We sometimes receive requests why we use a combination of customer number and PIN (API-Key) and not just the e-mail address and password. After all, it makes the whole thing more complicated and confusing. For many it seems completely pointless.
In fact, there are several (very good) reasons why we use the PIN for the API authentication. First of all: all external programs (e.g. jDownloader, Sabnzbd, Kodi-Apps, etc.) communicate via our API interface. The program or app submits a specific request to us and gets the desired data back.
Reason 1: The password might already be public. Many users use the same password everywhere. If a system is compromised somewhere, the hacker can try many different sites. In the worst case, the hacker can even access the mail account with the login data and see where the user is registered.
Reason 2: Many passwords are too simple. Even if the password has not yet been circulated by a hack, many passwords are so simple that they can simply be determined by trying them out (brute-force). As you may have already noticed, this is not so easy on our website, because after a few attempts a captcha has to be solved. With our API, this is not so easy to implement, you can’t suddenly solve a captcha in Kodi. So if we would allow email address and password in our API, passwords could be tested much easier.
Reason 3: Your password would be in danger. Just take a look into jDownloader log and you will find your customer-id and PIN in plain text. It wouldn’t be so good if this was your email address and password you use on Google and Amazon, would it? Not to mention unofficial third-party apps that might even store and sell the data.
If anyone gets access to your customer number and PIN, it’s not that bad. Of course, your Premiumize.me account can be abused, but your data is safe. Also nobody can log into your account with this data and you keep the upper hand because you can renew your PIN at any time.
Basically the PIN is only there to protect your data and your Premiumize.me account!
What can I do to protect my account in the best possible way?
Of course you still have to choose a secure password for your account. This password should consist of upper and lower case letters and contain numbers and special characters. Most important is that you do not use the same password everywhere.
It is also important that you do not use a trash mail address that is accessible by other people. Only you should have access to your e-mail address. If someone has access to your e-mail address, they can easily change your e-mail address and password and take over your account completely or even delete it. In the latter case your account would be completely lost and in the other case it could be difficult to return the account to you.
If your account is already well secured, then you have already worked through the most important steps.
But we still have one tip: check your fair-use history regularly. If you notice any strange usage (e.g. filehosters you never use or similar) change your password immediately and renew your PIN. You are also welcome to contact us so that we can temporarily block your account in order to prevent further abuse. We will be happy to help you secure your account in the best possible way.
If you have any questions, our support team will be happy to answer them. For general questions you can also use the comment function.