Market Discussions

This one kind of snuck up on us. We thought customisable API would arrive Soon(TM) and instead it just arrived soon.

Whilst it'll take a little while for third party apps to fully exploit and explore we now have the tools to allow exactly what we want and don't want through an API query.

Genuine offerers will be able to open up info to auditors/fact checkers/investors/prospective investors without releasing (eg) potentially sensitive corporation starbase asset information or personal mail communications. Scammers will have to think of new excuses as to why they can't release such information.

Full info available over at https://support.eveonline.com/api but the bullet list of what you can release or restrict at your choosing is below:

Account and Market

• Wallet Transactions
• Wallet Journal
• Market Orders
• Account Balance

Communications

• Notification Texts
• Notifications
• Mail Messages
• Mailing Lists
• Mail Bodies
• Contract Notifications
• Contract List

Private Information

• Contracts
• Account Status
• Character Info
• Upcoming Calendar Events
• Skill Queue
• Skill In Training
• Character Sheet
• Calendar Event Attendees
• Asset List

Public Information

• Character Info
• Standings
• Medals
• Kill Log
• Faction War Stats

Science and Industry

• Research
• Industry Jobs

Better still, all this can be further narrowed down to be specific to a corporation level or character level. And you can even limit to individual characters if you don't want to release identities of all.

This allows us to address many of the concerns people had in handing over full API keys in the past:

• "I can't reveal my corporation's starbase network" > Fine, create a Character API key rather than a Corporation key
• "All my alts work through a central corporation wallet" > Do the opposite, create a Corporation key
• "I don't want to reveal my super sekret trade items" > Always a rather weak one this, but if you desire, just release Wallet Journal but not Wallet Transactions to show broker fees, tax, and a history of trading but not the actual items traded
• "I don't want to reveal my personal mail" > No problem, just don't tick any of the Mail options, or even the whole Communications subsection
• "I just want to show I'm training the skill I say I'm training and nothing else" > Fine, just select the Skill In Training option
• "My Kill Log and faction war stats could be used against me by spies!" > Untick those options then.
• "I might forget and don't want to leave this info open forever" > Set an expiry date on the key
• "I don't want to release names of the alts on my account" > Might look a bit suspcious but the option's there, create a character specific key rather than an account wide one.

For a long while folks have had concerns about handing over full API keys, sometimes with good reason, sometimes with nefarious intent. This new customisable API setup should allow those who had good reason to release what they wish whilst requiring scammers to come up with a reasonable excuse as to why they wish to hide X, Y or Z.

One of the last great debates on the old forum has been about the future of public investment on the MD forum. Perhaps, with customisable API keys we can shine a tiny glimmer of light on what might be a brighter future for investment on this new sparkly forum.

I'd love for the new API keys to show the true intent of an investment, but until they create the "mind-reading" or "will this person run away with my ISK" part of the key... public investments in EVE will be risky at best, and an efficient way to throw away money at worst.

What part are you having difficulty with? Creating them or coding a 3rd party app for reading them? If the latter, I feel your pain but will likely be of little help; if the former then I'll do what I can.

As an example I just created an API key to reveal what I'm currently training and nothing more.
In the name section I put "Skill in Training" - purely for my own benefit, as you can have multiple keys to give to multiple sources for multiple reasons it makes sense to label effectively.
In the Verification Code section I clicked generate to spew forth a bonkers long pass key.
In the Character section I selected my char Tekota.
In the Type section I selected Character.
The Access Mask auto updates as you tick subsections, so leave that one be.
The expiry date I set to 09/09/2011, this Friday.

edit: note extended the expiry date to monday to permit further examples

Because all I wanted to reveal in this key was the skill I'm currently training, that's all I ticked - under the Private Information subheading.

This then spewed out a customisable api key I can give to third parties, or feed into apps, or, because it's such a limited scope one - share with the world:

ID
12801
Name
Skill In Training
Verification Code
mcl5xaiBwiI96Tgc7m29U2ntaut89m7m1PEvInhy1jfdqqkLxOQOis2McjgP5mYO
Character
Tekota
Type
Character
Access Mask
131072
Expires
2011/09/09

edit: note extended the expiry date to monday to permit further examples

Now, third party apps can obviously present the returned information in a much nicer format, but to show it's working, lets feed those into a URL to post to the API server: https://api.eveonline.com/char/SkillInTraining.xml.aspx?keyID=12801&vCode=mcl5xaiBwiI96Tgc7m29U2ntaut89m7m1PEvInhy1jfdqqkLxOQOis2McjgP5mYO

Note that "keyID" and "vCode" are the important bits from my API key, and these headings have replaced the old query headings. The return you get from that will not be pretty - that's why third party apps can clean all this up - but what you'll see alongside dates started, current end date and skill point progress is the string of numbers "3443" - This is the code for the Trade skill. And as the skill point totals will show a progress approaching 256,000 we know that I must be traiining Trade V at present.

Try the same URL again tomorrow and you should see I've moved onto to training "30538" to level V - this being the code for "Amarr Propulsion Subsystems".

Now, for our final trick - lets just ensure that the key I've made public can only and will only reveal the skill I'm currently training, so lets manually make the API call for wallet balance using the same keyID and vCode as before:
https://api.eveonline.com/char/AccountBalance.xml.aspx?keyID=12801&vCode=mcl5xaiBwiI96Tgc7m29U2ntaut89m7m1PEvInhy1jfdqqkLxOQOis2McjgP5mYO

This time you should get a very different response - "Illegal page request! Please verify the access granted by the key you are using!".

My problem is phone apps wont work with new API's - but i suspect its the app, probably req an update.

Speaking about auditors.

Since there are not so many auditors left, if anyone have questions or wants to know details about the profession or even just wants a talk (maybe trading oriented!) please contact me at vahrokh at yahoo dot com

I will not be able to reply to questions on the forums nor via EvE mail.

My heart says yes, my mind says no. I hope the former one distant day will win on the latter.

As a quick aside for those thinking that this makes it easier to scam. It is a very simple process to establish whether a supplied api key is character limited or account wide.

Any API request that requires a CharacterID field can be processed without that field if the api is character restricted.

So, if the API is char restricted then calling https://api.eveonline.com/char/AccountBalance.xml.aspx?keyID=???&vCode=??? is sufficient.