  (modem-off).  Participants attempted to communicate entirely in modem mode. Alas, handshakes were broken due to beer gulping interference and inability to negotiate the baud rates. mccann told a cautionary campfire tale warning us that all men in the entirety of the universe use 69camaro as their password while all women have a password declaring that the object of their infatuation is "dreamy."






The Barracks
You smell that? Take a deep breath through the nose. Really let that seep in. What are you getting? Because to me, that's part man-smell, and the other part is really bad man-smell. I don't know why, but overall it just smells like the color brown. Your thoughts?

Untitled by randomduck
mccann and xraystyle enjoy the ambience of nuclear outpost on arrival

Untitled by randomduck
We may have gone overboard on providing mouthwash.

Untitled by randomduck
Are mudimba, pachunka and ArtBIT grinning because they just found out that 20after4 stole randomduck's smashed-up wake-up trumpet?





And the music video
Look, we've already rickrolled you in this post. It must be safe to play a video now.


No raccoons, other animals or deviantART site were harmed during filming of this episode. $chris was hungover, and someone shot $pachunka but thats about it. All characters appearing in this work are fictitious. Any resemblance to real persons, living or dead, is purely coincidental.



#DT Live Chat Today

Tue Jul 19, 2011, 12:23 PM by randomduck:iconrandomduck:
As our About Us page attests, dt, or Devious Technology, is deviantART's largest department.  These shy, elusive creatures work furiously behind the scenes to make deviantART run smoothly, zap bugs with precision, and create brand new tools to make dA a better place.

Today at 1:30 PM PST (a mere 3 hours from now!), dt will make a rare, exclusive appearance in the #Auditorium, allowing you the opportunity to observe them in their natural habitat.  This is your chance to get those tech gears in your brain a-churnin’ with some wonderfully geeky dialogue!

:star: Have you ever wondered:

:bulletblue: How deviantART functions technically from day-to-day?
:bulletblue: What kind of server power it takes to run a website as large as this?
:bulletblue: How bugs are detected and fixed?
:bulletblue: Why so many dt members have a rubber duck as their avatar?

These questions and more can be answered by attending our chat with dt today in the #Auditorium!  If you have a question you want to ask, leave it in a comment on this news article, where you can find all the details about this event!

While members of the dt team live all over the world, they've banded together to fight crime and talk tech for the past few days in the headlands of San Francisco.  They will be coming to you live from their secluded cabin, ready and able to answer your questions.  Join us in the #Auditorium at 1:30 PM PST (click here for your local time) for a tech-y good time! :woohoo:

Recent Journal Exploits

Wed Jun 15, 2011, 11:01 AM by sgrahamUK:iconsgrahamuk:
Q. What happened?

Starting around 05:45 PST on Wednesday 15th June, we started to receive reports of "Journal Exploits" doing the rounds and we began to investigate them.

It quickly became apparent that someone had crafted a link behind the bit.ly URL-shortening service that caused people who visited it to post a journal on deviantART.

The content of the journal was sometimes an insulting message directed towards the journal's owner.  Other times, it was a copy of the link itself, making it more likely that more people would see it and click on it, causing the exploit to propagate further.

We quickly deployed a temporary fix that blocked the bit.ly URL at our outgoing link page, to prevent people from clicking on the link if they saw it in someone's journal. While this wasn't a comprehensive fix, it was one that we could deploy within 10 minutes of the matter coming to our attention, while we worked on a full solution.

The simple explanation of the problem being exploited is that the link was crafting a hidden form submit to your journal page. Because it was submitted by your web-browser, it appeared to be you submitting a journal via the normal process, and so would be posted under your name.

This is what's known as a "confused deputy" attack, and we have protection against it as part of our standard suite of security tools. Unfortunately the journal submission process wasn't utilizing it.

Once the problem was diagnosed we added the missing protection to the journal, tested and then deployed it approximately 2 hours after the exploit came to our attention.

We then began the process of cleaning up the journals that were added during the attack.

Q. How many people were affected?

The first journal to have been posted via this exploit appears to have been at 23:50 PST on Tuesday 14th June, some 5 hours before the matter was brought to our attention.

During the 7 hours the exploit was active, just over 2300 journals were posted via it.

Q. Should I change my password? Are my personal details at risk?

You don't need to change your password and your personal details were not exposed in any way.

At no point was your account integrity compromised or your password available to the attacker.

The nature of the vulnerability was strictly limited to being able to prefill a journal form and act as if you had clicked on "submit" within your browser.

The Faving spam counter-measures

Mon Jun 13, 2011, 3:07 AM by allixsenos:iconallixsenos:
The weekend before Memorial Day was an interesting one.

