|
Author |
Thread Statistics | Show CCP posts - 8 post(s) |
|
CCP Fallout
|
Posted - 2011.01.29 19:10:00 -
[1]
More changes are coming to the API, and CCP Prism X's newest dev blog has all the details.
Fallout Associate Community Manager CCP Hf, EVE Online Contact us |
|
|
CCP Stillman
|
Posted - 2011.01.30 00:19:00 -
[2]
I'm just gonna address some of the ones I can. Prism will respond more detailed Monday I'm sure.
Originally by: Elojs
However, there's a layer of functionality that is lacking. It's all very well that you can block a key that's become compromised. How about a detailed log of who is using those keys, so you can track them down and (in game) kill 'em?
Very few people know this, but that's possible with the current API. And we're not planning to remove features.
|
|
|
CCP Stillman
|
Posted - 2011.01.30 00:23:00 -
[3]
Originally by: HyperBeanie Will 3rd party sites be able to send the user to Eve Gate with a pre-filled request of what the site needs? (Like the facebook apps does).
fx. eve-kill needs access to your kills. User goes to eve-kill, clicks a link and gets sent to eve-gate where the appropriate checkboxes have been marked and are ready. User can now do a simple copy/paste (or redirect back?) on ok.
Just an idea ;)
We have no specific design. But one of the very first things our beloved Senior Producer, CCP Zulu, mentioned when he saw our plan, was very much along the lines of what you describe, only he called it "templates".
As for how it will exactly will work is to be decided. But it will happen.
|
|
|
CCP Stillman
|
Posted - 2011.01.30 00:29:00 -
[4]
Originally by: Cresalle Edited by: Cresalle on 29/01/2011 23:09:32 Firstly a question: Is this really at the top of the priority list?
Are you suggesting it shouldn't be, even if it's the single most requested piece of functionality which people have been begging for?
|
|
|
CCP Prism X
Gallente C C P C C P Alliance
|
Posted - 2011.02.14 16:26:00 -
[5]
Sup!
Just thought I'd pop by so nobody thinks I'm ignoring the comments and give a bit of feedback back!
oAuth, challenge/respond and other methods.. Not happening. I doubt you'll be able to convince us that there's more gain than pain. This is already a rather extensive overhaul of the current infrastructure and I simply do not see oAuth maximizing total happiness any more than improving on the already known access schema.
Eve Gate As mentioned already this is just a natural evolution of things. I'm not really understanding peoples security concerns with EVEGate as they seem to relate to decided defaults on character wall settings. That has nothing to do with the API and I can promise you that you will not start out with an default API key that everyone will have knowledge of which has access to everything.
The idea of having a way of linking to Eve Gate with predefined key parameters is a pretty spiffy idea. I'll check with my Eve Gate resources if that is possible.. once they have time for me.
Access Logs As Stillman mentioned these already exist. Having them in API call form is not a bad addition at all!
Are corporation keys only creatable by directors? That was my original plan. However, there is nothing stopping us from allowing people to create corp keys according to their corporation roles and titles. I was thinking I'd want the directors to have full control over their corporate API keys and not have to worry about people with roles giving them out while they are sleeping. Perhaps I can get some more opinions on this? It's quite possible that I'm being overly paranoid on your behalf.
Exposing alts! My original plan was to keep them completely hidden from you as it is meta-game information that should not be exposed through the API. It simply doesn't seem right. Perhaps we can reach some sort of compromise on this?
Granularity of customization I'm quite open to the possibility of an Advanced Access View which would break the groups further down into calls. It does however depend on how much time I can actually get from Eve Gate developers but it's certainly not an impossibility at this point. However, all I'm ready to promise is the group granularity (for non-super users) and the templates (could even include the old full/limited defintion) which need to be completely idiot proof to serve their purpose. By all means do propose your take on how to best break this down and what templates would be most useful!
Key Properties API Call This is clearly needed if only to query the access level of the api keys. This would also include stuff like the expiry date so that applications can warn about upcoming key expiry or websites send emails to people to remind them to give their expiry date a bump. This obviously depends on the final decision on the expiry date of keys.
Also, this would be a good place to at least tell people whether the key was account bound or character bound, this could serve as a compromise for not being able to see the actual alt characters which I do not want to expose on keys that the user has specifically requested to be bound to a single pilot. How does that sound?
Key Expiry I really do not want to make immortal api keys. I never meant to actually delete the key on expiry, just refuse to authenticate it until the key owner (not the holder as he should not be able to access the owners Eve Gate API Key management) refreshes the expiry date. I would also not require keys to expire to be refreshed. Is that still too cumbersome in your opinion? Could you suggest alternatives that do not involve immortal keys. I'm 99.9% certain that if I allow UNLIMITED lifetime people will start doing that by default and then yell at me when they realize their old corporation has been harvesting their information for the past three years after they quit it.
Keep it coming! P.S. All statistics were made up on the spot!
~ CCP Prism X EVE Database Developer and Acting API Dude |
|
|
CCP Prism X
Gallente C C P C C P Alliance
|
Posted - 2011.02.14 17:31:00 -
[6]
Originally by: Qoi Hide Alts: I'm not sure i understand you correctly. The /account/Characters API call should definitely stay for account keys. For character bound keys, this API call should not be available. Is that what you mean by "hiding alts"? Then i completely agree.
As I do not fully understand you:
What I just proposed is that the /account/Characters call will be available but just show the character the key is bound to (making it useless for most things) but that the non-existant /somethingCauseAccountDoesntReallyFitProbablyAPIorSomethingElse/keyPropertiesOrSomeOtherName would tell you it was a character bound key rather than an account bound key.
~ CCP Prism X EVE Database Developer and Acting API Dude |
|
|
CCP Prism X
Gallente C C P C C P Alliance
|
Posted - 2011.02.14 17:53:00 -
[7]
Edited by: CCP Prism X on 14/02/2011 17:52:59
Originally by: Qoi
Originally by: CCP Prism X Btw, you have awesome hair. (Why isn't it pink?)
Because most colouring agents leave a chemical residue in your hair that keeps it from properly locking up into dreads.
~ CCP Prism X EVE Database Developer and Acting API Dude |
|
|
CCP Prism X
Gallente C C P C C P Alliance
|
Posted - 2011.02.15 08:38:00 -
[8]
I never meant to imply it was hard to get the EVE Gate team to do anything for me. I'd never talk down to my coworkers on a public forum. That would not be professional. Fact is we have to manage our resources on all fronts and they are actually the team I have the best access too on account of having the same producer as the API.
However, that is not the only reason for the move. It's a very natural choice in all regards as others have commented on before. I understand people were not happy about the default privacy settings. But I do not understand how that makes the EVE Gate authentication any less secure than your client or eveonline.com authentication.
~ CCP Prism X EVE Database Developer and Acting API Dude |
|
|
|
|