These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Technology Lab

 
  • Topic is locked indefinitely.
 

Devsite blog: The end of public CREST as we know it

First post
Author
Previous Topic Next Topic
CCP Phantom
C C P
C C P Alliance
#1 - 2016-04-18 14:14:16 UTC  |  Edited by: CCP Logibro
Instead of having public CREST for public resources (public-crest.eveonline.com) and authed CREST for authenticated stuff we are now just going to have CREST on the crest-tq.eveonline.com domain!

If you request a resource from CREST that should be public it will just work and won't require any authentication.

These changes are coming with the EVE: Citadel expansion on April 27.

Read more about these changes in CCP FoxFour's latest developer blog The end of public CREST as we know it.

CCP Phantom - Senior Community Developer
Mr Mac
Dark Goliath
#2 - 2016-04-18 17:16:39 UTC
Nice.
Should be nice to get updated list of endpoints and cache time for each endpoint. Please.
Eltmon
Ascending Angels
#3 - 2016-04-19 00:07:04 UTC
I'm confused. "no longer support public CREST" but also "If you request a resource from CREST that should be public it will just work and won't require any authentication. Wonderful stuff this is! However we are unable to support public CREST when this change is deployed."

I'm confused. Do you simply mean public CREST calls are changing endpoints or are you removing functionality?
Proddy Scun
Doomheim
#4 - 2016-04-19 01:06:36 UTC  |  Edited by: Proddy Scun
badly worded announcement.


But I think you are just saying that you are merging public and authenticated CREST by

#1 you are closing the Public CREST interface and URL
#2 and all requests made there will be redirected to the authenticated CREST URL and interface (by 301)
#3 authenticated CREST will not require authentication be provided for public info


Overall you are promising that all the same public CREST requests can be obtained from the authenticated CREST if you just omit authentication.



Implied but not said

Unless of course it doesn't work for some specific request in practice. Which CCP will then try to fix that if it happens. Or prescribe an new API not requiring authentication if that more closely follows standards and is cheaper than making the non-compliant API work.

It may be wise to ensure all public CREST requests closely follow authenticated CREST API format minus authentication....as any problems will probably occur in those request. Of course such format differences should not exist given the high quality of CCP and strictly enforced coding standards. But if they do...
Iam Widdershins
Project Nemesis
#5 - 2016-04-19 08:05:49 UTC
Will this be affecting ratelimits for the CREST endpoints currently on public CREST?

Lobbying for your right to delete your signature
CCP FoxFour
C C P
C C P Alliance
#6 - 2016-04-19 13:58:32 UTC
Mr Mac wrote:
Nice.
Should be nice to get updated list of endpoints and cache time for each endpoint. Please.


Cache times are returned in the header of the response.

@CCP_FoxFour // Technical Designer // Team Tech Co

Third-party developer? Check out the official developers site for dev blogs, resources, and more.
CCP FoxFour
C C P
C C P Alliance
#7 - 2016-04-19 14:00:41 UTC
Proddy Scun wrote:
badly worded announcement.


But I think you are just saying that you are merging public and authenticated CREST by

#1 you are closing the Public CREST interface and URL
#2 and all requests made there will be redirected to the authenticated CREST URL and interface (by 301)
#3 authenticated CREST will not require authentication be provided for public info


Overall you are promising that all the same public CREST requests can be obtained from the authenticated CREST if you just omit authentication.



Implied but not said

Unless of course it doesn't work for some specific request in practice. Which CCP will then try to fix that if it happens. Or prescribe an new API not requiring authentication if that more closely follows standards and is cheaper than making the non-compliant API work.

It may be wise to ensure all public CREST requests closely follow authenticated CREST API format minus authentication....as any problems will probably occur in those request. Of course such format differences should not exist given the high quality of CCP and strictly enforced coding standards. But if they do...


There should be no difference in requests between authed CREST and public CREST. The only difference was enforcing the requirement of an authorization header. That requirement has been removed.

@CCP_FoxFour // Technical Designer // Team Tech Co

Third-party developer? Check out the official developers site for dev blogs, resources, and more.
CCP FoxFour
C C P
C C P Alliance
#8 - 2016-04-19 14:01:03 UTC
Iam Widdershins wrote:
Will this be affecting ratelimits for the CREST endpoints currently on public CREST?


The public CREST rate limits will be applied to crest-tq.

@CCP_FoxFour // Technical Designer // Team Tech Co

Third-party developer? Check out the official developers site for dev blogs, resources, and more.
Wollari
Dirt Nap Squad
#9 - 2016-04-23 15:25:30 UTC
So right now you're planning to break existing applications I guess because of not having a transition phase.

Right now the crest-tq endpoint does not accept public endpoints being called without authentication. So the only preperation I can do is to enable (allow redirect) while waiting until the change is applied end then change my public crest calls to the new domain name.

I hope it works out ...

DOTLAN EveMaps | Your out-of-game map, navigation toolset, sov database, etc. since 2008
Omniscient Fury
Whole Squid
#10 - 2016-04-24 00:13:53 UTC
Throwing this here in case you missed the previous thread.

There are some bugs with CREST SSO right now where if you authenticate while the EVE client is open and logged in, the proxy immediately throws back a 502 at you. Is this fixed in the 27th release?
Jobe McJoberson
Consolidated Mining Network
#11 - 2016-04-24 21:18:20 UTC  |  Edited by: Jobe McJoberson
Omniscient Fury wrote:
Throwing this here in case you missed the previous thread.

There are some bugs with CREST SSO right now where if you authenticate while the EVE client is open and logged in, the proxy immediately throws back a 502 at you. Is this fixed in the 27th release?


I just recently started having this exact same problem. I noticed I was getting 502s back from authed CREST (crest-tq) and was able to fix it by logging out of Eve with the character whose token I am using.
CCP FoxFour
C C P
C C P Alliance
#12 - 2016-04-25 08:23:46 UTC
Wollari wrote:
So right now you're planning to break existing applications I guess because of not having a transition phase.

Right now the crest-tq endpoint does not accept public endpoints being called without authentication. So the only preperation I can do is to enable (allow redirect) while waiting until the change is applied end then change my public crest calls to the new domain name.

I hope it works out ...


Me to. :(

@CCP_FoxFour // Technical Designer // Team Tech Co

Third-party developer? Check out the official developers site for dev blogs, resources, and more.