Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Bellasarius Baxter
Caldari Zilog Enterprises
|
Posted - 2009.05.20 15:35:00 -
[1]
I've been reading all sorts of warnings about not giving your Full access API key to anybody, and not to enter it into any program that asks for it, and now I am wondering if that is really true.
So a simple question: Is it safe to enter a Full Access API key into programmes like EVE-WEEP or not ?
|
Hel O'Ween
Academy of Truth
|
Posted - 2009.05.20 17:03:00 -
[2]
That much depends on what you consider to be "safe".
While the Limited API key really is limited to Chars, Skills and Wallet balance, the Full API key is as mighty as the characters' rights on this account.
Consider a CEO or director character. With his full API key you can find out things like
- all corp members (and location, although delayed) - all corp assets (and location) - all your POS locations - all money flow, be it market transactions (Wallet transactions) or other cash low (Wallet journal), for example your monthly rent for your piece of 0.0 to your mighty overlord.
The problem is: certain interesting bits of information (like personal wallet transactions/journals) can't be separated from more "serious" information (see above), due to the way CCP designed the API (keys).
In a perfect world, you'd be able to create an API key and give it certain rights (much like you give away corporation roles), like
[x] Can read wallet transactions (personal) [x] Can read wallet journal (personal) [x] Can read assets (personal) [ ] Can read wallet transactions (corporation) [ ] Can read wallet journal (corporation) [ ] Can read assets (corporation) [x] Can read member information (corporation) etc.
This way a director could use tools like my EWA for his personal use, without the fear that I would steal his API key and retrieve all of his corporation (and alliance) information and sell it to <Evil EVE Entity> or something like that. -- EVEWalletAware - an offline wallet manager |
Bellasarius Baxter
Caldari Zilog Enterprises
|
Posted - 2009.05.20 17:07:00 -
[3]
Thanks for the reply.
So there is no risk in using it in programs, aside from the posibility of the information being given to someone else. It is not "Like posting your username & password in the Please-take-all-my-stuff forum ??
anybody having this key will only be able to read information, not use it for accessing account/payment/whatever information, or changing it in any way ?
|
Sidrat Flush
Caldari Life is Experience
|
Posted - 2009.05.20 17:16:00 -
[4]
Originally by: Bellasarius Baxter Thanks for the reply.
So there is no risk in using it in programs, aside from the posibility of the information being given to someone else. It is not "Like posting your username & password in the Please-take-all-my-stuff forum ??
anybody having this key will only be able to read information, not use it for accessing account/payment/whatever information, or changing it in any way ?
The API is only for Read only information, usually on a delayed basis, depending on the item being looked at.
There is no way of accessing a user account ingame without the user name and password which of course you don't give out to anyone else right.
EXP-L Eve Industrial Organiser |
davcin
Caldari davcin Corp
|
Posted - 2009.05.20 18:32:00 -
[5]
More info here: http://www.eveonline.com/api/default.asp ____________________________________________
EVEViewer - view your journal, orders, transactions out of the game. |
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |