| Pages: [1] 2 :: one page |
|
|
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Masku Touch
   |
Posted - 2011.01.25 12:13:00 -
[1]
Hi,
I'm slightly confused on what info is safe to give to corp CEO's requesting info of my character before I can join the corp so they can check my skills, alts and whatnot.
They require my limited access API and User ID. I know I must not give my username and password, or my FULL access API.
I know its safe to give out limited API, but no mention of the user ID (not to be confused with username). So is it safe to give user ID AND limited API. I Wish Eve API Key Management was more clear on this, mentioning user ID more.
Cheers in advanced. |
Eura Sukor
|
Posted - 2011.01.25 12:14:00 -
[2]
yes
|
Thuul'Khalat
Gallente
Veto Corp
|
Posted - 2011.01.25 12:19:00 -
[3]
I'd ask any recruiter asking for my API to go penetrate himself with a cactus.
---
|
Moobus Mbebe
|
Posted - 2011.01.25 12:21:00 -
[4]
 Originally by: Thuul'Khalat
I'd ask any recruiter asking for my API to go penetrate himself with a cactus.
Uh huh, that is your preference, all I'm interested in; is it safe?
Thanks |
RaTTuS
BIG
Majesta Empire
|
Posted - 2011.01.25 12:26:00 -
[5]
it is safe - even full api is safe - they cannot change with the info just look at what you've done ...
--
Join BIG
|
Thuul'Khalat
Gallente
Veto Corp
|
Posted - 2011.01.25 12:26:00 -
[6]
The API key is useless without user ID, so one have to go with the other.
It is safe in that they cannot get any info from it that can be used to steal your account and stuff.
---
|
Hendrik Tiberius
Light Years Ahead
Violent Entity
|
Posted - 2011.01.25 12:26:00 -
[7]
Limited api access will only work if you provide both your User ID and the limited key. It is safe to do, it will allow people to see your skills, training and wallet balance though. Of any character you may have on that account.
|
Buddy Friend
|
Posted - 2011.01.25 12:26:00 -
[8]
Stupid thing is: if you have alts on another account that steal dreads and eat babies they'd never know.
Is it just me or does asking for API seem naive these days?
|
Jacqueline Coeur
Gallente
|
Posted - 2011.01.25 12:26:00 -
[9]
They are not asking for the User ID (if they are, tell them no).
They are asking for the Character ID.
They need the character ID (it's a number) to use together with the API (it's a long string of letters and numbers).
|
Endures
|
Posted - 2011.01.25 12:27:00 -
[10]
It is safe if it doesn't bother you, that potentionally everyone knows about your skills and same-account-alts.
To minimize the risk of the key being spread, you could ask the recruitment officer, if you can reset your key, once he has seen what he wanted to see.
|
|
|
Blane Xero
Amarr
The Firestorm Cartel
|
Posted - 2011.01.25 12:29:00 -
[11]
Originally by: Jacqueline Coeur
They are not asking for the User ID (if they are, tell them no).
They are asking for the Character ID.
They need the character ID (it's a number) to use together with the API (it's a long string of letters and numbers).
Character ID has nothing to do with the API. Your limited API is widely accepted as a term for the User ID and Limited Key.
_____________________________________
Haruhiist since December 2008
|
Zerakix
Minmatar
The White Mantle
|
Posted - 2011.01.25 12:32:00 -
[12]
Edited by: Zerakix on 25/01/2011 12:33:29
On the api page is in the format below there are four bits of info they only need of of them the User Id a set of numbers and the API key a large hash of number and letters. Giving out the User ID and API key don't put your account at risk it just lets the CEO see if your skill are upto snuff and your not an alt.
Username: Your Login <- They don't need this and you should never give it out
User ID: 0000000 <- They need this
API Key: dfdf77sdf7sdf6sd6f6sdfsdf88sdf6s8df <- They also need this it's a hash key
Created: 01/01/1976 01:01:01 <- They don't need this but it's useless info either way
I fail. |
Jacqueline Coeur
Gallente
|
Posted - 2011.01.25 12:34:00 -
[13]
Originally by: Blane Xero
Originally by: Jacqueline Coeur
They are not asking for the User ID (if they are, tell them no).
They are asking for the Character ID.
They need the character ID (it's a number) to use together with the API (it's a long string of letters and numbers).
Character ID has nothing to do with the API. Your limited API is widely accepted as a term for the User ID and Limited Key.
I mixed up name and id. Corrected my post now.
|
Rainus Max
Fusion Enterprises Ltd
Morsus Mihi
|
Posted - 2011.01.25 12:39:00 -
[14]
APIs are like windows in banks, you can see the money but you cant get to it. APIs only let you look at your char(s) and various bits of info but you cant touch or do anything to them.
Limited API allows people to see things like skills, corp history etc and the same for all chars on that account. Most corps in 0.0 these days check chars like this to try and weed out the odd person that might not be a positive addition to the corp.
Full API again wont let people do anything but allows a bigger view of your char, Wallet transactions etc.
the API ID is, as far as players are concerned, just a number. It cannot be used to log into your account or hack into any information that would allow an ebil person to access your account.
|
Moobus Mbebe
|
Posted - 2011.01.25 12:52:00 -
[15]
Originally by: Eura Sukor
yes
Thanks - nice and simple answer |
Gavjack Bunk
Gallente
Dark Nexxus
S I L E N T.
|
Posted - 2011.01.25 13:03:00 -
[16]
Don't give them any API info until they give you all the API info of the corp members you are joining.
You're taking as much a risk as they are.
Or tell them "Ok, but in 24 hours, I just have to move this character onto a clean account." then send it them 24 hours laters.
|
Akita T
Caldari Navy Volunteer Task Force
|
Posted - 2011.01.25 13:06:00 -
[17]
Originally by: Thuul'Khalat
The API key is useless without [the] user ID
This. If you give one, you have to give the other.
_
Make ISK||Build||React||1k papercuts
_
|
knickersoffalot
|
Posted - 2011.01.25 13:22:00 -
[18]
Originally by: Buddy Friend
Stupid thing is: if you have alts on another account that steal dreads and eat babies they'd never know.
Is it just me or does asking for API seem naive these days?
yup
|
Whitehound
The Whitehound Corporation
Hounds of Anarchy
|
Posted - 2011.01.25 14:06:00 -
[19]
It is save. You can always create a new, limited API key. Just do not give your full key away.
On a separate note, if a corp demands the key of you or else will not accept you, then you might want to look for a different corporation. You are likely looking at anything from carebearing suckers to douche-grunts.
Those who ask little of you at start and let you decide if you want to give out your key and regardless of membership are the better ones. They let you make up your mind and make your own decisions, and do not force you to disclose your alts when you do not want to.
--
|
Br41n
Amarr
Ministry of War
|
Posted - 2011.01.25 14:14:00 -
[20]
It's very common they ask for your API key, expecially for 0.0 corps.
And they are even used to authenticate on forums and TeamSpeak servers.
They only want to see your alts that's all. As long as you are smart enough not to put your spies on the same account nothing bad will happen hehe
~~~~~~~~~~~~~~~~~~~~~
Pinky: Gee, Brain. What are we going to do tonight?
Brain: The same thing we do every night, Pinky. Try to take over the world.
~~~~~~~~~~~~~~~~~~~~~ |
|
|
Brooks Puuntai
Minmatar
Nomadic Asylum
|
Posted - 2011.01.25 14:21:00 -
[21]
Since now a days any potential spy is smart enough to have their main on a separate account, API is generally used to verify. Mainly checking to see if you skilled the way you said you where, if your broke or decently well off(also something thats becoming redundant since jita/bank alts are the way to go).
Also using your API to register to things like voice comms and forums are becoming the norm since it simplifies the process as well as a security measure.
|
HeliosGal
Caldari
|
Posted - 2011.01.25 14:27:00 -
[22]
real professional spies use a 2nd account anyway
|
gyldenglad3
|
Posted - 2011.01.25 14:39:00 -
[23]
Q:Should I be afraid to give out my full API?
A: No, you should not. Unless you are joining a corp that requires specific skills, which you don't have. Or, if you are afraid your CEO will know you are as poor as a dog and can only fly a raven, which you at the same time is unable to repay if you should lose it.
Q:Why is limited API not good enough?
A: In some cases, especially in largely organized corps, sometimes things can be stolen from hangars. Almost every corporation you join, will have some ships stored somewhere, could be a POS or in a corp hangar, where you will access almost at the very moment you join. If the corp have your full API, they can search your assets and see if you stole it, they can only check your market orders to see if you sold these.
So everyone in this thread, who says "dud ur fukin stupido to give ur api its liek givin passwd", have no idea what they are talking about.
|
Aineko Macx
|
Posted - 2011.01.25 15:16:00 -
[24]
Api checks are pretty standard. I'd even advise to avoiding corps that do not ask for at least the limited one. That being said, while the full api does not weaken your accounts security, the information might in fact give somebody an in game advantage.
________________________
CCP: Where fixing bugs is a luxury, not an obligation. |
Thuul'Khalat
Gallente
Veto Corp
|
Posted - 2011.01.25 15:50:00 -
[25]
Originally by: Aineko Macx
Api checks are pretty standard. I'd even advise to avoiding corps that do not ask for at least the limited one. That being said, while the full api does not weaken your accounts security, the information might in fact give somebody an in game advantage.
I'd say the opposite and advise avoiding corps lazy and naive enough to ask for it. There are far better ways of weeding out undesirable recruits.
---
|
Sophia Amelia Stone
|
Posted - 2011.01.25 15:56:00 -
[26]
Originally by: Thuul'Khalat
I'd ask any recruiter asking for my API to go penetrate himself with a cactus.
This
|
Midge Mo'yb
Antares Shipyards
Phalanx Alliance
|
Posted - 2011.01.25 15:59:00 -
[27]
Originally by: Thuul'Khalat
Originally by: Aineko Macx
Api checks are pretty standard. I'd even advise to avoiding corps that do not ask for at least the limited one. That being said, while the full api does not weaken your accounts security, the information might in fact give somebody an in game advantage.
I'd say the opposite and advise avoiding corps lazy and naive enough to ask for it. There are far better ways of weeding out undesirable recruits.
honestly, our corp has developed tools to aid in this - we even get full API's if we feel the need for it, dont like it i dont give a ****... its the person who wants into the corp - i could care less if they join.
I owe it to the current corp members to keep there security intact - if doing so violates the new guy so be it.
-----------------------------------------------
|
Barakkus
|
Posted - 2011.01.25 15:59:00 -
[28]
If I were to join a corp, I wouldn't join if they didn't do background checks, they're just asking to get ripped off.
-
-
[SERVICE] Corp Standings For POS anchoring
|
Sophia Amelia Stone
|
Posted - 2011.01.25 16:01:00 -
[29]
Originally by: Barakkus
If I were to join a corp, I wouldn't join if they didn't do background checks, they're just asking to get ripped off.
Originally by: HeliosGal
real professional spies use a 2nd account anyway
This
|
Sophia Amelia Stone
|
Posted - 2011.01.25 16:28:00 -
[30]
Originally by: Midge Mo'yb
honestly, our corp has developed tools to aid in this - we even get full API's if we feel the need for it, dont like it i dont give a ****... its the person who wants into the corp - i could care less if they join.
I owe it to the current corp members to keep there security intact - if doing so violates the new guy so be it.
'if doing so violates the new guy so be it'
If that's your attitude towards your new members then they would be suckers to join you in the first place.
|
|
|
|
|
| |
|
| Pages: [1] 2 :: one page |
| First page | Previous page | Next page | Last page |