Pages: 1 2 3 4 :: [one page] |
|
Author |
Thread Statistics | Show CCP posts - 21 post(s) |
|
CCP Zymurgist
Gallente C C P
|
Posted - 2011.05.26 15:45:00 -
[1]
In CCP Stillman's latest dev blog he welcomes back CCP Elerhino and talks about the new customizable API key. Read more about it and how to start testing these new API keys here.
Zymurgist Community Representative CCP NA, EVE Online Contact Us |
|
Gnulpie
Minmatar Miner Tech
|
Posted - 2011.05.26 15:53:00 -
[2]
WOOOOOOOOOOOOT
\o/
Err, what is it about? Anyway, sounds completely awesome |
RaTTuS
BIG Gentlemen's Agreement
|
Posted - 2011.05.26 15:55:00 -
[3]
+10
|
|
CCP Prism X
Gallente C C P C C P Alliance
|
Posted - 2011.05.26 16:13:00 -
[4]
I'm content with the number of times I was mentioned in this blog.
The combination to the safe with your antidote is 6-13-31-27.
~ CCP Prism X EVE Database Developer and Acting API Dude |
|
Vuk Lau
4S Corporation Morsus Mihi
|
Posted - 2011.05.26 16:21:00 -
[5]
CCP Stillman best Stillman.
|
Sarmatiko
|
Posted - 2011.05.26 16:24:00 -
[6]
The first thing that comes to mind - can you add simple vCode generator button to the API creation page?
|
|
CCP Stillman
|
Posted - 2011.05.26 16:28:00 -
[7]
Originally by: Sarmatiko The first thing that comes to mind - can you add simple vCode generator button to the API creation page?
Brilliant ideas like this is why putting things on Singularity before we release it is such a great thing.
But yes, I've suggested this to Elerhino. I'm optimistic we can do that
|
|
Marcel Devereux
Aideron Robotics
|
Posted - 2011.05.26 16:30:00 -
[8]
Edited by: Marcel Devereux on 26/05/2011 16:30:49 Can we please get a link for each key on the key management page that has the key info embedded as arguments in the URL (i.e. http://api.eve-online.com/key/?keyID=42&vCode=VERYSECRET)? I would like to register as a handler for that link and the user can chose to open the link with my application. This would allow for easy key entry into applications.
|
Paukinra
Gallente Hard Rock Mining Co.
|
Posted - 2011.05.26 16:30:00 -
[9]
Hm....
I do like the look of this - just please tell me this will be simple to you.
By the end will it just be check a load of boxes of what I want in it or will I also have to code it cause I can't code :p
Overall Im thinking +8/10 (it will get 10/10 if I can do the above idea)
[url=http://eve-kill.net?a=pilot_detail&plt_id=722354] [/url] |
Sarmatiko
|
Posted - 2011.05.26 16:34:00 -
[10]
Test https://apitest.eveonline.com/char/CharacterSheet.xml.aspx?keyID=17&vCode=Ogz2RzOaidrJsMFqmFPmDAzr0YRjph Gives me Error 500.
Also there is typo in devblog
Quote: Once you've created a customizable API key, you can query the API by providing the keyID, the vCode, and if you have not explicitly stated a character to be used with the key, a characterID like in the old system. Like this:
https://apitest.eveonline.comcom/char/CharacterSheet.xml.aspx?keyID=1&vCode=SOSECRETYOUCANTKNOW&characterID=42
Creating keys with specific access
|
|
Garheade
Amarr Aideron Robotics The Aideron Collective
|
Posted - 2011.05.26 16:35:00 -
[11]
Originally by: Marcel Devereux Edited by: Marcel Devereux on 26/05/2011 16:30:49 Can we please get a link for each key on the key management page that has the key info embedded as arguments in the URL (i.e. http://api.eve-online.com/key/?keyID=42&vCode=VERYSECRET)? I would like to register as a handler for that link and the user can chose to open the link with my application. This would allow for easy key entry into applications.
This could make things a lot easier from a programing standpoint.
|
|
CCP Prism X
Gallente C C P C C P Alliance
|
Posted - 2011.05.26 16:36:00 -
[12]
HTTPS is currently not working on the test server.
~ CCP Prism X EVE Database Developer If anything in this post was informative or could be considered as 'good news' to you - chances are you've misread it. |
|
Sarmatiko
|
Posted - 2011.05.26 16:40:00 -
[13]
Oh thanks http works fine http://apitest.eveonline.com/char/CharacterSheet.xml.aspx?keyID=17&vCode=Ogz2RzOaidrJsMFqmFPmDAzr0YRjph
|
Irdalth Delrar
EVE University Ivy League
|
Posted - 2011.05.26 16:44:00 -
[14]
I wanna clarify something given the way access masks work: if we create a predefined key that gets certain information from all characters on an account, does that mean if we run it through the mask validator, we'll see nothing under characterID? And likewise, will there still be a character list API? And if so, is there a method to validate, for example, if the character list comes back with only one character, because the API has been restricted to one character, that the person is giving a character specific API, rather then an "all characters" API? Basically, someway to validate someone trying to be smart by creating a specific API to avoid corporation background checks? --------------------------------------- Irdalth Delrar Diplomatic Director Eve University <IVY>
|
|
Chribba
Otherworld Enterprises Otherworld Empire
|
Posted - 2011.05.26 16:50:00 -
[15]
Awesome!
Secure 3rd party service | in-game 'Holy Veldspar' Now /w voice |
|
Elegbara
|
Posted - 2011.05.26 16:52:00 -
[16]
Edited by: Elegbara on 26/05/2011 16:54:13 Works great. ____________________________________ Open your eyes. And Awaken. |
Everseeker
Caldari Northgate
|
Posted - 2011.05.26 16:53:00 -
[17]
Is it safe to assume that, If I create a request string for a user, asking for specific information, that the user will see an "english-readable" warning, telling them specificly what the Recruiter/whoever will be receiving if you comply (perhaps with a check-box based format, to allow partial compliance with the request....)
--
EverSeeker |
SencneS
Rebellion Against Big Irreversible Dinks
|
Posted - 2011.05.26 17:04:00 -
[18]
It doesn't say it anywhere but if we create a non-expiring key can we delete the key? I haven't created one yet because I am uncertain I will be able to delete it.
I also assume the old API keys will continue to work as expected?
Other than those questions, API needed a little improving and this was a great step in that direction. It'll help everyone with what is needed for applications etc. I can't help but think those that need verification for alliances etc may get the short end of the deal..
"Yeah that's my character, my only one.." - "OK Welcome aboard!!"
Amarr for Life |
Shar Tegral
|
Posted - 2011.05.26 17:12:00 -
[19]
Did someone just pour a gallon of Awesome Sauce on the API?
Wealth, howsoever got, in Eve makes Lords of morons and gentlemen of thieves; Aptitude and intellect are needless here; 'Tis impudence and money that grants fame. |
MotherMoon
Huang Yinglong
|
Posted - 2011.05.26 17:16:00 -
[20]
Been looking forward to this. I can't even began to think how much work this must of taken
|
|
Two step
Aperture Harmonics K162
|
Posted - 2011.05.26 17:25:00 -
[21]
Only CEOs can create corporation keys? Why not directors as well?
What happens to a corporation key if the CEO leaves corp? Is it still valid? Two step for CSM6 - http://twostep4csm.blogspot.com/ |
Gossamer DT
Caldari Secret Squirrel Readiness Group Wildly Inappropriate.
|
Posted - 2011.05.26 17:25:00 -
[22]
This is so much win, I don't even know how to ask this, but please please please please include directors as being able to create corp API keys.
