open All Channels
seplocked EVE Information Portal
blankseplocked New Dev Blog: Customizable API keys goes live for testing
 
This thread is older than 90 days and has been locked due to inactivity.


 
Pages: 1 2 [3] 4

Author Topic

Dierdra Vaal
Caldari
Veto.
Veto Corp
Posted - 2011.05.27 18:24:00 - [61]
 

Instead of a 'Create vCode' button, may I recommend having an auto-generated vCode filled in by default? People can still manually edit it - but having a automagically generated, strong vCode already present by default will decrease the number of people using a weak 'human' vCode. It will also make it a little more convenient for people who don't wish to define their own vCode (which I think will be the majority).

CCP Stillman

Posted - 2011.05.27 21:48:00 - [62]
 

Originally by: TornSoul
Christmas - Already? (well.. it's not deployed yet but.. ) RazzRazzRazz



Close enough, in my opinion Very Happy
Originally by: TornSoul

3: I think (hope!) the following is the case, but please confirm :
- "oldschool" userid/apikey calls to the API will still be possible? (aka I won't have to update all my existing code with new paramnames)



For now, yes.

CCP Stillman

Posted - 2011.05.27 21:49:00 - [63]
 

Originally by: Avraham Avinu
Edited by: Avraham Avinu on 27/05/2011 06:29:25
Edited by: Avraham Avinu on 27/05/2011 06:16:25


  1. When I Update a vCode, I get an "Authentication failure" using the updated vCode, yet my old vCode still works. It only started to work a couple minutes later. I suspect a server-side cache issue. This will confuse people and lead to the dark side.



This is indeed due to caching. There will always be a small delay, I'm afraid.

CCP Stillman

Posted - 2011.05.27 21:51:00 - [64]
 

Originally by: Marcel Devereux
Originally by: CCP Stillman
Originally by: Marcel Devereux
Edited by: Marcel Devereux on 26/05/2011 16:30:49
Can we please get a link for each key on the key management page that has the key info embedded as arguments in the URL (i.e. http://api.eve-online.com/key/?keyID=42&vCode=VERYSECRET)? I would like to register as a handler for that link and the user can chose to open the link with my application. This would allow for easy key entry into applications.

Is what you're asking for a button that will say "Copy API Key to clipboard", which people can click and then paste into the requesting application? Smile


Only if it can work across all browsers and does not require flash to do it (i.e bit.ly's copy url to clipboard requires flash). What reservations do you have about providing the link?

I have no reservations. It was just a thought, based on what the goal of doing so was. We'll of course investigate all options for doing this Smile

CCP Stillman

Posted - 2011.05.27 21:56:00 - [65]
 

Originally by: Taureau
Edited by: Taureau on 27/05/2011 18:36:19
Apologies if I'm incorrect about this, but if I try this URL with various parameters it fails: http://apitest.eveonline.com/API/APIKeyInfo.xml.aspx?keyID=1&vCode=VERYVERYSECRET

Sorry about that. That was a typo in the blog. The actual directory the call is in, is /account/. Fixed that

CCP Stillman

Posted - 2011.05.27 21:57:00 - [66]
 

Originally by: Golden Gnu
I can not access: https://supporttest.eveonline.com (http as well)
It redirects me to https://supporttest.eveonline.com/Pages/KB/

Also, awesome change...

Fixed. The fix I made yesterday disappeared last night during the outage. It now links directly to the API key page Very Happy

CCP Stillman

Posted - 2011.05.27 21:58:00 - [67]
 

Originally by: Hel O'Ween


Question 1):
This might be obvious, but better have it spelled out in written than all of us assuming something which's not true: personal and corporation keys are completely separated in the new system?

Example: assuming I'm a CEO or director, my full API key granted me complete access to both personal and corp API data. With the new system I would need to create two keys (personal and corporation) to achieve the some thing? I assume that's the case, but I rather have that confirmed.


Yes. That's unfortunately a trade off that had to be made.
Originally by: Hel O'Ween

Question 2):
Will there be a replacement for the AccountStatus API?


The AccountStatus API is still there and works like it always has. So there won't be a replacement Smile

Arkady Sadik
Minmatar
Electus Matari
Posted - 2011.05.27 22:22:00 - [68]
 

Awesome.

Oh, and for the people who don't want a user-define vCode: You're wrong.

A user-defined vCode alles client applications to actually use API keys for authentication by providing a challenge and requiring a user to have that challenge in the vCode they submit. <3

Golden Gnu
Gallente
The Golden Gnu Corp
Posted - 2011.05.28 09:57:00 - [69]
 

@CCP Spitfire
Thx :)

Also, the [?] link for CharacterInfo links nowhere...

Marcel Devereux
Aideron Robotics
Posted - 2011.05.28 17:24:00 - [70]
 

Originally by: CCP Stillman
Originally by: Marcel Devereux
Originally by: CCP Stillman
Originally by: Marcel Devereux
Edited by: Marcel Devereux on 26/05/2011 16:30:49
Can we please get a link for each key on the key management page that has the key info embedded as arguments in the URL (i.e. http://api.eve-online.com/key/?keyID=42&vCode=VERYSECRET)? I would like to register as a handler for that link and the user can chose to open the link with my application. This would allow for easy key entry into applications.

Is what you're asking for a button that will say "Copy API Key to clipboard", which people can click and then paste into the requesting application? Smile


Only if it can work across all browsers and does not require flash to do it (i.e bit.ly's copy url to clipboard requires flash). What reservations do you have about providing the link?

I have no reservations. It was just a thought, based on what the goal of doing so was. We'll of course investigate all options for doing this Smile


Thanks for looking into it! Just remember to test on mobile browsers for what ever solution you come up with.

Irdalth Delrar
EVE University
Ivy League
Posted - 2011.05.28 20:15:00 - [71]
 

Originally by: CCP Stillman

Originally by: Hel O'Ween

Question 2):
Will there be a replacement for the AccountStatus API?


The AccountStatus API is still there and works like it always has. So there won't be a replacement Smile


As a follow up, what option from the new API will allow/restrict access to account-wide stuff like AccountStatus? As currently its on the Full API, I take it won't simply be accessible by default? Will checking Private Information -> CharacterInfo be the way? Or are there more options in the works that simply have not been released yet?

Hel O'Ween
Men On A Mission
EVE Trade Consortium
Posted - 2011.05.28 21:02:00 - [72]
 

Originally by: CCP Stillman

Originally by: Hel O'Ween

Question 2):
Will there be a replacement for the AccountStatus API?


The AccountStatus API is still there and works like it always has. So there won't be a replacement Smile


Ah, cool. I didn't saw it listed on the API key test page so I wondered if it will be perhaps merged with some other API (char info ...)

Marcel Devereux
Aideron Robotics
Posted - 2011.05.30 18:27:00 - [73]
 

Another thing. Sometime after the release please evaluate the use of the expire feature. If the majority of the keys are set to not expire then this should be set as the default.

CCP Stillman

Posted - 2011.05.30 20:34:00 - [74]
 

Originally by: Hel O'Ween
Originally by: CCP Stillman

Originally by: Hel O'Ween

Question 2):
Will there be a replacement for the AccountStatus API?


The AccountStatus API is still there and works like it always has. So there won't be a replacement Smile


Ah, cool. I didn't saw it listed on the API key test page so I wondered if it will be perhaps merged with some other API (char info ...)

You're right. It's not there. This will be fixed Embarassed

Hel O'Ween
Men On A Mission
EVE Trade Consortium
Posted - 2011.05.31 15:37:00 - [75]
 

Originally by: CCP Stillman
You're right. It's not there. This will be fixed Embarassed


While you're at it, I didn't spot the Characters.xml.aspx either.

Pi2
Posted - 2011.06.02 18:43:00 - [76]
 

Edited by: Pi2 on 02/06/2011 18:42:53
Am I doing sth wrong or is currently creating Corp API Keys turned off? (got an CEO on the account I am trying with)

Hel O'Ween
Men On A Mission
EVE Trade Consortium
Posted - 2011.06.03 11:49:00 - [77]
 

Originally by: Pi2
Edited by: Pi2 on 02/06/2011 18:42:53
Am I doing sth wrong or is currently creating Corp API Keys turned off? (got an CEO on the account I am trying with)


Form the dropdown box "Character" you need to select the CEO char in order to be able to create corporation keys. Just tried it, works fine for me.

Consortium Agent
Posted - 2011.06.04 12:32:00 - [78]
 

Edited by: Consortium Agent on 05/06/2011 14:06:43
For those that want or need one, here's a 64 character random verification code generator:

http://www.reportbots.com/eve_vcode_generator/

Enjoy.

Efeu
Caldari
Morituri Te Salutant
Posted - 2011.06.11 19:48:00 - [79]
 

The links currently give a simple 404 Resource not found.