The TL;DR version:
  • A user was banned permanently for running an automated script against the site, faving the universe & more.
  • That kind of mass-faving just to draw attention to themselves provides zero value to the community and causes issues on the site.
  • To curb that behaviour, faving was put under the guard of the same anti-spam filter used throughout the site.
For a more detailed rundown of what happened, including information about the filtering that was implemented, you’ll have to read through the post. ;)

Site issues
At around 6am PST on Sunday, the dT team discovered an increasing amount of database issues affecting one of our servers which stores deviant data (deviations, favourites). On deviantART, all of the user-generated data is spread evenly across a number of servers, so seeing only one of them affected by unusually high load to the point of causing issues raised some eyebrows, especially considering 6am on a Sunday is usually a calm period.

Looking into that specific server, it was immediately noticed that sporadic issues started happening around 1am, reached a steady rate of 20 issues per second at 2am and have been steadily rising by another 20 per second with every hour. By 6am it had reached 100 issues per second.

One hundred issues per second directly translates to 100 failed page views per second. Not good.

The activity log for the problematic server revealed a long list of seemingly identical queries all related to a single deviant, piling on at a rate that could not have been caused by regular use of deviantART, no matter how quick you are with the mouse. The activity? Faving of what seemed to be damn near everything in sight.

The rate at which these requests were coming in told us without a doubt this was not a human-generated activity but a script or a bot running against deviantART, impersonating a deviant. Since affecting the site’s stability, especially in this way, is explicitly against our Terms of Service, the deviant generating these requests was banned, after which the issues immediately subsided and remained at a flat 0 for the remainder of the morning, as can be seen in the following image.



The banned deviant had accumulated almost half a million favourites in the short 2 months they have been a member, which comes out to an average of one fave every 10 seconds for 24 hours a day, every day since they’ve joined. This is not a rate a human being could sustain.

Introducing the velocity filter on Faving
Favouriting deviations was one of the last remaining user actions on deviantART that had no anti-spam measures implemented because, unlike commenting on deviations and deviant profiles, and posting in forums, it gives a very limited exposure to the person doing it, making it very difficult to find motivation to abuse it. Even our own realitysquared recently made a Journal in which he explained that there’s no such thing as “abusing Faves” or giving out too many, and asking deviants to stop reporting instances of that behaviour to helpdesk.

After the incident described above and after looking into the amounts of faves other deviants have accumulated, it was decided a limit should exist, but be set sufficiently high, so that no normal user could trigger it. To accomplish this, a velocity filter - the same mechanism already in place all over the website - was to be implemented for faving. The limits were adjusted for faving to be much more forgiving than for other activity, taking into account the reduced visibility of faves and the fact that it’s legitimately possible to hand out dozens in the time it takes to write a single comment. Our intention was to curb scripted mass-faving (or “favbombing” as the community has come to call it), while allowing near-unlimited faving by genuine deviants, within reason.

At around 4pm the same day, the velocity filter was implemented and the first reports from users hitting the limits started coming in. The limits were obviously set too low, and the affected users were very vocal about it. Taking that feedback, another round of discussion was had and the conclusion was to increase the limits to a value high enough that it would be theoretically impossible to hit even during a faving frenzy. After the changes were implemented, only a handful new complaints were registered, all from deviants with unusually high amounts of faves.

The weekend following the incident, almost a week after the initial rollout, we gathered some stats for this blog post, to give us a view of how many deviants were still hitting the limits. The stats were gathered from Friday night to Tuesday morning, and the velocity filter was hit a total of 30,900 times by 500 unique users. Of that, over 40% of the hits were produced by just 10 deviants, with one deviant in particular being responsible for 10% of the hits that weekend. The user was attempting to favourite at 300 times a minute (or 5 times a second) for several hours. The numbers here indicate the number of times a faving action was denied, once the user has reached the limit and continued trying to fave.

We are still seeing the occasional favbomb run; for example on Tuesday the 7th we saw a noticeable spike in velocity filter activity, caused by one or more deviants hitting the limits 8 times per second, as shown in the image below.



Since that unusual spike subsided, we’re seeing an average of fewer than 1 fave in 5 seconds being rejected, with obvious attempts at favbombing cropping up here and there and quickly giving up.

How much is too much?
It’s important to note that the velocity filter, which as mentioned is the same mechanism providing one of many anti-spam measures to all of dA including comments, devwatch and notes, is not a single number or a “this many in this much time” thing. It’s a special sauce that includes some fancy maths, cooked up by dT’s smartest. Because of this, there is no single answer to the question that will surely come up - “how many faves can I give out?”. There’s still no limit to the absolute number of faves a user can give out and we’re not looking to change that.

The limits are meant to prevent server issues like the ones we experienced on Memorial Day weekend, but also to stop users from using faving purely as a method of drawing attention to themselves at a massive scale while providing zero value to the rest of the community. We hope you’ll agree these changes are for the good of everyone on the site.

- allixsenos & KnightAR

Recent Journal Entries

We're Hiring Developers

We're looking for talented web developers to join our team! :la: Interested? Check out deviantart.theresumator.com/ap…

Journal Writers