Pages: 1 2 [3] 4 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 21 post(s) |
Dierdra Vaal
Caldari Veto. Veto Corp
|
Posted - 2011.05.27 18:24:00 -
[61]
Instead of a 'Create vCode' button, may I recommend having an auto-generated vCode filled in by default? People can still manually edit it - but having a automagically generated, strong vCode already present by default will decrease the number of people using a weak 'human' vCode. It will also make it a little more convenient for people who don't wish to define their own vCode (which I think will be the majority).
Veto #205 * * * Director Emeritus at EVE University * * * CSM1 delegate, CSM3 chairman and CSM5 vice-chairman
|
|
CCP Stillman
|
Posted - 2011.05.27 21:48:00 -
[62]
Originally by: TornSoul Christmas - Already? (well.. it's not deployed yet but.. )
Close enough, in my opinion
Originally by: TornSoul
3: I think (hope!) the following is the case, but please confirm : - "oldschool" userid/apikey calls to the API will still be possible? (aka I won't have to update all my existing code with new paramnames)
For now, yes.
|
|
|
CCP Stillman
|
Posted - 2011.05.27 21:49:00 -
[63]
Originally by: Avraham Avinu Edited by: Avraham Avinu on 27/05/2011 06:29:25 Edited by: Avraham Avinu on 27/05/2011 06:16:25
When I Update a vCode, I get an "Authentication failure" using the updated vCode, yet my old vCode still works. It only started to work a couple minutes later. I suspect a server-side cache issue. This will confuse people and lead to the dark side.
This is indeed due to caching. There will always be a small delay, I'm afraid.
|
|
|
CCP Stillman
|
Posted - 2011.05.27 21:51:00 -
[64]
Originally by: Marcel Devereux
Originally by: CCP Stillman
Originally by: Marcel Devereux Edited by: Marcel Devereux on 26/05/2011 16:30:49 Can we please get a link for each key on the key management page that has the key info embedded as arguments in the URL (i.e. http://api.eve-online.com/key/?keyID=42&vCode=VERYSECRET)? I would like to register as a handler for that link and the user can chose to open the link with my application. This would allow for easy key entry into applications.
Is what you're asking for a button that will say "Copy API Key to clipboard", which people can click and then paste into the requesting application?
Only if it can work across all browsers and does not require flash to do it (i.e bit.ly's copy url to clipboard requires flash). What reservations do you have about providing the link?
I have no reservations. It was just a thought, based on what the goal of doing so was. We'll of course investigate all options for doing this
|
|
|
CCP Stillman
|
Posted - 2011.05.27 21:56:00 -
[65]
Originally by: Taureau Edited by: Taureau on 27/05/2011 18:36:19 Apologies if I'm incorrect about this, but if I try this URL with various parameters it fails: http://apitest.eveonline.com/API/APIKeyInfo.xml.aspx?keyID=1&vCode=VERYVERYSECRET
Sorry about that. That was a typo in the blog. The actual directory the call is in, is /account/. Fixed that
|
|
|
CCP Stillman
|
Posted - 2011.05.27 21:57:00 -
[66]
Originally by: Golden Gnu I can not access: https://supporttest.eveonline.com (http as well) It redirects me to https://supporttest.eveonline.com/Pages/KB/
Also, awesome change...
Fixed. The fix I made yesterday disappeared last night during the outage. It now links directly to the API key page
|
|
|
CCP Stillman
|
Posted - 2011.05.27 21:58:00 -
[67]
Originally by: Hel O'Ween
Question 1): This might be obvious, but better have it spelled out in written than all of us assuming something which's not true: personal and corporation keys are completely separated in the new system?
Example: assuming I'm a CEO or director, my full API key granted me complete access to both personal and corp API data. With the new system I would need to create two keys (personal and corporation) to achieve the some thing? I assume that's the case, but I rather have that confirmed.
Yes. That's unfortunately a trade off that had to be made.
Originally by: Hel O'Ween
Question 2): Will there be a replacement for the AccountStatus API?
The AccountStatus API is still there and works like it always has. So there won't be a replacement
|
|
Arkady Sadik
Minmatar Electus Matari
|
Posted - 2011.05.27 22:22:00 -
[68]
Awesome.
Oh, and for the people who don't want a user-define vCode: You're wrong.
A user-defined vCode alles client applications to actually use API keys for authentication by providing a challenge and requiring a user to have that challenge in the vCode they submit. <3
|
Golden Gnu
Gallente The Golden Gnu Corp
|
Posted - 2011.05.28 09:57:00 -
[69]
@CCP Spitfire Thx :)
Also, the [?] link for CharacterInfo links nowhere... _________________ Download is the meaning of life, upload is the meaning of intelligent life EVE.NiKR.NET - home of jEveAssets |
Marcel Devereux
Aideron Robotics
|
Posted - 2011.05.28 17:24:00 -
[70]
Originally by: CCP Stillman
Originally by: Marcel Devereux
Originally by: CCP Stillman
Originally by: Marcel Devereux Edited by: Marcel Devereux on 26/05/2011 16:30:49 Can we please get a link for each key on the key management page that has the key info embedded as arguments in the URL (i.e. http://api.eve-online.com/key/?keyID=42&vCode=VERYSECRET)? I would like to register as a handler for that link and the user can chose to open the link with my application. This would allow for easy key entry into applications.
Is what you're asking for a button that will say "Copy API Key to clipboard", which people can click and then paste into the requesting application?
Only if it can work across all browsers and does not require flash to do it (i.e bit.ly's copy url to clipboard requires flash). What reservations do you have about providing the link?
I have no reservations. It was just a thought, based on what the goal of doing so was. We'll of course investigate all options for doing this
Thanks for looking into it! Just remember to test on mobile browsers for what ever solution you come up with.
|
|
Irdalth Delrar
EVE University Ivy League
|
Posted - 2011.05.28 20:15:00 -
[71]
Originally by: CCP Stillman
Originally by: Hel O'Ween
Question 2): Will there be a replacement for the AccountStatus API?
The AccountStatus API is still there and works like it always has. So there won't be a replacement
As a follow up, what option from the new API will allow/restrict access to account-wide stuff like AccountStatus? As currently its on the Full API, I take it won't simply be accessible by default? Will checking Private Information -> CharacterInfo be the way? Or are there more options in the works that simply have not been released yet? --------------------------------------- Irdalth Delrar Diplomatic Director Eve University <IVY>
|
Hel O'Ween
Men On A Mission EVE Trade Consortium
|
Posted - 2011.05.28 21:02:00 -
[72]
Originally by: CCP Stillman
Originally by: Hel O'Ween
Question 2): Will there be a replacement for the AccountStatus API?
The AccountStatus API is still there and works like it always has. So there won't be a replacement
Ah, cool. I didn't saw it listed on the API key test page so I wondered if it will be perhaps merged with some other API (char info ...) -- EVEWalletAware - an offline wallet manager |
Marcel Devereux
Aideron Robotics
|
Posted - 2011.05.30 18:27:00 -
[73]
Another thing. Sometime after the release please evaluate the use of the expire feature. If the majority of the keys are set to not expire then this should be set as the default.
|
|
CCP Stillman
|
Posted - 2011.05.30 20:34:00 -
[74]
Originally by: Hel O'Ween
Originally by: CCP Stillman
Originally by: Hel O'Ween
Question 2): Will there be a replacement for the AccountStatus API?
The AccountStatus API is still there and works like it always has. So there won't be a replacement
Ah, cool. I didn't saw it listed on the API key test page so I wondered if it will be perhaps merged with some other API (char info ...)
You're right. It's not there. This will be fixed
|
|
Hel O'Ween
Men On A Mission EVE Trade Consortium
|
Posted - 2011.05.31 15:37:00 -
[75]
Originally by: CCP Stillman You're right. It's not there. This will be fixed
While you're at it, I didn't spot the Characters.xml.aspx either. |
Pi2
|
Posted - 2011.06.02 18:43:00 -
[76]
Edited by: Pi2 on 02/06/2011 18:42:53 Am I doing sth wrong or is currently creating Corp API Keys turned off? (got an CEO on the account I am trying with)
|
Hel O'Ween
Men On A Mission EVE Trade Consortium
|
Posted - 2011.06.03 11:49:00 -
[77]
Originally by: Pi2 Edited by: Pi2 on 02/06/2011 18:42:53 Am I doing sth wrong or is currently creating Corp API Keys turned off? (got an CEO on the account I am trying with)
Form the dropdown box "Character" you need to select the CEO char in order to be able to create corporation keys. Just tried it, works fine for me. -- EVEWalletAware - an offline wallet manager |
Consortium Agent
|
Posted - 2011.06.04 12:32:00 -
[78]
For those that want or need one, here's a 64 character random verification code generator:
http://www.reportbots.com/eve_vcode_generator/
Enjoy.
|
Efeu
Caldari Morituri Te Salutant
|
Posted - 2011.06.11 19:48:00 -
[79]
The links currently give a simple 404 Resource not found. |
Mella Elcus
|
Posted - 2011.06.13 17:14:00 -
[80]
Originally by: Efeu The links currently give a simple 404 Resource not found.
https://supporttest.eveonline.com/API is still dead and it looks like the api test server is reset to the old userid/apikey system. Not much testing possible atm :>
|
|
Taureau
Innovia Innovia Alliance
|
Posted - 2011.06.13 21:49:00 -
[81]
Originally by: Mella Elcus
Originally by: Efeu The links currently give a simple 404 Resource not found.
https://supporttest.eveonline.com/API is still dead and it looks like the api test server is reset to the old userid/apikey system. Not much testing possible atm :>
You make me cry CCP. :(
|
Joss56
Gallente Unleashed' Fury
|
Posted - 2011.06.15 15:34:00 -
[82]
Yoooouhooooooou !!
