Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Charax Bouclier
Emerald Drama Theatrics
3
|
Posted - 2014.08.15 22:54:00 -
[1] - Quote
I see that many corps, as part of their recruitment process, require full API checks. What is that exactly and what are they looking for? Apparently, this is something that I somehow grant access to. Is this a reasonable request? Can I cut off access after a certain amount of time?
I assume this is standard procedure, but I thought I'd ask first. |
Cara Forelli
Green Skull LLC
523
|
Posted - 2014.08.16 00:34:00 -
[2] - Quote
Yes they are standard procedure. Go to EVE account management and navigate through the menus to API management (or google EVE API for a more direct link).
APIs generate a ID and verification code that you can share with whomever you please. These allow them to access information about your account (they can view but not modify). Things like assets, transactions, mails, skillpoints, etc. You can modify which of these things are included in the key, but most corps will require a full API with all of them.
You can delete the key at any time, terminating all access to it. Most corps will want your key active as long as you are in the corporation. You can also use APIs for third party programs like EVE Mon and EFT to automatically pull information about your character, which is very useful. However, it is recommended that you create a separate key for each use, in case you need to delete one.
It sounds like a lot of information to give out, but you'll find most "secure" corps will require it as a way of protecting their members, and it doesn't really hurt for them to have it unless you have something to hide, though always be aware of scams - API doesn't allow them to take your assets, but it will tell them what you have. For most newer players, it's not anything worth stealing though, so you have nothing to lose. www.ensignyooch.wordpress.com
New player with questions? Just want to chat? Join my public channel in game:-áHouse Forelli |
S'Way
Bitter Vets
838
|
Posted - 2014.08.16 00:51:00 -
[3] - Quote
Charax Bouclier wrote: I assume this is standard procedure, but I thought I'd ask first.
It's standard procedure in a lot of corps now sadly yes. Giving a full account wide API to someone doesn't let them take any of your things but it does give them the ability to:- See all assets your character has See who your contacts are Read all your eve-mails - (this is a big reason a lot of players will refuse to give a full API) See all your market orders / contracts / who's given isk given to and from that character. See your industrial jobs
The idea is once they know everything about you the corp is somehow safer from spies and potentially bad members harming it.
You can cut off that access at any time by simply deleting that API key, but usually doing so will mean the corp removes you from their membership. Whether you want to give someone that much information is up to you and how much you want to join them.
As for is it reasonable, that will depend on who you ask. For example traders / industrialists giving anyone access to information on what you're buying / selling or building isn't really a smart idea (and is why so many of those players are in NPC corps or just start their own 1 player corps with their alts if the corp they want to join won't accept a custom API instead).
|
Derrick Miles
EVENumbers
1785
|
Posted - 2014.08.16 00:56:00 -
[4] - Quote
As Cara Forelli said, you can make your own key on the API management section and create one with access to all features or to only particular ones. If you're technically minded and curious as to what information you're giving out exactly, you can check out the New Eden Development wiki to see what calls can be used with each access mask. |
Plex SellingTool
Unholy Few
3
|
Posted - 2014.08.16 01:36:00 -
[5] - Quote
A full API is not something you should take lightly, It gives them all your information which is power over you. Meaning if your not going to access there POS (if they have one) Then a full API key should be denied and followed by a giant middle finger. Most corporations which require full API keys first tend to see what you have, what you can afford, and what you can fly. This almost never is a good thing due to, Corporations who fleet up, you die and they look at your assets and see "oh he can pay for that" and don't reimburse you with that ship you lost due to there fleet. So if you need to provide a full API key, give them a limited and tell them I don't need access to your crap or wait until your in the corporations, moved out to there space and then set up to give them something that valuable. |
Forest Archer
Pandora Sphere Disavowed.
143
|
Posted - 2014.08.16 01:48:00 -
[6] - Quote
The reason for it is to prevent thieves, spies, and to connect who you associate with, skills assets. While some corps don't need it the information will help make a decision and depending on what the corp does this will make it easier to guide and mentor player unfamiliar to aspects of the game. And as said befor you can delete or revoke acess at any time.
If you have questions about common recruitment practices you are welcome to ask several of us who frequent the npq&a have been or are recruiter and are happy to educate new players. Always willing to help all you have to do is ask, though if your in the other fleet I may not help the way you want. Just a heads up. Pub Channel: Lost Souls Trading Post |
Schmata Bastanold
Black Rebel Rifter Club The Devil's Tattoo
2627
|
Posted - 2014.08.16 06:12:00 -
[7] - Quote
Plex SellingTool wrote:A full API is not something you should take lightly, It gives them all your information which is power over you. Meaning if your not going to access there POS (if they have one) Then a full API key should be denied and followed by a giant middle finger. Most corporations which require full API keys first tend to see what you have, what you can afford, and what you can fly. This almost never is a good thing due to, Corporations who fleet up, you die and they look at your assets and see "oh he can pay for that" and don't reimburse you with that ship you lost due to there fleet. So if you need to provide a full API key, give them a limited and tell them I don't need access to your crap or wait until your in the corporations, moved out to there space and then set up to give them something that valuable.
Bullsh!t.
If corp has SRP for everybody it's for everybody and if they deny you participation because "you can afford it" frakk them, steal everything you can, AWOX and publish all passwords to POSes and names of their alts/spies. Such corp doesn't deserve anything better than this.
Either you met really crappy corps or you are talking out of your tinfoil azz. Invalid signature format |
Inxentas Ultramar
Ultramar Independent Contracting
1442
|
Posted - 2014.08.17 14:30:00 -
[8] - Quote
For every logical reason to hand out API details, there is an equally paranoid reason not to.
For every logical reason to not hand out your API details, there is an equally security-related one to do so.
Both corps and players often handle API keys in a completely ******** way. That's what you get when each and every gamer can start a corp. Not all of them do risk assessments on a professional level.
In my corp a newbie pilot won't be exposed to multiple signups for forums and API keys. Nor will said newbie recieve any roles or titles apart from standard access to our T1 junkpile. But the dudes handling corporate affairs are most definately under a certain amount of scrutiny, which is accepted because why the hell would a corporation not safeguard it's more serious investments? It's logical a diplomat or POS manager is subject to peer review.
Then there is the variation of corps and alliances, what they do and whom they wish to recruit. Some corps play a higher stakes game then others. In my experience, you can simply tell why certain API data is requested and you either agree with that policy or not. It would entirely depend of what my role in a corp would be, whether or not I'd agree with handing out full API or not. |
Oraac Ensor
School of Applied Knowledge Caldari State
545
|
Posted - 2014.08.17 15:52:00 -
[9] - Quote
And, of course, everyone who demands your API will offer you access to theirs in return.
Er . . . they will, won't they? |
J'Poll
CDG Playgrounds
4372
|
Posted - 2014.08.17 17:19:00 -
[10] - Quote
API checks are the most useless form of security checks for possible recruits.
Too bad 99.995% of EVE still hasnt seen that. It only shows what that account has in the 'logs'. So with a seperate account and some clever work you can be a spy and no API will flush you out.
I thus refrain from giving my full API unless they have a damn good reason and I get something in return. Personal channel: Crazy Dutch Guy
Ever wanted to PvP but can't find people to fly with. Look no further and this chat: Redemption Road |
|
Forest Archer
Pandora Sphere Disavowed.
143
|
Posted - 2014.08.17 17:23:00 -
[11] - Quote
J'Poll wrote:API checks are the most useless form of security checks for possible recruits.
Too bad 99.995% of EVE still hasnt seen that. It only shows what that account has in the 'logs'. So with a seperate account and some clever work you can be a spy and no API will flush you out.
I thus refrain from giving my full API unless they have a damn good reason and I get something in return. J'poll that is true from a security stand point unless someone was stupid and transferred money and what not but for viewing skills it's still valid to use. Always willing to help all you have to do is ask, though if your in the other fleet I may not help the way you want. Just a heads up. Pub Channel: Lost Souls Trading Post |
J'Poll
CDG Playgrounds
4373
|
Posted - 2014.08.17 19:30:00 -
[12] - Quote
Forest Archer wrote:J'Poll wrote:API checks are the most useless form of security checks for possible recruits.
Too bad 99.995% of EVE still hasnt seen that. It only shows what that account has in the 'logs'. So with a seperate account and some clever work you can be a spy and no API will flush you out.