Mella Elcus
Posted - 2011.06.13 17:14:00 - [80]
 

Originally by: Efeu
The links currently give a simple 404 Resource not found.

https://supporttest.eveonline.com/API is still dead and it looks like the api test server is reset to the old userid/apikey system.
Not much testing possible atm :>

Taureau
Gallente
Innovia
Innovia Alliance
Posted - 2011.06.13 21:49:00 - [81]
 

Originally by: Mella Elcus
Originally by: Efeu
The links currently give a simple 404 Resource not found.

https://supporttest.eveonline.com/API is still dead and it looks like the api test server is reset to the old userid/apikey system.
Not much testing possible atm :>


You make me cry CCP. :(

Joss56
Gallente
Unleashed' Fury
Posted - 2011.06.15 15:34:00 - [82]
 

Yoooouhooooooou !! Laughing

Mails added, notifications added, this is awesome.

Little effort add contracts please and I'll do babies with you all day&night Laughing

Hel O'Ween
Men On A Mission
EVE Trade Consortium
Posted - 2011.06.15 16:16:00 - [83]
 

Originally by: Joss56

Mails added, notifications added, this is awesome.



You are aware that mails/notifications have been available for a year now?

Assaj Ventress
Posted - 2011.06.16 13:45:00 - [84]
 

Any idea on when supporttest.eveonline.com/api is going up again?

Taureau
Gallente
Innovia
Innovia Alliance
Posted - 2011.06.27 18:56:00 - [85]
 

Is this going back up anytime soon? What's the status on this?

Johnathan Roark
Caldari
The Graduates
Morsus Mihi
Posted - 2011.07.15 22:23:00 - [86]
 

Looks like the page is backup but the keys don't work :(

CaptainQuick
Posted - 2011.08.29 11:22:00 - [87]
 

blah blah blah blah blah what happened to hey we wil get you walking about in station outside your captains chamber by the end of the summer....looks like that will be anouther 2yrs like walking in stations huh....go figure CCP putting something out there that wasnt even promised to begin with to cover up the fact we are stuck inside captain chambers for anouther 2-3yrs

Johnathan Roark
Caldari
The Graduates
Morsus Mihi
Posted - 2011.08.29 16:09:00 - [88]
 

Originally by: CaptainQuick
blah blah blah blah blah what happened to hey we wil get you walking about in station outside your captains chamber by the end of the summer....looks like that will be anouther 2yrs like walking in stations huh....go figure CCP putting something out there that wasnt even promised to begin with to cover up the fact we are stuck inside captain chambers for anouther 2-3yrs


Your mistaken, this is something that was asked and promised long before WIS was even an idea back when the API first came out.

Xander Hunt
Minmatar
Dead Rats Tell No Tales
Posted - 2011.09.01 02:13:00 - [89]
 

Originally by: Johnathan Roark
Originally by: CaptainQuick
blah blah blah blah blah what happened to hey we wil get you walking about in station outside your captains chamber by the end of the summer....looks like that will be anouther 2yrs like walking in stations huh....go figure CCP putting something out there that wasnt even promised to begin with to cover up the fact we are stuck inside captain chambers for anouther 2-3yrs


Your mistaken, this is something that was asked and promised long before WIS was even an idea back when the API first came out.


So they've made additions, broke stuff, made things pretty much annoying, and NOW go back to their roots and follow up with things?

Damned if you, damned if you don't.

Miss Teri
Art of War Alliance
Posted - 2011.09.01 12:50:00 - [90]
 

Originally by: CCP Stillman
Originally by: Miss Teri
More fine-tuned access: nice. But...

Why keep the key in two parts? (Before: userid+key, now: keyid+vcode)

In fact, why allow custom vcodes? That would only decrease security, as people will be bound to select bad (easy to remember, short) vcodes.

Why not make it a single, auto-generated string? Easy to copy and paste into programs (single copy/paste instead of two, like it is now).



In order to not be easy to bruteforce, we're keeping it to two variables needed to access any API key. As for custom vCodes, we'll implement an auto-generate button. But for those who wants a custom vcode, we will allow that.

It is possible to create an insecure vcode, yes. But we will respond to bruteforce attacks on the API servers. And it's just nice to have it be generated by the user, should they decide to.



Way too late to change much now I guess, but some comments.

I think many of those that use custom vCodes is likely to use the same vCode for several keys. This will make it much easier to guess their keys. Just get one low-access key, and use that vCode and guess the keyid of keys with different access. This is made especially easy sine the keyid currently is just an incrementing number.

So please change the way keyids are assigned so they are random. This will increase the number of keyids that have to be tried to guess a key from thousands to billions, making it impractical to brute force.

Second, how to fix the 1 vs 2 keys usability problem. Quite easy, really. Just make it possible to get both keys in one string. If it was displayed as "64653:p97f8uguyfgpufgYfpiulGYfy" it could be copied in one go. 3rd party apps would then be able to implement support for this (but CCP must be first).


Pages: 1 2 [3] 4

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only