| Pages: [1] 2 :: one page |
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Riethe
Invictus Sovereignty
   |
Posted - 2008.05.22 20:41:00 -
[1]
In the current system, API keys are either:
Limited to the character sheet, character list, corporation sheet, and current skill training
OR
EVERYTHING ELSE
If API keys had a system that allowed you to specifically choose which elements you'd like to give out through your API key, a lot more progress and development could be done surrounding the API keys without concerns surrounding theft of delicate data.
For example, someone may want to generate an API key that only allows access to their kill log, for usage on a public killboard.
They cannot do this currently due to the fact that it requires a FULL API key which exposes much more data than many individuals are willing to comfortably share.
|
Ishina Fel
Synergy.
Imperial Republic Of the North
|
Posted - 2008.05.22 20:43:00 -
[2]
Sounds sensible.
|
Sally Bestonge
GoonFleet
GoonSwarm
|
Posted - 2008.05.22 20:44:00 -
[3]
killboard api's can be handeled by the corp api whats the issue?
|
Riethe
Invictus Sovereignty
|
Posted - 2008.05.22 21:00:00 -
[4]
 Originally by: Sally Bestonge
killboard api's can be handeled by the corp api whats the issue?
This goes far beyond just killboards. There are many instances when an application only requires specific aspects of a key yet currently gets all aspects.
Many people are not comfortable with this, and as a result, projects are forced to be open source or never get off the ground due to issues regarding trust.
|
Treelox
Market Jihadist Revolutionary Party
|
Posted - 2008.05.22 22:34:00 -
[5]
while I support this idea, I find it most humorous that a confirmed scammer asked for it first.
--
|
Guvante
GALAXIAN
|
Posted - 2008.05.22 23:07:00 -
[6]
Local programs can be firewalled, and this will need hundreds of developer hours to be designed properly let alone implemented.
They decided on the current system to provide simplicity, a limited key with everything you need for skill sheets, and a full key for the other options.
Introducing a complex layered system of trust would be difficult and could open up exploits if mistakes are made.
I would support adding another subcategory however, if a specific non-damaging portion of the Full API key is needed.
|
Riethe
Invictus Sovereignty
|
Posted - 2008.05.23 10:44:00 -
[7]
Originally by: Treelox
while I support this idea, I find it most humorous that a confirmed scammer asked for it first.
And I guess if you weren't so busy making an ass out of yourself, you'd realize that someone with a not-so-positive reputation would benefit even more from this.
If a person like me wants to offer a website and a service that only requires some aspect of the full API that isn't a large concern to anyone, but their wallet data is, I currently would have a lot of trouble bringing something like that to the community, even if it's meant purely for good.
In a slight modification of the current system, I could do that and everyone would be able to safely enjoy it, equally.
Originally by: Guvante
Local programs can be firewalled, and this will need hundreds of developer hours to be designed properly let alone implemented.
They decided on the current system to provide simplicity, a limited key with everything you need for skill sheets, and a full key for the other options.
Introducing a complex layered system of trust would be difficult and could open up exploits if mistakes are made.
I would support adding another subcategory however, if a specific non-damaging portion of the Full API key is needed.
I do not believe you have sufficient programming knowledge to make this comment, as it is vastly incorrect.
I personally could whip up a working change to the system in under 30 minutes. I'm not saying it would be beautiful, but it would WORK, and it would not take much more drain on the server, if any--only if you were using the new system as if it were the old system (as in, repeated requests rather than using the global key.)
|
Virtuozzo
IVC Consortium
Imperial Republic Of the North
|
Posted - 2008.05.23 12:11:00 -
[8]
You already can selectively use individual transaction methods of API key usage. People supplying the key even have a full log overview of who runs what with your API key, regardless of limited or full key.
EVE isn't supposed to be black or white, but many shades of grey. The current API system supports exactly that. This sometimes bites the "good" people, sometimes the "bad people". So be it.
The way it is, is more then fine. What we should look at, is expanding the API functionality, for instance to contracts.
CAOD FTW.
|
Serenity Steele
Dynamic Data Distribution
Ministry of Information
|
Posted - 2008.05.23 12:21:00 -
[9]
Lack of API access control creates an issue in that it requires trust of the site owner, thereby restricting up-take of new community built applications that rely on the API process, and therefor community tool development.
Writing on community tool development;
Ix Forres is working on a solution for this called gatecamper
Originally by: "Talk Unafraid Blog"
...
Basically, itÆs a granular security proxy for EVE-Online API applications. Instead of using a direct connection to the EVE API servers, you use (as a developer) a version of the EVE API hosted by Gatecamper. ItÆs got a great deal of benefits over the EVE-O version, including support for HTTPS (thus securing against Man in the Middle attacks) and, most importantly, improved security features in userland.
Users give their real full API key to Gatecamper when they sign up, and once thatÆs in they can create new keys for Gatecamper applications. At present IÆm still tying down the key format, but most likely itÆll just be one key instead of this UserID+Key thing we have now.
Each key is associated with an application and a set of permissions- as a user you can control exactly what each app has access to through an easy to use interface. Developers donÆt see any changes except for missing data where they donÆt have permission to get any, or simple authentication errors.
WeÆll be expanding the API functions available through Gatecamper to include more stuff for developers like price feeds for items and so on, but thatÆs a fair distance off.
≡v≡ Strategic Maps now in Eve-Online Store |
Serra Nova
Core Element
Blackguard Coalition
|
Posted - 2008.05.23 13:23:00 -
[10]
Great idea for all us paranoid players...
|
Riethe
Invictus Sovereignty
|
Posted - 2008.05.23 15:52:00 -
[11]
The necessity of this change is far beyond the few of you freaks who insist a lack of a proper implementation of the API system somehow benefits the game.
Playing devil's advocate on this topic simply does not make sense.
This is something that is preventing significant amounts of future development surrounding the EVE API.
Many creative, upstarting players have no where to turn for this and much effort will be lost in an attempt to create a project of these types.
As far as the guy who suggested actually monitoring the EVE API logs, you have to be kidding. It just takes ONE run of your wallet transactions for me to be done snooping through your important data.
Once I have that, What difference does it make if you block your APIKEY. And then at that point it once again just dissolves into a case of my word against someone else's, whether they're attempting to discredit me or genuinely had something stolen from them.
|
Salvis Tallan
The Shadow Order
SMASH Alliance
|
Posted - 2008.05.23 17:37:00 -
[12]
I have been a major proponent of this since Garthy started the API. It should not be the responsibility of third party developers to have to set this up.
------
|
Jameroz
Echoes of Space
|
Posted - 2008.05.23 18:22:00 -
[13]
Would definately be nice to be able to set the access yourself.
Our small corporation is recruiting Finnish players. |
Level4
Red Frog Investments
Blue Sky Consortium
|
Posted - 2008.05.23 18:27:00 -
[14]
Actually the real issue is that API developement has stopped at CCP.
And what we have today is what we will get for a long while.
|
Efa Morgan
|
Posted - 2008.06.03 08:45:00 -
[15]
|
Irongut
M'8'S
Frontal Impact
|
Posted - 2008.06.03 09:08:00 -
[16]
Originally by: Sally Bestonge
killboard api's can be handeled by the corp api whats the issue?
The issue is that it requires the full key of a CEO or Director of the corp. If the developer or person hosting a killboard collected those keys they would then have access to all the api data for both that person and the corp. This is preventing a lot of people who would like to use the killmail feature of the api from doing so.
I think we definitely need a way to create a number of keys that can be assigned one or more specific roles like kill data, character sheet data, market data, corp market data and so on. You could then use one key for your killboard, another for EVEMon, another for market analysis tools, etc.
--
Join Frontal Impact Racing Team & feel the speed!
|
Takimi Star
|
Posted - 2008.06.04 23:49:00 -
[17]
/agree
|
Arkady Sadik
Gradient
Electus Matari
|
Posted - 2008.06.05 00:12:00 -
[18]
Yes please.
|
Theramin Dogon
GoonFleet
GoonSwarm
|
Posted - 2008.06.05 06:19:00 -
[19]
Originally by: Riethe
In the current system, API keys are either:
Limited to the character sheet, character list, corporation sheet, and current skill training
OR
EVERYTHING ELSE
As it is now, it's up to the application to grab what it needs from the database. Good luck getting CCP to budge. |
Somatic Neuron
|
Posted - 2008.06.05 11:03:00 -
[20]
Agree with OP on this
---------- |
Betty Beatser
|
Posted - 2008.06.05 12:33:00 -
[21]
This is a good idea
|
Ranamar
|
Posted - 2008.06.05 12:41:00 -
[22]
Definitely would be nice, though I can imagine it could be obnoxious to patch onto the current system.
|
Shar Tegral
|
Posted - 2008.06.05 14:10:00 -
[23]
Originally by: Treelox
while I support this idea, I find it most humorous that a confirmed scammer asked for it first.
It is ironic but then I've never found Riethe to be stupid in any way. Good idea from an always bright, if twisted, individual.
To Shar -verb:
1 - To say what you mean.
2 - To say what it means.
3 - To say something mean. |
Dinique
The Illuminati.
Pandemic Legion
|
Posted - 2008.06.05 16:23:00 -
[24]
This should be the top priority for the API development.
Definitely supporting this.
_____
The species has amused itself to death
|
Ethaet
Aliastra
|
Posted - 2008.06.05 21:13:00 -
[25]
I like this idea.
--------------------------------------------------------------
Seriously, we need some kind of separation between the post and signature.
There you go. Now that wasn't so hard  |
Riethe
Invictus Sovereignty
|
Posted - 2008.06.06 13:48:00 -
[26]
There is no irony to a "confirmed scammer" requesting this feature.
It actually makes a lot of sense for someone who may find it difficult to earn the trust of others (whether new or dishonest) to want access to a more restrictive API Key.
It settles the fears of those who are concerned they may be giving away more information than they'd like.
EVE-Scam.com |
Shar Tegral
|
Posted - 2008.06.07 11:41:00 -
[27]
Originally by: Riethe
There is no irony to a "confirmed scammer" requesting this feature.
I was more speaking to Tree, in regards to his comment to you, while giving my support to this idea and issue.
To Shar -verb:
1 - To say what you mean.
2 - To say what it means.
3 - To say something mean. |
Riethe
Invictus Sovereignty
|
Posted - 2008.06.07 12:33:00 -
[28]
Originally by: Shar Tegral
I was more speaking to Tree, in regards to his comment to you, while giving my support to this idea and issue.
And I was more speaking to any individuals who may have actually taken into consideration his statement (which was not constructive nor belongs here.)
EVE-Scam.com |
Shar Tegral
|
Posted - 2008.06.07 12:42:00 -
[29]
Originally by: Riethe
And I was more speaking to any individuals who may have actually taken into consideration his statement (which was not constructive nor belongs here.)
Well, you would think that. However the rest of us think that he supported your idea and then pointed out what kind of scum you are. In essence, you got(stole) your 40b. You can't have silence on the matter too.
To Shar -verb:
1 - To say what you mean.
2 - To say what it means.
3 - To say something mean. |
Riethe
Invictus Sovereignty
|
Posted - 2008.06.07 15:36:00 -
[30]
Huh?
The only semblance of support was simply a minor addition to his post for the purpose of seeming somewhat on-topic.
Just so he could make his inane remark.
Free bumps for a somewhat important feature.
Keep it coming.
EVE-Scam.com |
| |
|
| Pages: [1] 2 :: one page |
| First page | Previous page | Next page | Last page |