| Author |
Thread Statistics | Show CCP posts - 9 post(s) |
|
CCP Fallout
   |
Posted - 2010.09.20 17:35:00 -
[1]
CCP Stillman's newest dev blog includes some of the work that we've be doing on the API, and includes important information for API developers. Read all about it here.
Fallout
Associate Community Manager
CCP Hf, EVE Online
Contact us |
|
|
CCP Stillman
|
Posted - 2010.09.20 18:25:00 -
[2]
 Originally by: Selene D'Celeste
Edited by: Selene D''Celeste on 20/09/2010 18:01:19
Whoo API love.
Edit: How will site owners be contacted if they are causing issues via the API?
In most cases, we've been able to find the owner of a server by simply opening the site that is located on the server, or simply by the IP itself.
So please make sure that a domain is associated with your IP, so that we can figure out who owns the site. Having contact details on the site is even better.
|
|
|
CCP Explorer
|
Posted - 2010.09.20 22:32:00 -
[3]
Originally by: Arous Drephius
Originally by: Zagdul
The reason a lot of our software is getting bad requests for API keys is not because of a fault in our software, it's because of a fault in the API system.
My forums have an API check. This check is run via chron job to validate API's in my alliance. If someone has changed their API, it'll spit out an invalid request then deny them access to my forums. I then manually delete the members so that request is no longer made.
There's nothing I as a site admin can do against this. If someone changes their API, I can't control them. The best I can do is limit the amount of bad requests.
But blacklisting someone like me who may make 10-20 bad requests a month?
I doubt CCP cares about 10-20 bad requests per month, however you could reduce it to just one invalid request per person that changes their key.
As soon as your cronjob gets the 'authentication failure' message back from the API, mark the user account as invalid, and have the job check to see if each user is invalid before sending the request to the API next time.
Exactly.
The sites we have already contacted have issued thousands of requests with invalid keys in a matter of a few days, with repeated requests with the same invalid keys again and again.
Erlendur S. Thorsteinsson
Software Director
EVE Online, CCP Games |
|
|
CCP Prism X
Gallente
C C P
C C P Alliance
|
Posted - 2010.09.22 08:35:00 -
[4]
Originally by: TornSoul
...
I'm however curious to know if anyone is actually working *on* the API itself?
...
In short - Is there now an "API team" in existence?
Me and Stillman are actually working on the API itself. Being a DB Developer puts me in a position where I'm also quite useful at troubleshooting performance bottlenecks in the database and that's why I've been working with Ops on improving overall performance. I'm still a developer! 
I wouldn't go as far as to say there was a dedicated team for the API at the moment as that might imply an entire SCRUM team working on it. I am however completely dedicated to the API for the time being. During this time a lot of other people have been dragged into the project. I still wouldn't go as far as to call it a *team* but there are resources available to us that I didn't know where to find earlier. Stuff is generally looking a whole lot better, you'll see.
There will be a couple of other Dev Blogs concerning the API before the next point release.
~ Prism X
EvE Database Developer
Relocating your character to a cozy, secure container since 2006.
Relocating your cozy, secure container to the EVE cemetery since 2008. |
|
|
CCP Prism X
Gallente
C C P
C C P Alliance
|
Posted - 2010.09.22 10:19:00 -
[5]
I actually have a meeting at the start of next week regarding the state of the API documentation.
Will make a note of bringing this up.
~ Prism X
EvE Database Developer
Relocating your character to a cozy, secure container since 2006.
Relocating your cozy, secure container to the EVE cemetery since 2008. |
|
|
CCP Stillman
|
Posted - 2010.09.22 17:28:00 -
[6]
Originally by: CCP Prism X
Originally by: TornSoul
...
I'm however curious to know if anyone is actually working *on* the API itself?
...
In short - Is there now an "API team" in existence?
Me and Stillman are actually working on the API itself. Being a DB Developer puts me in a position where I'm also quite useful at troubleshooting performance bottlenecks in the database and that's why I've been working with Ops on improving overall performance. I'm still a developer!
I wouldn't go as far as to say there was a dedicated team for the API at the moment as that might imply an entire SCRUM team working on it. I am however completely dedicated to the API for the time being. During this time a lot of other people have been dragged into the project. I still wouldn't go as far as to call it a *team* but there are resources available to us that I didn't know where to find earlier. Stuff is generally looking a whole lot better, you'll see.
There will be a couple of other Dev Blogs concerning the API before the next point release.
For reference, I'm the QA person on the API. So I deal with all bug-reports that get submitted through the bug-hunters, test all new stuff and regression testing on refactoring that goes on.
And I can only second PrismX's sentiment :)
|
|
|
CCP Prism X
Gallente
C C P
C C P Alliance
|
Posted - 2010.09.22 17:43:00 -
[7]
Originally by: CCP Stillman
For reference, I'm the QA person on the API. So I deal with all bug-reports that get submitted through the bug-hunters, test all new stuff and regression testing on refactoring that goes on.
And I can only second PrismX's sentiment :)
Just so no one misunderstand the situation here.
Without dedicated QA that fully understands the customer side usage of the API: Nothing much would be happening for the API. If something would be happening it would be breakage of currently functional code.
QA is the best worst enemy a developer can have. 
~ Prism X
EvE Database Developer
Relocating your character to a cozy, secure container since 2006.
Relocating your cozy, secure container to the EVE cemetery since 2008. |
|
|
CCP Stillman
|
Posted - 2010.09.24 18:56:00 -
[8]
Originally by: Vaerah Vahrokha
@CCP Devs
I work with APIs "for a living" as auditor.
I get a lot of flak because they give out too little but too much at the same time.
I.e. there is no viable granularity in what they provide.
Could you add some preference where a player can enable or disable the ability to fetch all the alt names, to only enable wallet monitoring (and nothing else) and similar?
This is something that PrismX and I regularly discuss. Sadly, it's a very major task, which wouldn't make much sense to hack in, when there's so many different ways we can do this differently than we do now, which would vastly improve the overall quality of the API.
At this point, we're focused on delivering the next version of the API, which will be discussed more in depth at some point in the future. So I obviously can't speak about what we might do after that, as nobody knows to be frankly honest. We do have a backlog, and what you describe is in there, and it's something I'd love to see personally. But I don't get to decide such things, and there's technical limitations as well :(
|
|
|
CCP Stillman
|
Posted - 2010.09.24 19:33:00 -
[9]
Originally by: Epitrope
This was discussed a little bit on IRC when the API was first being developed, and I was under the impression that the code allows for up to 256 API keys with variable permissions (of which we're using two, named "limited" and "full"), but sorting out the UI was difficult enough that it got bumped down in priority and never finished. Is that in fact the case?
If that was the case, we'd have done it a long time ago. So no, it's definitely not the case, sadly.
|
|
| |
|