Still total win even with out director being able to create corp API keys. Gossamer |
mkint
|
Posted - 2011.05.26 17:36:00 -
[23]
I'm not a programmer, so i can't really make an programming suggestions, but I'd like to make some usability suggestions.
1) I like how customizable it is, but the added complexity means it's gonna be a ***** for rookies to set it up for evemon/eft. A link like the 'all' 'none' links for 'basic' 'full' would be pretty awesome (especially if it automatically filled in the 'name' field as well.)
2) it would be pretty awesome to have a button next to the verification code field labeled 'generate' to automatically create a new key similar to the classic API page.
3) I'm still fuzzy on how any programs will associate any particular API key with any particular account. I assume it still uses a user ID? That is no longer shown on the page. If it's not still associated to a user ID, then I'm fuzzy on what happens if there ends up being keys with duplicate names/verification codes (unless neither of those are supposed to be meaningful to the user, which I'd have to say right now would be extremely bad.)
also bonus points for not having the new API key being attached to spacebook. Holy jeebus, thank you for not having it be attached to spacebook. That gawdawful piece of crap website needs to be rebuilt from the ground up before I trust it to do anything important, and it still upsets me that it's linked to my account at all.
|
Sino Sarn
Sick Tight Controlled Chaos
|
Posted - 2011.05.26 17:49:00 -
[24]
nerf supers already.
|
Herschel Yamamoto
Agent-Orange Nabaal Syndicate
|
Posted - 2011.05.26 17:59:00 -
[25]
You added a No Expiry checkbox, and thus I am happy.
Will there still be the traditional limited/full keys, or will we have to build those?
|
James Arget
Caldari Future Corps
|
Posted - 2011.05.26 18:31:00 -
[26]
Originally by: Two step Only CEOs can create corporation keys? Why not directors as well?
What happens to a corporation key if the CEO leaves corp? Is it still valid?
+1 to this. Directors need to be able to create keys as well.
One of my members also asked how the Corp keys are going to work in regards to granularity. Could we make keys that restrict access to only member applications, or only to POS information?
|
Matalok
Dreddit Test Alliance Please Ignore
|
Posted - 2011.05.26 18:32:00 -
[27]
Originally by: Two step Only CEOs can create corporation keys? Why not directors as well?
Can't wait until EOH/Somer spot this one, so much for multiple keys to check over the corp wallet.
Want to see the Corp Wallet Journal more than once a hour? NOPE.
|
Sable Blitzmann
Minmatar Massively Dynamic
|
Posted - 2011.05.26 18:38:00 -
[28]
The fact that directors cannot access corp info is stupid. Please fix this.
|
Vessper
Indicium Technologies Hephaestus Forge Alliance
|
Posted - 2011.05.26 18:41:00 -
[29]
Nice work on the API changes, looking forward to using it! Some quick questions at this point:
1. What is going to happen with the account related APIs, namely the Characters.xml.aspx and AccountStatus.xml.aspx?
2. Am I correct in assuming that CharacterInfo under Public Info is the same as what is available with the current Limited API and under Private Info is what is available with the Full API?
3. Are these changes something you are aiming to release in conjunction with Incarna 1.0 in June, or more likely scheduled for some later patch? Just trying to gauge if I need to start panicking
EveHQ Character App |
Marcel Devereux
Aideron Robotics
|
Posted - 2011.05.26 18:43:00 -
[30]
Edited by: Marcel Devereux on 26/05/2011 18:43:38
Originally by: James Arget
Originally by: Two step Only CEOs can create corporation keys? Why not directors as well?
What happens to a corporation key if the CEO leaves corp? Is it still valid?
+1 to this. Directors need to be able to create keys as well.
One of my members also asked how the Corp keys are going to work in regards to granularity. Could we make keys that restrict access to only member applications, or only to POS information?
Whey limit it to directors and CEO's? If you have access to a corp wallet (or any corp data) in game you should be able to have key for allows you to access this information out of game. CEO's and directors have can use access controls in game to restrict access to this data. The API server should be honoring the access controls set in game.
|
|
Miss Teri
Bullet Diplomacy Art of War Alliance
|
Posted - 2011.05.26 18:47:00 -
[31]
More fine-tuned access: nice. But...
Why keep the key in two parts? (Before: userid+key, now: keyid+vcode)
In fact, why allow custom vcodes? That would only decrease security, as people will be bound to select bad (easy to remember, short) vcodes.
Why not make it a single, auto-generated string? Easy to copy and paste into programs (single copy/paste instead of two, like it is now).
|
darius mclever
|
Posted - 2011.05.26 19:08:00 -
[32]
awesomeness. =)
|
Aineko Macx
|
Posted - 2011.05.26 19:08:00 -
[33]
Cool, something I can approve of for a change. ________________________ CCP: Where fixing bugs is a luxury, not an obligation. |
|
CCP Stillman
|
Posted - 2011.05.26 19:29:00 -
[34]
Originally by: Marcel Devereux Edited by: Marcel Devereux on 26/05/2011 16:30:49 Can we please get a link for each key on the key management page that has the key info embedded as arguments in the URL (i.e. http://api.eve-online.com/key/?keyID=42&vCode=VERYSECRET)? I would like to register as a handler for that link and the user can chose to open the link with my application. This would allow for easy key entry into applications.
Is what you're asking for a button that will say "Copy API Key to clipboard", which people can click and then paste into the requesting application?
|
|
SencneS
Rebellion Against Big Irreversible Dinks
|
Posted - 2011.05.26 19:29:00 -
[35]
Originally by: Marcel Devereux Whey limit it to directors and CEO's? If you have access to a corp wallet (or any corp data) in game you should be able to have key for allows you to access this information out of game. CEO's and directors have can use access controls in game to restrict access to this data. The API server should be honoring the access controls set in game.
I agree with this, it is an oversight on CCP side. I can see issues with this like you give you low members Jr. Accountant so they can view the wallet etc, they generate a non-expiration key and post it on every EVE Related forum.
So some security needs to be in place at the Director/CEO level to allow ANY corporate key generated by ANY member of the corp to be deleted/expired.
This way if the above does happen, the CEO/Directors can go out, login, look at the corp keys generated for for the corp and expire/delete the one that was spammed across 50 different forums.
Amarr for Life |
Sable Blitzmann
Minmatar Massively Dynamic
|
Posted - 2011.05.26 19:31:00 -
[36]
Edited by: Sable Blitzmann on 26/05/2011 19:32:08
Originally by: CCP Stillman
Originally by: Marcel Devereux Edited by: Marcel Devereux on 26/05/2011 16:30:49 Can we please get a link for each key on the key management page that has the key info embedded as arguments in the URL (i.e. http://api.eve-online.com/key/?keyID=42&vCode=VERYSECRET)? I would like to register as a handler for that link and the user can chose to open the link with my application. This would allow for easy key entry into applications.
Is what you're asking for a button that will say "Copy API Key to clipboard", which people can click and then paste into the requesting application?
Can you please address the more pressing matters of corp API only accessible to CEOs? Directors need full access, and members need access to the APIs that they have roles for, just like it currently is.
The current way is nerfed to hell and back and will make managing APIs extremely difficult for those of us with CEO's away from game or otherwise not very interested in APIs.
Other than this major oversight, this seems to be a great improvement of the API system
|
|
CCP Stillman
|
Posted - 2011.05.26 19:32:00 -
[37]
Originally by: Everseeker Is it safe to assume that, If I create a request string for a user, asking for specific information, that the user will see an "english-readable" warning, telling them specificly what the Recruiter/whoever will be receiving if you comply (perhaps with a check-box based format, to allow partial compliance with the request....)
The way the dev blog mentions you can create a "predefined" key basically just fills out the things specified in the URL. The user will be able to see all the checkboxes before he submits it, and he will need to provide a bit of extra information.
We could add an extra warning if people are creating a pre-defined key, if people think this is a good idea
|
|
|
CCP Stillman
|
Posted - 2011.05.26 19:33:00 -
[38]
Originally by: SencneS It doesn't say it anywhere but if we create a non-expiring key can we delete the key? I haven't created one yet because I am uncertain I will be able to delete it.
You can edit and delete an API key at any time you like!
Originally by: SencneS
I also assume the old API keys will continue to work as expected?
Yes.
|
|
|
CCP Stillman
|
Posted - 2011.05.26 19:35:00 -
[39]
Originally by: Two step Only CEOs can create corporation keys? Why not directors as well?
We hear you, and all others who have commented on only CEOs being able to create corp keys. We'll investigate lowering that requirement to Director.
Originally by: Two step
What happens to a corporation key if the CEO leaves corp? Is it still valid?
No, that will invalidate it.
|
|
Sable Blitzmann
Minmatar Massively Dynamic
|
Posted - 2011.05.26 19:37:00 -
[40]
Originally by: CCP Stillman
Originally by: Two step Only CEOs can create corporation keys? Why not directors as well?
We hear you, and all others who have commented on only CEOs being able to create corp keys. We'll investigate lowering that requirement to Director.
Thank you. But how about members with roles, such as corp wallet and whatnot? Or does the new underlying system not allow for something like this?
|
|
|
CCP Stillman
|
Posted - 2011.05.26 19:41:00 -
[41]
Originally by: mkint
1) I like how customizable it is, but the added complexity means it's gonna be a pain in the ass for rookies to set it up for evemon/eft. A link like the 'all' 'none' links for 'basic' 'full' would be pretty awesome (especially if it automatically filled in the 'name' field as well.)
We still want to investigate implementing pre-defined templates from our end. We've provided application developers with a way of sending an user to the API page with a predefined key. But we want to provide at least some of the most "common" things people want to do, as templates you can pick on the create key page.
Originally by: mkint
2) it would be pretty awesome to have a button next to the verification code field labeled 'generate' to automatically create a new key similar to the classic API page.
3) I'm still fuzzy on how any programs will associate any particular API key with any particular account. I assume it still uses a user ID? That is no longer shown on the page. If it's not still associated to a user ID, then I'm fuzzy on what happens if there ends up being keys with duplicate names/verification codes (unless neither of those are supposed to be meaningful to the user, which I'd have to say right now would be extremely bad.)
also bonus points for not having the new API key being attached to spacebook. Holy jeebus, thank you for not having it be attached to spacebook. That gawdawful piece of crap website needs to be rebuilt from the ground up before I trust it to do anything important, and it still upsets me that it's linked to my account at all.
edit: after re-reading the original blog, the keyID concept is a little more clear. It's kinda weird that you could have a 2 digit keyID, but whatever. I assume you just need the keyID and the verification code, and I still maintain that it would probably be a smart idea to have an auto generate button for that 20 character password that the nag box keeps popping up for.
Also, for usability, the first time I logged in, I was taken directly to a create page without any of the explanations you see on the management page. For usability it would probably be a good idea to already have a 'basic' and 'full' key automatically generated when first signing in and being taken to the management screen instead of the creation screen.
The UserID had to go in order to allow for partial access to an account, i.e only giving access to a single character, as the userID could otherwise give away who you really are. So the userID is implicit in the keyID, but only the API can find out what the userID is.
And as said earlier, we'll investigate a "Auto generate" button for the verification code for a strong verification code
|
|
|
CCP Stillman
|
Posted - 2011.05.26 19:42:00 -
[42]
Originally by: James Arget
One of my members also asked how the Corp keys are going to work in regards to granularity. Could we make keys that restrict access to only member applications, or only to POS information?
That's the idea, yes. Creating a corporation key works exactly like creation a character key. You can select and de-select every single page you want, giving you granularity down to the specific API page you want to expose on a key.
|
|
|
CCP Stillman
|
Posted - 2011.05.26 19:47:00 -
[43]
Originally by: Vessper Nice work on the API changes, looking forward to using it! Some quick questions at this point:
1. What is going to happen with the account related APIs, namely the Characters.xml.aspx and AccountStatus.xml.aspx?
They'll be possible to select and de-select as all other calls on both bound and un-bound character keys. So we're not special casing those.
Originally by: Vessper
2. Am I correct in assuming that CharacterInfo under Public Info is the same as what is available with the current Limited API and under Private Info is what is available with the Full API?
Spot on sir!
Originally by: Vessper
3. Are these changes something you are aiming to release in conjunction with Incarna 1.0 in June, or more likely scheduled for some later patch? Just trying to gauge if I need to start panicking
No, we will definitely not be releasing this with Incarna 1.0. It will be later than that.
|
|
|
CCP Stillman
|
Posted - 2011.05.26 19:50:00 -
[44]
Originally by: Miss Teri More fine-tuned access: nice. But...
Why keep the key in two parts? (Before: userid+key, now: keyid+vcode)
In fact, why allow custom vcodes? That would only decrease security, as people will be bound to select bad (easy to remember, short) vcodes.
Why not make it a single, auto-generated string? Easy to copy and paste into programs (single copy/paste instead of two, like it is now).
In order to not be easy to bruteforce, we're keeping it to two variables needed to access any API key. As for custom vCodes, we'll implement an auto-generate button. But for those who wants a custom vcode, we will allow that.
It is possible to create an insecure vcode, yes. But we will respond to bruteforce attacks on the API servers. And it's just nice to have it be generated by the user, should they decide to.
If you create an "insecure" vCode, you also get a pop-up when you create it, informing you that you might want to consider a more secure vCode.
|
|
|
CCP Stillman
|
Posted - 2011.05.26 19:54:00 -
[45]
Originally by: Sable Blitzmann Edited by: Sable Blitzmann on 26/05/2011 19:32:08
Originally by: CCP Stillman
Originally by: Marcel Devereux Edited by: Marcel Devereux on 26/05/2011 16:30:49 Can we please get a link for each key on the key management page that has the key info embedded as arguments in the URL (i.e. http://api.eve-online.com/key/?keyID=42&vCode=VERYSECRET)? I would like to register as a handler for that link and the user can chose to open the link with my application. This would allow for easy key entry into applications.
Is what you're asking for a button that will say "Copy API Key to clipboard", which people can click and then paste into the requesting application?
Can you please address the more pressing matters of corp API only accessible to CEOs? Directors need full access, and members need access to the APIs that they have roles for, just like it currently is.
The current way is nerfed to hell and back and will make managing APIs extremely difficult for those of us with CEO's away from game or otherwise not very interested in APIs.
Other than this major oversight, this seems to be a great improvement of the API system
I was just going down the list of all posts and trying to respond to them.
I've already discussed with Elerhino for allowing directors to create keys, and he seemed onboard with that. I'll discuss going all the way down to people with roles, to allow to create keys with a limited subset of access with Elerhino tomorrow. Till then, I don't want to promise anything, as I can imagine it's a fairly complex thing.
|
|
TheLostPenguin
|
Posted - 2011.05.26 19:55:00 -
[46]
Looks very nice, so long as app developers make sure they can handle any and all oddball selections of calls being returned by a key, without throwing an error because you didn't include some group/call they assumed everyone would this should work great
One small thing I'm wondering right away is how many seperate keys can we have active/ready made at any given time? There's bound to be a limit but is it 10, 20, 50 or some huge number that nobody in their right mind will ever trouble?
|
Herschel Yamamoto
Agent-Orange Nabaal Syndicate
|
Posted - 2011.05.26 20:16:00 -
[47]
Originally by: Marcel Devereux Whey limit it to directors and CEO's? If you have access to a corp wallet (or any corp data) in game you should be able to have key for allows you to access this information out of game. CEO's and directors have can use access controls in game to restrict access to this data. The API server should be honoring the access controls set in game.
I know you said you'll look into it, but I'll second this post. This is what it really ought to do, and it'd be awesome if you could pull it off.
|
Mr LaForge
|
Posted - 2011.05.26 20:54:00 -
[48]
Will the current limited API key setup still be around for things like Evemon and EFT? |
TornSoul
BIG Gentlemen's Agreement
|
Posted - 2011.05.26 21:19:00 -
[49]
Christmas - Already? (well.. it's not deployed yet but.. )
1: +1 for director keys
2: Let the vCode *default* to a 64 char random mash of chars/numbers - If people then *really* want to change it, they can.
3: I think (hope!) the following is the case, but please confirm : - "oldschool" userid/apikey calls to the API will still be possible? (aka I won't have to update all my existing code with new paramnames)
BIG Lottery |
Squizz Caphinator
Woopatang Primary.
|
Posted - 2011.05.26 21:58:00 -
[50]
Originally by: CCP Stillman
Originally by: Marcel Devereux Edited by: Marcel Devereux on 26/05/2011 16:30:49 Can we please get a link for each key on the key management page that has the key info embedded as arguments in the URL (i.e. http://api.eve-online.com/key/?keyID=42&vCode=VERYSECRET)? I would like to register as a handler for that link and the user can chose to open the link with my application. This would allow for easy key entry into applications.
Is what you're asking for a button that will say "Copy API Key to clipboard", which people can click and then paste into the requesting application?
Yes please. After generating a key my first thought was "OK, how do I share this?" -- EveChatter |
|
ivar R'dhak
Minmatar
|
Posted - 2011.05.27 05:32:00 -
[51]
Am I the only one who confused API with UI and thus got indecently exited about the blog?
That¦ll teach me to read DevBlogs in the mornin. ______________ Mal-¦Appears we got here just in a nick of time. What does that make us?¦ Zoe-`Big damn heroes, sir.` Mal-¦Aint we just.¦ |
Avraham Avinu
Children of Noah
|
Posted - 2011.05.27 06:15:00 -
[52]
Edited by: Avraham Avinu on 27/05/2011 06:16:25
When I Update a vCode, I get an "Authentication failure" using the updated vCode, yet my old vCode still works. It only started to work a couple minutes later. I suspect a server-side cache issue. This will confuse people and lead to the dark side.
HTTPS does not work, yet you use it as an example in your dev blog. This will hinder your testers who are eager to help.
http://apitest.eveonline.com/eve/CharacterID.xml.aspx?names=Avraham%20Avinu works fine and so does http://apitest.eveonline.com/account/APIKeyInfo.xml.aspx?keyID=123&vCode=secretpassword but when I try to access the actual key http://apitest.eveonline.com/char/CharacterSheet.xml.aspx?keyID=123&vCode=secretpassword , I get an error: "Illegal page request! Please verify the access granted by the key you are using!"
Json is popular
|
Vaerah Vahrokha
Minmatar Vahrokh Consulting
|
Posted - 2011.05.27 07:13:00 -
[53]
Edited by: Vaerah Vahrokha on 27/05/2011 07:13:42 I found a bug that could be related with lack of re-entrance. Steps to reproduce on IE 9:
Access Mask starts at 0 (of course)
Check "CharacterInfo" (others do that as well) Uncheck it: it reverts to 0 (duh!).
Now check / uncheck it fast, even double click it several times.
Soon, the process will not revert the number to 0 but will start cycling and showing 3-4 different numbers, even negative ones. From now on, that attribute is borked till you happen to be lucky and guess click it so it gets a 0 again.
--------------------------------------------------------------------------
Could I make a statement about design as well?
I have seen using a bitmap of attributes since when I used VAX.
And since I used VAX, it was a short sighted solution that later on required to be switched into a proper Name => Value associative array later on, with monetary and time costs.
I am posting it here as reference. In 2015 when CCP will have to rework the attributes since it's happening since 30+ years, someone will find this post and link it.
Auditing | Research | 3rd Party | Collateral Holding | EvE RL Charity |
Tonto Auri
Vhero' Multipurpose Corp
|
Posted - 2011.05.27 07:54:00 -
[54]
Originally by: CCP Stillman In order to not be easy to bruteforce, we're keeping it to two variables needed to access any API key.
Go ahead, bruteforce sha1 hash... >.> I want to see someone trying that. However, there's more to this issue than bruteforce. Keeping key in two parts has it's pros, it's right for manual overview (relatively short, human-readable key ID) and there's a number of other cases, but. But question is - why keep it in two variables? We on EVEMon forums have persistent issues with people, who can't see the "userID" line in API key block, and trying to insert their account name into it. Please, for all that holy, make it single string. :/ auth=<keyId>:<vCode> will work just good. For all purposes - from visual inspection to copypaste, and it's not like it is imposible task of splitting request variable into two before continuing with script. As for custom vCodes, there's really no need for it. Make it sha1 or any other appropriate hash function of what-you-deem-good salt, and be done with it. -- Thanks CCP for cu |
Golden Gnu
Gallente The Golden Gnu Corp
|
Posted - 2011.05.27 09:10:00 -
[55]
I can not access: https://supporttest.eveonline.com (http as well) It redirects me to https://supporttest.eveonline.com/Pages/KB/
Also, awesome change... _________________ Download is the meaning of life, upload is the meaning of intelligent life EVE.NiKR.NET - home of jEveAssets |
Hel O'Ween
Men On A Mission EVE Trade Consortium
|
Posted - 2011.05.27 10:39:00 -
[56]
Originally by: CCP Stillman
I've already discussed with Elerhino for allowing directors to create keys, and he seemed onboard with that. I'll discuss going all the way down to people with roles, to allow to create keys with a limited subset of access with Elerhino tomorrow. Till then, I don't want to promise anything, as I can imagine it's a fairly complex thing.
+1 for at least allow directors to create API keys.
The optimal solution, of course, would be to mimic a character's corp roles. There are so many "grunt jobs" (POS fueler, logistic) whih could make good use of "their" corporation key.
Question 1): This might be obvious, but better have it spelled out in written than all of us assuming something which's not true: personal and corporation keys are completely separated in the new system?
Example: assuming I'm a CEO or director, my full API key granted me complete access to both personal and corp API data. With the new system I would need to create two keys (personal and corporation) to achieve the some thing? I assume that's the case, but I rather have that confirmed.
Question 2): Will there be a replacement for the AccountStatus API?
Suggestions:
1) Move the AssetLists on the "Create key" page away from "Personal information" either to "Account and market" or "Science and industrie". I think I know where you're comming from with those categories (assets are considered to be a personal/sensitive thing), but in reality the assets API is mostly used in relation with trading or production.
2) Change the dropdown "Type" to checkboxes [] Character [] Corporation, making it possible to easily create two keys (char + corp) for the same purpose. Perhaps even just create one key with appropriate flags. -- EVEWalletAware - an offline wallet manager |
Kidzukurenai Datael
Imperial Collective Celestial Shadows
|
Posted - 2011.05.27 10:47:00 -
[57]
CCP Stillman is now officially my new favourite Dev. Look at all those replies!! (...and no, that was not sarcasm.)
|
|
CCP Spitfire
C C P C C P Alliance
|
Posted - 2011.05.27 13:43:00 -
[58]
Originally by: Golden Gnu I can not access: https://supporttest.eveonline.com (http as well) It redirects me to https://supporttest.eveonline.com/Pages/KB/
Also, awesome change...
There should be a drop-down menu on the left ("My API Keys").
Spitfire Community Representative CCP Hf, EVE Online |
|
Marcel Devereux
Aideron Robotics
|
Posted - 2011.05.27 14:05:00 -
[59]
Originally by: CCP Stillman
Originally by: Marcel Devereux Edited by: Marcel Devereux on 26/05/2011 16:30:49 Can we please get a link for each key on the key management page that has the key info embedded as arguments in the URL (i.e. http://api.eve-online.com/key/?keyID=42&vCode=VERYSECRET)? I would like to register as a handler for that link and the user can chose to open the link with my application. This would allow for easy key entry into applications.
Is what you're asking for a button that will say "Copy API Key to clipboard", which people can click and then paste into the requesting application?
Only if it can work across all browsers and does not require flash to do it (i.e bit.ly's copy url to clipboard requires flash). What reservations do you have about providing the link?
|
Taureau
Innovia Innovia Alliance
|
Posted - 2011.05.27 18:13:00 -
[60]
Apologies if I'm incorrect about this, but if I try this URL with various parameters it fails: http://apitest.eveonline.com/API/APIKeyInfo.xml.aspx?keyID=1&vCode=VERYVERYSECRET
I have not yet been able to access the above page, but if you're going to completely hide other characters, for the sake of recruiting can you put an integer attribute on the APIKeyInfo.xml.aspx OR Characters.xml.aspx page which will show a 1, 2 or 3 depending how many characters they have on the account for that key? No names, just 1 2 or 3, that way you know if they are hiding characters.
|
|
Dierdra Vaal
Caldari Veto. Veto Corp
|
Posted - 2011.05.27 18:24:00 -
[61]
Instead of a 'Create vCode' button, may I recommend having an auto-generated vCode filled in by default? People can still manually edit it - but having a automagically generated, strong vCode already present by default will decrease the number of people using a weak 'human' vCode. It will also make it a little more convenient for people who don't wish to define their own vCode (which I think will be the majority).
Veto #205 * * * Director Emeritus at EVE University * * * CSM1 delegate, CSM3 chairman and CSM5 vice-chairman
|
|
CCP Stillman
|
Posted - 2011.05.27 21:48:00 -
[62]
Originally by: TornSoul Christmas - Already? (well.. it's not deployed yet but.. )
Close enough, in my opinion
Originally by: TornSoul
3: I think (hope!) the following is the case, but please confirm : - "oldschool" userid/apikey calls to the API will still be possible? (aka I won't have to update all my existing code with new paramnames)
For now, yes.
|
|
|
CCP Stillman
|
Posted - 2011.05.27 21:49:00 -
[63]
Originally by: Avraham Avinu Edited by: Avraham Avinu on 27/05/2011 06:29:25 Edited by: Avraham Avinu on 27/05/2011 06:16:25
When I Update a vCode, I get an "Authentication failure" using the updated vCode, yet my old vCode still works. It only started to work a couple minutes later. I suspect a server-side cache issue. This will confuse people and lead to the dark side.
This is indeed due to caching. There will always be a small delay, I'm afraid.
|
|
|
CCP Stillman
|
Posted - 2011.05.27 21:51:00 -
[64]
Originally by: Marcel Devereux
Originally by: CCP Stillman
Originally by: Marcel Devereux Edited by: Marcel Devereux on 26/05/2011 16:30:49 Can we please get a link for each key on the key management page that has the key info embedded as arguments in the URL (i.e. http://api.eve-online.com/key/?keyID=42&vCode=VERYSECRET)? I would like to register as a handler for that link and the user can chose to open the link with my application. This would allow for easy key entry into applications.
Is what you're asking for a button that will say "Copy API Key to clipboard", which people can click and then paste into the requesting application?
Only if it can work across all browsers and does not require flash to do it (i.e bit.ly's copy url to clipboard requires flash). What reservations do you have about providing the link?
I have no reservations. It was just a thought, based on what the goal of doing so was. We'll of course investigate all options for doing this
|
|
|
CCP Stillman
|
Posted - 2011.05.27 21:56:00 -
[65]
Originally by: Taureau Edited by: Taureau on 27/05/2011 18:36:19 Apologies if I'm incorrect about this, but if I try this URL with various parameters it fails: http://apitest.eveonline.com/API/APIKeyInfo.xml.aspx?keyID=1&vCode=VERYVERYSECRET
Sorry about that. That was a typo in the blog. The actual directory the call is in, is /account/. Fixed that
|
|
|
CCP Stillman
|
Posted - 2011.05.27 21:57:00 -
[66]
Originally by: Golden Gnu I can not access: https://supporttest.eveonline.com (http as well) It redirects me to https://supporttest.eveonline.com/Pages/KB/
Also, awesome change...
Fixed. The fix I made yesterday disappeared last night during the outage. It now links directly to the API key page
|
|
|
CCP Stillman
|
Posted - 2011.05.27 21:58:00 -
[67]
Originally by: Hel O'Ween
Question 1): This might be obvious, but better have it spelled out in written than all of us assuming something which's not true: personal and corporation keys are completely separated in the new system?
Example: assuming I'm a CEO or director, my full API key granted me complete access to both personal and corp API data. With the new system I would need to create two keys (personal and corporation) to achieve the some thing? I assume that's the case, but I rather have that confirmed.
Yes. That's unfortunately a trade off that had to be made.
Originally by: Hel O'Ween
Question 2): Will there be a replacement for the AccountStatus API?
The AccountStatus API is still there and works like it always has. So there won't be a replacement
|
|
Arkady Sadik
Minmatar Electus Matari
|
Posted - 2011.05.27 22:22:00 -
[68]
Awesome.
Oh, and for the people who don't want a user-define vCode: You're wrong.
A user-defined vCode alles client applications to actually use API keys for authentication by providing a challenge and requiring a user to have that challenge in the vCode they submit. <3
|
Golden Gnu
Gallente The Golden Gnu Corp
|
Posted - 2011.05.28 09:57:00 -
[69]
@CCP Spitfire Thx :)
Also, the [?] link for CharacterInfo links nowhere... _________________ Download is the meaning of life, upload is the meaning of intelligent life EVE.NiKR.NET - home of jEveAssets |
Marcel Devereux
Aideron Robotics
|
Posted - 2011.05.28 17:24:00 -
[70]
Originally by: CCP Stillman
Originally by: Marcel Devereux
Originally by: CCP Stillman
Originally by: Marcel Devereux Edited by: Marcel Devereux on 26/05/2011 16:30:49 Can we please get a link for each key on the key management page that has the key info embedded as arguments in the URL (i.e. http://api.eve-online.com/key/?keyID=42&vCode=VERYSECRET)? I would like to register as a handler for that link and the user can chose to open the link with my application. This would allow for easy key entry into applications.
Is what you're asking for a button that will say "Copy API Key to clipboard", which people can click and then paste into the requesting application?
Only if it can work across all browsers and does not require flash to do it (i.e bit.ly's copy url to clipboard requires flash). What reservations do you have about providing the link?
I have no reservations. It was just a thought, based on what the goal of doing so was. We'll of course investigate all options for doing this
Thanks for looking into it! Just remember to test on mobile browsers for what ever solution you come up with.
|
|
Irdalth Delrar
EVE University Ivy League
|
Posted - 2011.05.28 20:15:00 -
[71]
Originally by: CCP Stillman
Originally by: Hel O'Ween
Question 2): Will there be a replacement for the AccountStatus API?
The AccountStatus API is still there and works like it always has. So there won't be a replacement
As a follow up, what option from the new API will allow/restrict access to account-wide stuff like AccountStatus? As currently its on the Full API, I take it won't simply be accessible by default? Will checking Private Information -> CharacterInfo be the way? Or are there more options in the works that simply have not been released yet? --------------------------------------- Irdalth Delrar Diplomatic Director Eve University <IVY>
|
Hel O'Ween
Men On A Mission EVE Trade Consortium
|
Posted - 2011.05.28 21:02:00 -
[72]
Originally by: CCP Stillman
Originally by: Hel O'Ween
Question 2): Will there be a replacement for the AccountStatus API?
The AccountStatus API is still there and works like it always has. So there won't be a replacement
Ah, cool. I didn't saw it listed on the API key test page so I wondered if it will be perhaps merged with some other API (char info ...) -- EVEWalletAware - an offline wallet manager |
Marcel Devereux
Aideron Robotics
|
Posted - 2011.05.30 18:27:00 -
[73]
Another thing. Sometime after the release please evaluate the use of the expire feature. If the majority of the keys are set to not expire then this should be set as the default.
|
|
CCP Stillman
|
Posted - 2011.05.30 20:34:00 -
[74]
Originally by: Hel O'Ween
Originally by: CCP Stillman
Originally by: Hel O'Ween
Question 2): Will there be a replacement for the AccountStatus API?
The AccountStatus API is still there and works like it always has. So there won't be a replacement
Ah, cool. I didn't saw it listed on the API key test page so I wondered if it will be perhaps merged with some other API (char info ...)
You're right. It's not there. This will be fixed
|
|
Hel O'Ween
Men On A Mission EVE Trade Consortium
|
Posted - 2011.05.31 15:37:00 -
[75]
Originally by: CCP Stillman You're right. It's not there. This will be fixed
While you're at it, I didn't spot the Characters.xml.aspx either. |
Pi2
|
Posted - 2011.06.02 18:43:00 -
[76]
Edited by: Pi2 on 02/06/2011 18:42:53 Am I doing sth wrong or is currently creating Corp API Keys turned off? (got an CEO on the account I am trying with)
|
Hel O'Ween
Men On A Mission EVE Trade Consortium
|
Posted - 2011.06.03 11:49:00 -
[77]
Originally by: Pi2 Edited by: Pi2 on 02/06/2011 18:42:53 Am I doing sth wrong or is currently creating Corp API Keys turned off? (got an CEO on the account I am trying with)
Form the dropdown box "Character" you need to select the CEO char in order to be able to create corporation keys. Just tried it, works fine for me. -- EVEWalletAware - an offline wallet manager |
Consortium Agent
|
Posted - 2011.06.04 12:32:00 -
[78]
For those that want or need one, here's a 64 character random verification code generator:
http://www.reportbots.com/eve_vcode_generator/
Enjoy.
|
Efeu
Caldari Morituri Te Salutant
|
Posted - 2011.06.11 19:48:00 -
[79]
The links currently give a simple 404 Resource not found. |
Mella Elcus
|
Posted - 2011.06.13 17:14:00 -
[80]
Originally by: Efeu The links currently give a simple 404 Resource not found.
https://supporttest.eveonline.com/API is still dead and it looks like the api test server is reset to the old userid/apikey system. Not much testing possible atm :>
|
|
Taureau
Innovia Innovia Alliance
|
Posted - 2011.06.13 21:49:00 -
[81]
Originally by: Mella Elcus
Originally by: Efeu The links currently give a simple 404 Resource not found.
https://supporttest.eveonline.com/API is still dead and it looks like the api test server is reset to the old userid/apikey system. Not much testing possible atm :>
You make me cry CCP. :(
|
Joss56
Gallente Unleashed' Fury
|
Posted - 2011.06.15 15:34:00 -
[82]
Yoooouhooooooou !!
Mails added, notifications added, this is awesome.
Little effort add contracts please and I'll do babies with you all day&night ________________________________________________
"You do realise you live on a globe, right? And that there places outside the USA/UK?"
|
Hel O'Ween
Men On A Mission EVE Trade Consortium
|
Posted - 2011.06.15 16:16:00 -
[83]
Originally by: Joss56
Mails added, notifications added, this is awesome.
You are aware that mails/notifications have been available for a year now? -- EVEWalletAware - an offline wallet manager |
Assaj Ventress
|
Posted - 2011.06.16 13:45:00 -
[84]
Any idea on when supporttest.eveonline.com/api is going up again? -----------------
|
Taureau
Innovia Innovia Alliance
|
Posted - 2011.06.27 18:56:00 -
[85]
Is this going back up anytime soon? What's the status on this?
|
Johnathan Roark
Caldari The Graduates Morsus Mihi
|
Posted - 2011.07.15 22:23:00 -
[86]
Looks like the page is backup but the keys don't work :(
POS-Tracker 3.0 Hosting |
CaptainQuick
|
Posted - 2011.08.29 11:22:00 -
[87]
blah blah blah blah blah what happened to hey we wil get you walking about in station outside your captains chamber by the end of the summer....looks like that will be anouther 2yrs like walking in stations huh....go figure CCP putting something out there that wasnt even promised to begin with to cover up the fact we are stuck inside captain chambers for anouther 2-3yrs
|
Johnathan Roark
Caldari The Graduates Morsus Mihi
|
Posted - 2011.08.29 16:09:00 -
[88]
Originally by: CaptainQuick blah blah blah blah blah what happened to hey we wil get you walking about in station outside your captains chamber by the end of the summer....looks like that will be anouther 2yrs like walking in stations huh....go figure CCP putting something out there that wasnt even promised to begin with to cover up the fact we are stuck inside captain chambers for anouther 2-3yrs
Your mistaken, this is something that was asked and promised long before WIS was even an idea back when the API first came out.
EVEVERIFY Recruitment API Verifier |
Xander Hunt
Minmatar Dead Rats Tell No Tales
|
Posted - 2011.09.01 02:13:00 -
[89]
Originally by: Johnathan Roark
Originally by: CaptainQuick blah blah blah blah blah what happened to hey we wil get you walking about in station outside your captains chamber by the end of the summer....looks like that will be anouther 2yrs like walking in stations huh....go figure CCP putting something out there that wasnt even promised to begin with to cover up the fact we are stuck inside captain chambers for anouther 2-3yrs
Your mistaken, this is something that was asked and promised long before WIS was even an idea back when the API first came out.
So they've made additions, broke stuff, made things pretty much annoying, and NOW go back to their roots and follow up with things?
Damned if you, damned if you don't.
|
Miss Teri
Art of War Alliance
|
Posted - 2011.09.01 12:50:00 -
[90]
Originally by: CCP Stillman
Originally by: Miss Teri More fine-tuned access: nice. But...
Why keep the key in two parts? (Before: userid+key, now: keyid+vcode)
In fact, why allow custom vcodes? That would only decrease security, as people will be bound to select bad (easy to remember, short) vcodes.
Why not make it a single, auto-generated string? Easy to copy and paste into programs (single copy/paste instead of two, like it is now).
In order to not be easy to bruteforce, we're keeping it to two variables needed to access any API key. As for custom vCodes, we'll implement an auto-generate button. But for those who wants a custom vcode, we will allow that.
It is possible to create an insecure vcode, yes. But we will respond to bruteforce attacks on the API servers. And it's just nice to have it be generated by the user, should they decide to.
Way too late to change much now I guess, but some comments.
I think many of those that use custom vCodes is likely to use the same vCode for several keys. This will make it much easier to guess their keys. Just get one low-access key, and use that vCode and guess the keyid of keys with different access. This is made especially easy sine the keyid currently is just an incrementing number.
So please change the way keyids are assigned so they are random. This will increase the number of keyids that have to be tried to guess a key from thousands to billions, making it impractical to brute force.
Second, how to fix the 1 vs 2 keys usability problem. Quite easy, really. Just make it possible to get both keys in one string. If it was displayed as "64653:p97f8uguyfgpufgYfpiulGYfy" it could be copied in one go. 3rd party apps would then be able to implement support for this (but CCP must be first).
|
|
CorvairKid
|
Posted - 2011.09.01 15:20:00 -
[91]
hey its after 15:00UTC WTH CCP I'm board and at work............ ENTERTAIN ME!!!!!!!!!
|
Artamis Kane
Caldari
|
Posted - 2011.09.01 15:29:00 -
[92]
Doesn't this new and more deep-access API thingie make infiltrating enemy corporations nearly impossible? It seems like powerful alliances can force members/applicants to give them access to see your mail, contacts, standings and any other bit of info that a spy wouldn't want his victims to see. I know to some that sounds like a good thing, but it really changes a whole lot of the game in ways that do not seem to have been addressed or considered. ----- Don't move ... or I'll fill you full of ... little yellow bolts of light!- JC
|
Mella Elcus
|
Posted - 2011.09.01 15:31:00 -
[93]
Edited by: Mella Elcus on 01/09/2011 15:32:21
Originally by: Johnathan Roark Looks like the page is backup but the keys don't work :(
supporttest.eveonline.com/api only creates keys for Singularity? Hence why they won't work on the normal server? Where's the page to create keys for Tranquility?
Edit: It's support.eveonline.com/api of course, it was down a minute ago but now it seems to be up.
|
Mella Elcus
|
Posted - 2011.09.01 15:35:00 -
[94]
Originally by: Artamis Kane Doesn't this new and more deep-access API thingie make infiltrating enemy corporations nearly impossible? It seems like powerful alliances can force members/applicants to give them access to see your mail, contacts, standings and any other bit of info that a spy wouldn't want his victims to see. I know to some that sounds like a good thing, but it really changes a whole lot of the game in ways that do not seem to have been addressed or considered.
No. You can't access any more or any less information than before, the only difference is that now you can customize exactly what information someone can get using your api keys.
|
Wormvirus
|
Posted - 2011.09.01 15:46:00 -
[95]
Quote: EVE Online: Incarna 1.1 has been deployed. This release features a number of fixes and improvements, including changes to the session change timer while docking, updates to the Macintosh client and customizable API keys. Full details can be see in the patch notes.
why it's still the old API Key System then? our 3rd Party Project is rdy for the new system and now ccp not? please tell the correct time for the release of the new api key system, the 3rd party projects needs that important information.
thanks
|
Induc
Amarr
|
Posted - 2011.09.01 16:00:00 -
[96]
Originally by: Wormvirus why it's still the old API Key System then? our 3rd Party Project is rdy for the new system and now ccp not? please tell the correct time for the release of the new api key system, the 3rd party projects needs that important information.
thanks
It IS. Both systems can be used at the same time now. They're keeping the old system for a couple of weeks at least. Just go to http://support.eveonline.com/api as said above to create your new keys.
|
Gizznitt Malikite
Agony Unleashed
|
Posted - 2011.09.01 16:35:00 -
[97]
Edited by: Gizznitt Malikite on 01/09/2011 16:39:39 *edit* I can't find the appropriate forum to post this info in..... *edit*
Be careful when switching ships in station with this new Patch. I've found that modules have a tendency to go offline regularly.
Things that increase the chances of modules going offline: 1.) You are using the majority of a ships base powergrid. 2.) You wait less than 30 seconds to switch from ship A to ship B.
|
Callidus Dux
Caldari
|
Posted - 2011.09.01 19:24:00 -
[98]
Edited by: Callidus Dux on 01/09/2011 19:34:26 Not enough that you did NOT implement the old hangar view as promised; MONTH AGO!! NO! You already deleted the "right click -> open cargohold" within the fitting screen when you are docked. In space it works. But not docked. What is your intension with that? Why another fail? Nothing to change with right click menue within fitting screen. But you have managed it to ruin even such a trivia thing.
API thing maybe a good idea. But I have no interest in such things. I would now say.. good done with your API-whatever. :-) But more important to me would be an useable environmet when I am docked. And NO!!! "Walking In Station" is not useable for me.
[á] Load Station Environment - Disabled
Sorry that I spam your nice Dev Blog: "Customizable API keys goes live for testing" But you have missed to implement an "I have found an (other) issue" threat. I am disappointed.. again.
|
Yuki Tokushima
|
Posted - 2011.09.02 00:00:00 -
[99]
CCP you fail yet again. I understand you like griefers thives and jackasses like goon to have an easy time in eve but but giving them the ability to easily hide thier evil doing from thieir corps is unforgivable.
No one needed this no one asked for it no one wanted it. Is that the way you work now? If the players dont want it or need then you will ram it down our mouths?
Im glad i dont work for ccp I couldent hold my head high in public if i did.
Good thing i have a live fire qualification range today i relay need to shoot something right now
|
Palananoonwin
|
Posted - 2011.09.02 08:41:00 -
[100]
CCP Why did you remove the $_SERVER VARS?
$_SERVER['HTTP_EVE_SHIPTYPEID'] $_SERVER['HTTP_EVE_SHIPTYPENAME'] $_SERVER['HTTP_EVE_SHIPID'] $_SERVER['HTTP_EVE_SHIPNAME']
That was something we were waiting for, and now you just patched it out again without saying a word.
|
|
Kaomond
|
Posted - 2011.09.02 10:02:00 -
[101]
Originally by: Induc
Originally by: Wormvirus why it's still the old API Key System then? our 3rd Party Project is rdy for the new system and now ccp not? please tell the correct time for the release of the new api key system, the 3rd party projects needs that important information.
thanks
It IS. Both systems can be used at the same time now. They're keeping the old system for a couple of weeks at least. Just go to http://support.eveonline.com/api as said above to create your new keys.
They should keep the old limted/full keys permanently, that way older apps that aren't updated yet still work well don't need to be updated. The customizable keys should be additional keys not replacement keys.
|
Lawina Humpslegs
|
Posted - 2011.09.02 14:29:00 -
[102]
I agree with all the negative posts regarding the new API system.
I'm waiting for CCP to reply to these and praying they will just dump the new system or keep the old one.
|
Johnathan Roark
Caldari The Graduates Morsus Mihi
|
Posted - 2011.09.03 00:18:00 -
[103]
Originally by: Xander Hunt
Originally by: Johnathan Roark
Originally by: CaptainQuick blah blah blah blah blah what happened to hey we wil get you walking about in station outside your captains chamber by the end of the summer....looks like that will be anouther 2yrs like walking in stations huh....go figure CCP putting something out there that wasnt even promised to begin with to cover up the fact we are stuck inside captain chambers for anouther 2-3yrs
Your mistaken, this is something that was asked and promised long before WIS was even an idea back when the API first came out.
So they've made additions, broke stuff, made things pretty much annoying, and NOW go back to their roots and follow up with things?
Damned if you, damned if you don't.
Well, the devs (I think there are only 2) that work on the api don't do much else and this has been something that's probably been in the works for a very long time.
Originally by: Miss Teri
Originally by: CCP Stillman
Originally by: Miss Teri More fine-tuned access: nice. But...
Why keep the key in two parts? (Before: userid+key, now: keyid+vcode)
In fact, why allow custom vcodes? That would only decrease security, as people will be bound to select bad (easy to remember, short) vcodes.
Why not make it a single, auto-generated string? Easy to copy and paste into programs (single copy/paste instead of two, like it is now).
In order to not be easy to bruteforce, we're keeping it to two variables needed to access any API key. As for custom vCodes, we'll implement an auto-generate button. But for those who wants a custom vcode, we will allow that.
It is possible to create an insecure vcode, yes. But we will respond to bruteforce attacks on the API servers. And it's just nice to have it be generated by the user, should they decide to.
Way too late to change much now I guess, but some comments.
I think many of those that use custom vCodes is likely to use the same vCode for several keys. This will make it much easier to guess their keys. Just get one low-access key, and use that vCode and guess the keyid of keys with different access. This is made especially easy sine the keyid currently is just an incrementing number.
So please change the way keyids are assigned so they are random. This will increase the number of keyids that have to be tried to guess a key from thousands to billions, making it impractical to brute force.
Second, how to fix the 1 vs 2 keys usability problem. Quite easy, really. Just make it possible to get both keys in one string. If it was displayed as "64653:p97f8uguyfgpufgYfpiulGYfy" it could be copied in one go. 3rd party apps would then be able to implement support for this (but CCP must be first).
I don't think your likely to see the same person with lots of consecutive IDs.
Originally by: Mella Elcus
Originally by: Artamis Kane Doesn't this new and more deep-access API thingie make infiltrating enemy corporations nearly impossible? It seems like powerful alliances can force members/applicants to give them access to see your mail, contacts, standings and any other bit of info that a spy wouldn't want his victims to see. I know to some that sounds like a good thing, but it really changes a whole lot of the game in ways that do not seem to have been addressed or considered.
No. You can't access any more or any less information than before, the only difference is that now you can customize exactly what information someone can get using your api keys.
Well, they did add contracts and employment history with this release, but contracts would probably have been out soon and employment history I asked for it about 10 times in the CAK thread. Its something that's already in evegate publicly so no point in not having it in the api as well.
EVEVERIFY Recruitment API Verifier |
Johnathan Roark
Caldari The Graduates Morsus Mihi
|
Posted - 2011.09.03 00:35:00 -
[104]
Originally by: Callidus Dux Edited by: Callidus Dux on 02/09/2011 05:09:52 Not enough that you did NOT implement the old hangar view as promised; MONTH AGO!! NO! You already deleted the "right click -> open cargohold" within the fitting screen when you are docked. In space it works. But not docked. What is your intension with that? Why another fail? Nothing to change with right click menue within fitting screen. But you have managed it to ruin even such a trivia functionality.
API thing maybe a good idea. But I have no interest in such things. I would now say.. good done with your API-whatever. :-) But more important to me would be an useable environmet when I am docked. And NO!!! "Sneaking In Station" is not useable for me.
[ ] Load Station Environment - Disabled
Sorry that I spam your nice Dev Blog: "Customizable API keys goes live for testing" But you have missed to implement an "I have found an (other) issue" threat. I am disappointed.. again.
First off, its a separate group that does the api, your talking database and web guys vs UI guys. Also, this is something that was discussed years ago when the api system first came out. You personally may not use the api, but I bet your corporation uses the API. To me, it doesn't look like this patch really effected much ingame, maybe you'll get your wish with the next patch.
Originally by: Yuki Tokushima CCP you fail yet again. I understand you like griefers thives and jackasses like goon to have an easy time in eve but but giving them the ability to easily hide thier evil doing from thieir corps is unforgivable.
No one needed this no one asked for it no one wanted it. Is that the way you work now? If the players dont want it or need then you will ram it down our mouths?
Im glad i dont work for ccp I couldent hold my head high in public if i did.
Good thing i have a live fire qualification range today i relay need to shoot something right now
People did ask for this and people did want this. This change actually does nothing to help greifers, thieves, or jackasses. It helps protect your data from rogue applications yet still providing all the same options. If you notice my sig, I run a site to help recruiters screen recruits, this new system has its design challenges, but overall its a good thing for eve and a good thing the api system.
Originally by: Lawina Humpslegs I agree with all the negative posts regarding the new API system.
I'm waiting for CCP to reply to these and praying they will just dump the new system or keep the old one.
Old system was very limited and offered no control. It was all or nothing and if you wanted to stop someone from using a key, you had to reset and then add it into every app you use again. Plus, it will let us separate what data we give to what application. That killboard wont get your trading info, etc. With the old system, they where also running into challenges of if an api call should be limited or full, now it does not matter.
Overall, I say great job CCP for getting this change out (finally). Still some work to do and I hope you continue to work as closely with the 3rd party dev community as you did with this major overhaul. Personally, I'm hoping for better performance, shorter cache timers, and some bug fixes. Maybe break up some calls and adding a few new ones, though I can't really think of many left to be added. I would also like to suggest maybe cleaning up some of the xml to make it more consistent.
EVEVERIFY Recruitment API Verifier |
Callidus Dux
Caldari
|
Posted - 2011.09.03 05:51:00 -
[105]
Originally by: Johnathan Roark
Originally by: Callidus Dux Edited by: Callidus Dux on 02/09/2011 05:09:52 Not enough that you did NOT implement the old hangar view as promised; MONTH AGO!! NO! You already deleted the "right click -> open cargohold" within the fitting screen when you are docked. In space it works. But not docked. What is your intension with that? Why another fail? Nothing to change with right click menue within fitting screen. But you have managed it to ruin even such a trivia functionality.
API thing maybe a good idea. But I have no interest in such things. I would now say.. good done with your API-whatever. :-) But more important to me would be an useable environmet when I am docked. And NO!!! "Sneaking In Station" is not useable for me.
[ ] Load Station Environment - Disabled
Sorry that I spam your nice Dev Blog: "Customizable API keys goes live for testing" But you have missed to implement an "I have found an (other) issue" threat. I am disappointed.. again.
First off, its a separate group that does the api, your talking database and web guys vs UI guys. Also, this is something that was discussed years ago when the api system first came out. You personally may not use the api, but I bet your corporation uses the API. To me, it doesn't look like this patch really effected much ingame, maybe you'll get your wish with the next patch.
Please do not misunderstand me. I have nothing against this API change. But I am angry that CCP takes away another feature and doesnt implement the promised feature "useable hangar". This Api thing is not priority number one of my wish list. Thats all. And the fact, that CCP even forgets to make a SEPERATE threat for "issues I have found with the new patch", matches to the method of operation from CCP. I know, that I grump against the wrong developer / division from CCP. But I have no alternative to let CCP know, that I have found another issue. Besides. I have made an bug report because of the erasure of my right click in fitting screen, when I am docked. You would like to hear the answer of CCP's competent BUG hunting team?
The issue you have described is not a bug, but a feature request. Unfortunately we are not able to process feature requests and the proper way to have this reviewed by the developers is to post it on the Features and Ideas forum.Your bugreport has been filtered.
A feature request? A dumb lie. Nothing more. What correction or advancement will bring a erased right click in fitting screen, when you are docked but when you are in Space it is functional like before? Fire that guy who says, that THIS BUG BUG BUG!!! is a feature. Damn.. where do you recruit your bug hunting team?
|
Tek Enetheru
Xenobytes Stain Empire
|
Posted - 2011.09.07 12:16:00 -
[106]
Wiki (http://wiki.eveonline.com/en/wiki/EVE_API_Account_Status) says that AccountStatus call should return userID, but currently this data is not available in response:
Quote: <?xml version='1.0' encoding='UTF-8'?> <eveapi version="2"> <currentTime>2011-09-07 12:01:53</currentTime> <result> <paidUntil>XXXXXXXXXXXXXXXXX</paidUntil> <createDate>XXXXXXXXXXXXXXXXX</createDate> <logonCount>XXXXXXXXXXXXXXXXX</logonCount> <logonMinutes>XXXXXXXXXXXXXXXXX</logonMinutes> </result> <cachedUntil>2011-09-07 12:55:16</cachedUntil> </eveapi>
Is this is a bug?
|
|
|
|
Pages: 1 2 3 4 :: [one page] |