Jita Park Speakers Corner

I am super excited about this

I agree, and I have asked CCP to make this a priority. I suspect they want to test out a little less harmful API first, but I will be arguing for this as the very next API to make available from CREST.

There are so many ways this can be abused.

Seriously, do NOT do this.

I too am really excited about this feature.

The thing I would be most looking forward to as an individual is being able to pull market information, be able to use my own tools and market metrics, and potentially be able to update market orders without having to load up the game. I like being able to use my own interface and tools to reduce the amount of clicks I have to make.

Another good use of CREST would be to allow corporation management. It would make third party auth systems a lot more effective as designated managers only need to push one set of buttons to change things around, not to mention allowing people to change permissions without having to log into the game.

The downside however, is that clever people will use write access ability to create efficient programs to automatically earn isk for you. And of course, the scamming metagame will shift towards obtaining full character PUSH APIs via malware or old fashioned social engineering.

Not that any of this is a bad thing in my opinion, because cleverness should be rewarded and stupidity punished, but it could clash with the rules already put in place by the GMs and the security team. Lots of people would be turned off by the idea as well, because people would be making isk for "no effort".

Please expose these things, just don't tell CCP Sreegs you are going to :P

Serious. I. Will. Abuse. Them. (or the many people smarter than I will)

ANYTHING you expose via API will be able to be automated.
ANYTHING important that can be done via API people will develop mal-ware to do once they trick people into running it.

Not the original parent but a programmer, think about it.

For the malware to steal their EvE account details it must do something it isn't supposed to, and steal their credentials.

If you open up the APIs, then the users will GIVE their Push API keys to the program willingly for one purpose, only to have it subverted for some other purpose.

This second scenario is much more likely, is easier to program, and may/may not be noticed by the user, since they will be able to line up API access with when they use the program, and are expecting the program to use the API.

Think of it as Theft vs Embezzling.

Also, as mentioned above, anything that can be done via the API *WILL* be automated, once that's done, people will flock to download those programs and give them their API keys (which have traditionally been safe and Read Only), which will introduce a natural an unprotected attack vector.

That was my very first thought when I heard that we might get CREST, "I can implement most of Malcanis' bounty proposal without waiting for CCP to do that!" Everything except the kill rights could be done with CREST. As long as there's someone popular who will lend their name to it, it would be trivial to hand them the source code and let them run it. :)

But let me make a list of other things that can be possible if the only thing CREST allows you is paying people:

1. You can run a corporation like it's a corporation and not a commune. You can automatically and impartially pay people for the performance of specific duties -- as long as the performance of these duties can be programmatically detected, the code can pay for them. Mine for the corp, get paid for what you drop into the corp hangar. Kill the corp's enemies, get paid per head - or per ship class or whatever. Trade for the corp, get a share of the profit from the orders you have managed. The relationship can be arbitrarily complex, from weekly salary and automated performance review, to immediate reaction as soon as the performance of a duty is registered anywhere.
2. You can set up an automatic ship reimbursement program.
3. The potential for IGB-based derivative trading services is pretty much immeasurable. And while there's a lot to be said about derivatives, much of it not very nice, the Eve economy would move that much faster.
4. You can have an automatic escrow service capable of determining if the breach of contract has occurred. The most obvious use of which would be a programmatically enforced pirate ransom contract. Proper by-the-book piracy could become a reasonable business once again.

I could probably go on, that's just what I can think of in ten minutes.

Well, apart from the pure speculation that everyone in this thread is doing, we need specific details on what CCP are actually planning.

What we need to know is:

1. How many developers are working on CREST
2. Is the EVE API staying as Read-only or will it be superseded by CREST
3. How much overlap does CREST take on the current API
4. What operations will be available?
5. What are the costs for 3rd party devs?
6. How do we get compensated for making CCP's product better?
7. Are CCP planning to take over market metrics such as Eve Central with real market access?
8. Where does static data dump fit into all of this?
9. Is anyone planning to standardise the static data dump?
10. Does CCP realise how much 3rd party developers need metadata access before patch releases?
11. What are the limits to calls (if any), and what is their stance on automated market arbitrage?

Why do you need to know how many devs are working on CREST?

The current API will always be read only, CREST is the writable API system.

Costs have already been discussed, they will be $0.

CCP isn't going to pay you for 3rd party apps, if that is what you are asking. Details on allowing ads and whatnot are forthcoming.

The SDD is a big issue, and I will certainly be bringing it up.