Taureau
Innovia Innovia Alliance
|
Posted - 2011.02.11 03:51:00 -
[1]
Great, But... My alliances website ENTIRELY depends on this system, please don't make it too painful.
- If you're going to HIDE other characters, at least say how many are hidden (you don't even need to show the names). For example, if an account has 1 other character, just put in something as simple as an integer value... <hiddenchars>1</hiddenchars>. That way corporate executives can say "I need to see all the characters" and make the spy go back and show them their full key.
- You will NEED a feed or way to know what accesses each key allows. This can be a new feed with a series of tags with 1 or 0. This would also include being able to differentiate between a corporate and character key. This would also be a great improvement in general even to the current API system.
- Keep the process of creating keys SIMPLE, but at the same time make the separate process of modifying the keys very advanced and flexible. The main issue I have as a CEO is this is currently, the process of asking a recruit for their key is this...
- Recruiter: Hey, I need your API User ID & Key: http://eveonline.com/api
- Recruit: Limited or Full?
- Recruiter: Limited (or Full)
- Recruit: Okay, then they paste it.
The dev blog shows the new process as this...
- Log into EVE Gate on a character on the account you want to link the key to (or the character in question for a single character only API) or, in the case of corporate keys, a character with the director role.
- Go to the API Key Management
- Select "Create New API Key"
- Give your key a name so you can easily differentiate between the purpose of keys in the management interface through a descriptive name.
- Select a lifespan (see Further Security Additions above) for your new key, the default will be six months.
- Select the type of key you are generating
- Corporation Key (Requires Director role)
- Account wide key
- Character bound key
- Assign call groups to your key.
- Auto-generate, or assign, a verification code to go with the keyID
This worries me, I propose you make some sort of template keys. Also, an especially good idea would be a direct link to the API page, and attempting to make the new system just as easy on a recruiter, IE make the 2nd list more like the 1st list while keeping the things from the new list.
- Please keep in mind that web applications also use the API. My alliances website 100% relies on them. So I hope you keep to your work of slowly transitioning and keeping both versions of the API key system online for a short time.
On the other hand, the lifetime thing is good for CCP's database & key security. It also requires you'd need something to re-validate or replace expired API keys on your app, but that's probably needed anyway (at least with my app). Believe it or not, I've held back a lot of thoughts on this matter and a lot of my programming gripes.
|