I thus refrain from giving my full API unless they have a damn good reason and I get something in return. J'poll that is true from a security stand point unless someone was stupid and transferred money and what not but for viewing skills it's still valid to use.
For those things there is a simple thing called EVEBoard.
For fleet doctrines pÇïpÇï fleet-up tool.
Personal channel: Crazy Dutch Guy
Ever wanted to PvP but can't find people to fly with. Look no further and this chat: Redemption Road |
Sabriz Adoudel
Mission BLITZ
3412
|
Posted - 2014.08.17 23:57:00 -
[13] - Quote
Speaking as someone that does occasionally infiltrate corporations to steal from them (on my alts), if a corporation does not ask for an API check, I would encourage you not to join them.
The reason being that API checks are about protecting members - present and future - from people that join the corp with the intention of stealing everything they can.
The process of an API check is not foolproof. I know how to create a new character that will pass one. But it takes a lot of effort to infiltrate a corporation which takes operational security seriously.
I would generally rather hit three soft targets rather than spend the time required to prepare a hit on one harder target. https://forums.eveonline.com/default.aspx?g=posts&t=346564 - a proposal to overhaul the Logistics skill https://forums.eveonline.com/default.aspx?g=posts&t=238931 - an idea for a new form of hybrid PVE/PVP content. www.minerbumping.com - ganking miners and causing chaos |
Bloemkoolsaus
Viperfleet Inc. Disavowed.
174
|
Posted - 2014.08.19 08:31:00 -
[14] - Quote
J'Poll wrote:API checks are the most useless form of security checks for possible recruits.
I would have to disagree. I have been able to prevent theft on more then one occasion by clever use of peoples API keys. Some one hesitating, or not willing to share their API key waves a big red flag in my book. Maybe i'm different because I have a wormhole corp, but API checks are far from useless. |
J'Poll
CDG Playgrounds
4378
|
Posted - 2014.08.19 10:12:00 -
[15] - Quote
Bloemkoolsaus wrote:J'Poll wrote:API checks are the most useless form of security checks for possible recruits. I would have to disagree. I have been able to prevent theft on more then one occasion by clever use of peoples API keys. Some one hesitating, or not willing to share their API key waves a big red flag in my book. Maybe i'm different because I have a wormhole corp, but API checks are far from useless.
Only difference is that he does work clever enough with 2 accounts there will be no trace of it.
You only catch the 'stupid'/lazy ones.
Personal channel: Crazy Dutch Guy
Ever wanted to PvP but can't find people to fly with. Look no further and this chat: Redemption Road |
Robert Sawyer
Red Federation RvB - RED Federation
29
|
Posted - 2014.08.19 10:14:00 -
[16] - Quote
Don't worry, OP. I'll handle this for you. Each player has something called an API Key. API Keys are a series of numbers and letters randomly generated for your character / account. Your API shows what you've been up to: your current financial state, transactions, assets, mails, location etc. It is considered normal for a corporation to check your API to make sure you're not an AWOXer. What is an AWOXer anyways? An AWOXer is generally somebody that infiltrates a corp, becomes good friends with all the members and earns a huge amount of trust, then opens up a cyno field (a portal for other ships) for his friends to kill all the corp members. AWOXing is named after a player that first practiced this act (Awox). So, your CEO, in order to prevent somebody coming in the corp, opening a Black Ops cyno and have Stealth Bombers bombing the sh*t out of everybody, will look up your API Key to see if you've been having any suspicious mails, training suspicious skills or in general to see if you've been up to no good. "And when, at last, the moment is yours, that agony will become your greatest triumph." |
Sabriz Adoudel
Mission BLITZ
3432
|
Posted - 2014.08.20 00:02:00 -
[17] - Quote
J'Poll wrote: You only catch the 'stupid'/lazy ones.
That's enough to catch the overwhelming majority of them.
Other opsec strategies (such as a mandatory month in a holding corp) will catch anyone short of a brilliant liar with a specific, serious grudge against your corp. https://forums.eveonline.com/default.aspx?g=posts&t=366607 - Gank incursion runners, win prizes! August 26-Sept 30. https://forums.eveonline.com/default.aspx?g=posts&t=238931 - an idea for a new form of hybrid PVE/PVP content. www.minerbumping.com - ganking miners and causing chaos |
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |