open All Channels
seplocked EVE Information Portal
blankseplocked New Dev Blog: The API is Going HTTPS
 
This thread is older than 90 days and has been locked due to inactivity.


 
Pages: 1 [2]

Author Topic

Nikolai Kondratiev
Sphere Design Inc.
Posted - 2011.01.27 00:22:00 - [31]
 

Originally by: Trebor Daehdoow
I appreciate (and largely agree with) the reasoning behind this, but it is probably going to kill my EViE skill training browser applet.

The reason for this is that javascript httpxmlrequest calls can only be made to the server that originated the enclosing page. So for EViE to work, I had to write a special proxy that bounces these requests off to the api server, and then returns the results (ie: Browser <-> Proxy <-> Api Server)

Now, I can certainly use https between the proxy and the Api server, but encrypting between the browser and the proxy will require buying a certificate, and I'm not sure I can justify the expense. Confused




Well you don't HAVE to upgrade your website to SSL if it was fine without until now, whatever CCP makes the HTTPS mandatory for API calls or not.

Browser <--- HTTP ---> Your webserver <-- HTTPS ---> API Server

Catari Taga
Centre Of Attention
Middle of Nowhere
Posted - 2011.01.27 01:26:00 - [32]
 

Good change (if overdue), and working fine for TQ API, but for the SiSi API server it doesn't work (bad certificate followed by a 500 Internal Server Error response).

Aineko Macx
Posted - 2011.01.27 09:12:00 - [33]
 

Originally by: FullNelson Mandella
The problem CCP will encounter is that they're probably going to acquire a Verisign cert signed by the G5 root CA, which is not in the Truststore of most phones over two years old.
For what its worth, CCP is using Entrust certs on Gate...
Originally by: Wollari
But SSL is of course a real new world for most people and comes with new problems, like trusted certificate list, exact hostname matching, and ssl chains, etc (I know this from work).

Agreed. Working with related things for two years now.

Trebor Daehdoow
Gallente
Sane Industries Inc.
Posted - 2011.01.27 11:22:00 - [34]
 

Edited by: Trebor Daehdoow on 27/01/2011 11:23:39
Originally by: Nikolai Kondratiev
Well you don't HAVE to upgrade your website to SSL if it was fine without until now, whatever CCP makes the HTTPS mandatory for API calls or not.

Browser <--- HTTP ---> Your webserver <-- HTTPS ---> API Server


CCP clearly wants the data to be encrypted end-to-end. While I could do this (in fact, I have implemented it as a partial fix on my test server), I would very much want to fully honor the spirit and intent of the change.

I will implement this if I have absolutely no choice -- with appropriate warnings to the users of EViE -- but only as a last resort.

Originally by: Catari Taga
Good change (if overdue), and working fine for TQ API, but for the SiSi API server it doesn't work (bad certificate followed by a 500 Internal Server Error response).


Make sure you're connecting to api.eveonline.com and not api.eve-online.com; the latter works but will generate a certificate error (or at least, it was yesterday).

Wollari
Phoenix Industries
Wicked Nation
Posted - 2011.01.27 13:16:00 - [35]
 

Edited by: Wollari on 28/01/2011 09:36:19
Edited by: Wollari on 27/01/2011 13:24:40
Edited by: Wollari on 27/01/2011 13:16:56
Quote:
If you're an API developer: You should update your application to access the API using HTTPS. The overhead of HTTPS is not that big, even on mobile devices. Due to this, we will turn off normal HTTP access to the API in the future. When a specific date is decided for when this to happen we will make sure to give you appropriate advance warning

No ... SSL doesn't have an impact on your application :-)

Querying 25k Corporations (loop with 25k corpIDs, one by one)
with HTTP: 0:45 (h:mm)
with HTTPS: 1:15

Average query time (25k Corporations) - EDIT: FIXED Calculation
with HTTP: 0.0987s
with HTTPS: 0.16796s

I don't wanna go multithreaded to start a DoS on your API servers. I hope that you can keep the non-ssl connection open for public APIs. Apart from that requests with multiple corporationID_s_ would be nice.

Catari Taga
Centre Of Attention
Middle of Nowhere
Posted - 2011.01.27 13:19:00 - [36]
 

Edited by: Catari Taga on 27/01/2011 13:20:05
Originally by: Trebor Daehdoow
Originally by: Catari Taga
Good change (if overdue), and working fine for TQ API, but for the SiSi API server it doesn't work (bad certificate followed by a 500 Internal Server Error response).


Make sure you're connecting to api.eveonline.com and not api.eve-online.com; the latter works but will generate a certificate error (or at least, it was yesterday).

Thanks, but testapi.eveonline.com is the SiSi API server, and that's the one with the bad certificate (it has one for www.eveonline.com) and which produces a server error. Wink

CCP Stillman

Posted - 2011.01.27 13:40:00 - [37]
 

Originally by: Wollari
Edited by: Wollari on 27/01/2011 13:24:40
Edited by: Wollari on 27/01/2011 13:16:56
Quote:
If you're an API developer: You should update your application to access the API using HTTPS. The overhead of HTTPS is not that big, even on mobile devices. Due to this, we will turn off normal HTTP access to the API in the future. When a specific date is decided for when this to happen we will make sure to give you appropriate advance warning

No ... SSL doesn't have an impact on your application :-)

Querying 25k Corporations (loop with 25k corpIDs, one by one)
with HTTP: 0:45 (h:mm)
with HTTPS: 1:15

Average query time (25k Corporations)
with HTTP: 0.9873s
with HTTPS: 1.6796s

I don't wanna go multithreaded to start a DoS on your API servers. I hope that you can keep the non-ssl connection open for public APIs. Apart from that requests with multiple corporationID_s_ would be nice.

If you're going to be doing large batches, you're obviously going to see a linear increase in time as a result of having to do a SSL handshake for each request.

It's advisable to limit SSL handshakes if you are going to do large queries like that. In those scenarios, there's nothing to stop you from creating a handful of persistent connections and pooling those for requests.

Wollari
Phoenix Industries
Wicked Nation
Posted - 2011.01.27 14:30:00 - [38]
 

Edited by: Wollari on 27/01/2011 14:31:31
Edited by: Wollari on 27/01/2011 14:30:50
Originally by: CCP Stillman
It's advisable to limit SSL handshakes if you are going to do large queries like that. In those scenarios, there's nothing to stop you from creating a handful of persistent connections and pooling those for requests.

I'll look into my api library if I can force php/curl to do some http keep alive. I think if I get the keep alive with php working the overall performance should be better since the connection hanshake would be obsolete ... But I still would like to perform batch queries :-)

Meeogi
Amarr
Lone Star Privateers
Posted - 2011.01.27 16:47:00 - [39]
 

The day is coming where we play eve on the smart phones.

May god save us all

Ranka Mei
Caldari
Posted - 2011.01.27 19:49:00 - [40]
 

Originally by: CCP Stillman
No, EVEMon should still work correctly.

We're aware of another issue which causes the charactersheet to fail, which would affect EVEMon. We're fixing that as a part of Incursion 1.1.2, which is being deployed tomorrow.

<sarcasm>EVEMON? Yeah, I remember that.</sarcasm>

Seems they've given up on their end. :( Or slowed down development to 1/10th of the original.

Series 1Alpha
Amarr
Posted - 2011.01.28 00:01:00 - [41]
 

This is awesome. Can you please now have a look at this: EVE Docs which seems to have no documents listed or confirm if this is the full EVE API documentation.

Wollari
Phoenix Industries
Wicked Nation
Posted - 2011.01.28 09:26:00 - [42]
 

Edited by: Wollari on 28/01/2011 09:35:38
Edited by: Wollari on 28/01/2011 09:29:59
php + curl + https + keepalive == really speedy.

23767 corporations sheets updated (including my database) in 22 minutes. (average request time 0.036s). that's even faster compared to single unencrypted api calls.

Vaerah Vahrokha
Minmatar
Vahrokh Consulting
Posted - 2011.01.28 12:02:00 - [43]
 

1) Please let the old API address work (maybe make it optional). There are way too many great applications that are not being updated since 1-2 patches ago and that will break, making my work impossible.

2) Don't you think the rush at securing the API with https is premature, when we have to give Full API keys to be accepted in some corps anyway? And an unknown guy can STILL read all our EvE mails?

3) Don't you think the rush at securing the API with https clashes with the utterly low privacy that by default plagues EvE Gate (everything given away by default both on Tranq (AND Sisi anyway))?

Hud Bannon
Posted - 2011.01.29 01:38:00 - [44]
 

Not a comp. sci. guru by any means, but what level encryption are we talking about? 128? I am not sure if HTTPS protocal can handle more than that but 128 is nothing to "crack" from what I understand. Again - just curious.

CCP Stillman

Posted - 2011.01.29 19:28:00 - [45]
 

See PrismX's dev-blog for our plans when to stop supporting HTTP.

pushtaki
Gallente
Posted - 2011.02.01 11:23:00 - [46]
 

so my capsuleer iphone app will stop working some day soon Crying or Very sad

Aineko Macx
Posted - 2011.02.05 20:38:00 - [47]
 

Originally by: Hud Bannon
Not a comp. sci. guru by any means, but what level encryption are we talking about? 128? I am not sure if HTTPS protocal can handle more than that but 128 is nothing to "crack" from what I understand. Again - just curious.

Looking at the certificate/https info of the API you'll see
- symmetric key exchange using RSA asymmetric key encryption with 2048 bit modulus, certificate with SHA1/RSA signature,
- actual data transport using 128 bit AES symmetric encryption
That's your bread and butter https.

romex987
Posted - 2011.02.16 23:59:00 - [48]
 

I am currently trying to learn to program just started.. :D
using asp.net C#

I imported the libary list eveapi.live etc and am having trouble connecting i guess i will need to do more research now....



Pages: 1 [2]

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only