Mails added, notifications added, this is awesome.
Little effort add contracts please and I'll do babies with you all day&night ________________________________________________
"You do realise you live on a globe, right? And that there places outside the USA/UK?"
|
Hel O'Ween
Men On A Mission EVE Trade Consortium
|
Posted - 2011.06.15 16:16:00 -
[83]
Originally by: Joss56
Mails added, notifications added, this is awesome.
You are aware that mails/notifications have been available for a year now? -- EVEWalletAware - an offline wallet manager |
Assaj Ventress
|
Posted - 2011.06.16 13:45:00 -
[84]
Any idea on when supporttest.eveonline.com/api is going up again? -----------------
|
Taureau
Innovia Innovia Alliance
|
Posted - 2011.06.27 18:56:00 -
[85]
Is this going back up anytime soon? What's the status on this?
|
Johnathan Roark
Caldari The Graduates Morsus Mihi
|
Posted - 2011.07.15 22:23:00 -
[86]
Looks like the page is backup but the keys don't work :(
POS-Tracker 3.0 Hosting |
CaptainQuick
|
Posted - 2011.08.29 11:22:00 -
[87]
blah blah blah blah blah what happened to hey we wil get you walking about in station outside your captains chamber by the end of the summer....looks like that will be anouther 2yrs like walking in stations huh....go figure CCP putting something out there that wasnt even promised to begin with to cover up the fact we are stuck inside captain chambers for anouther 2-3yrs
|
Johnathan Roark
Caldari The Graduates Morsus Mihi
|
Posted - 2011.08.29 16:09:00 -
[88]
Originally by: CaptainQuick blah blah blah blah blah what happened to hey we wil get you walking about in station outside your captains chamber by the end of the summer....looks like that will be anouther 2yrs like walking in stations huh....go figure CCP putting something out there that wasnt even promised to begin with to cover up the fact we are stuck inside captain chambers for anouther 2-3yrs
Your mistaken, this is something that was asked and promised long before WIS was even an idea back when the API first came out.
EVEVERIFY Recruitment API Verifier |
Xander Hunt
Minmatar Dead Rats Tell No Tales
|
Posted - 2011.09.01 02:13:00 -
[89]
Originally by: Johnathan Roark
Originally by: CaptainQuick blah blah blah blah blah what happened to hey we wil get you walking about in station outside your captains chamber by the end of the summer....looks like that will be anouther 2yrs like walking in stations huh....go figure CCP putting something out there that wasnt even promised to begin with to cover up the fact we are stuck inside captain chambers for anouther 2-3yrs
Your mistaken, this is something that was asked and promised long before WIS was even an idea back when the API first came out.
So they've made additions, broke stuff, made things pretty much annoying, and NOW go back to their roots and follow up with things?
Damned if you, damned if you don't.
|
Miss Teri
Art of War Alliance
|
Posted - 2011.09.01 12:50:00 -
[90]
Originally by: CCP Stillman
Originally by: Miss Teri More fine-tuned access: nice. But...
Why keep the key in two parts? (Before: userid+key, now: keyid+vcode)
In fact, why allow custom vcodes? That would only decrease security, as people will be bound to select bad (easy to remember, short) vcodes.
Why not make it a single, auto-generated string? Easy to copy and paste into programs (single copy/paste instead of two, like it is now).
In order to not be easy to bruteforce, we're keeping it to two variables needed to access any API key. As for custom vCodes, we'll implement an auto-generate button. But for those who wants a custom vcode, we will allow that.
It is possible to create an insecure vcode, yes. But we will respond to bruteforce attacks on the API servers. And it's just nice to have it be generated by the user, should they decide to.
Way too late to change much now I guess, but some comments.
I think many of those that use custom vCodes is likely to use the same vCode for several keys. This will make it much easier to guess their keys. Just get one low-access key, and use that vCode and guess the keyid of keys with different access. This is made especially easy sine the keyid currently is just an incrementing number.
So please change the way keyids are assigned so they are random. This will increase the number of keyids that have to be tried to guess a key from thousands to billions, making it impractical to brute force.
Second, how to fix the 1 vs 2 keys usability problem. Quite easy, really. Just make it possible to get both keys in one string. If it was displayed as "64653:p97f8uguyfgpufgYfpiulGYfy" it could be copied in one go. 3rd party apps would then be able to implement support for this (but CCP must be first).
|
|
|
|
|
Pages: 1 2 [3] 4 :: one page |
First page | Previous page | Next page | Last page |