These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

API keys for recruitment

Author
Thora Zhubilai
Bluenose Corporation
#21 - 2015-03-03 11:37:16 UTC
Lan Wang wrote:


in a game where people can steal and awox corps and players the directors are only looking out for every other player in the corp. i see no issue with this and good luck getting into a decent corp with that mindset


Do API really avoid "steal and awox"?...NOPE

Why should i trust Corpleaders if they don't trust me?

The paranoid mindset behind that "Controlling" is a good reason to stay in NPC.


Hi all!

Ka'Narlist
Dreddit
Test Alliance Please Ignore
#22 - 2015-03-03 11:39:40 UTC
Claud Tiberius wrote:
Roll The reason Corps ask for full API is to mainly:

- Find out where you are.
- What you have been doing.
- What your abilities are.
- Tally corp statistics.

None of those requires a full api key
War Kitten
Panda McLegion
#23 - 2015-03-03 11:40:53 UTC
Vimsy Vortis wrote:
Loraine Gess wrote:
Pok Nibin wrote:
Full APIs are unnecessary, and any CEO asking for one demonstrates a lack of knowledge about the game sufficient to call his or her competence into question. Should a corp ask it of you, take that in consideration and ask yourself if you really want to be part of a group if their leadership is so...questionable.




So apparently everyone better than you, including all the large nullsec organizations, are incompetent. Of course.

If you think it's necessary to view someone's industry information and faction warfare stats when recruiting them then yes, you are incompetent.

70% of the information available via the API is totally irrelevant to a recruiter, but they still ask for all of those boxes to be ticked anyway. That is dumb, you shouldn't ask people for a bunch of information you don't want and don't intend to even look at. It just makes people suspicious of your intentions.


If the information is irrelevant, why are you intent on hiding it? Industrial activities can tell your leaders whether or not you're building cap/supercaps and selling them to enemies. Faction war stats can indicate whether you're familiar with lowsec. Just because you haven't done any recruiting and don't think it is useful information doesn't mean it isn't.

... and for large alliances, the API is the best way to keep tabs on hundreds or thousands of people. An active API key is used to authenticate you on forums, teamspeak, jabber, mumble, and various other tools that your group might offer. It's going to be non-negotiable for most serious corps and alliances in the game to maintain an active API key.

But if you don't want to be a member of a large organized group, that's entirely your choice, and you can hide all your dirty secrets about faction warfare and how many scourge missiles you've built in the last 3 months.

I don't judge people by their race, religion, color, size, age, gender, or ethnicity. I judge them by their grammar, spelling, syntax, punctuation, clarity of expression, and logical consistency.

ChromeStriker
Sebiestor Tribe
Minmatar Republic
#24 - 2015-03-03 11:44:16 UTC  |  Edited by: ChromeStriker
Thora Zhubilai wrote:
[quote=Lan Wang]
Do API really avoid "steal and awox"?...NOPE

Why should i trust Corpleaders if they don't trust me?

The paranoid mindset behind that "Controlling" is a good reason to stay in NPC.




Yes... actually....

Because said corp leaders are willing to put in the effort to protect the corp... It isnt a matter of trust, they WANT you in their corp, but they have to look out for their members and protect their interests from the potential of theift or awoxing. An API check is the fastest and easiest way of doing this.

No Worries

Storm Novah
Yada Industries
#25 - 2015-03-03 11:46:14 UTC  |  Edited by: Storm Novah
Lan Wang wrote:
well the fact that api's are used for all sorts of stuff including verifying who you are and also verifying you are actually in the corp before being able to use teamspeak and forums etc, not every situation where an api is requested is for spying on you or looking at your assets, i mean who really cares if you have something shiney in your hanger or you have 100bil isk.

in a game where people can steal and awox corps and players the directors are only looking out for every other player in the corp. i see no issue with this and good luck getting into a decent corp with that mindset

And what exactly is seeing the assets and wallet of a player going to tell them that would in any way be related to the security of a corp? Answer: none!

Which is why if a corp insists that the wallet and assets are "necessary" for an API check then I don't bother with pursuing membership with that corp.
Sisohiv
Center for Advanced Studies
Gallente Federation
#26 - 2015-03-03 11:51:55 UTC
I've given both limited and full API at various times because I'm not quite as paranoid as the people who ask for it. I'm also very candid about the fact that I have 5 accounts, 4 almost always active at a time so they are gathering no useable data from my API.

It doesn't even provide effective meta any more assuming I only had one account. Once upon a time you could determine what I might be flying and use it to profile me for spy ganking but with the two accounts I send to large corps, they both have SP for every sub cap in the game. It isn't even a game advantage choice, it was just wise to Nerf proof.

tl;dr it's not a threat but it's an antiquated habit we have in the game and speaks volumes about the corp you are applying to.
Lan Wang
Princess Aiko Hold My Hand
Safety. Net
#27 - 2015-03-03 12:07:25 UTC
Storm Novah wrote:
Lan Wang wrote:
well the fact that api's are used for all sorts of stuff including verifying who you are and also verifying you are actually in the corp before being able to use teamspeak and forums etc, not every situation where an api is requested is for spying on you or looking at your assets, i mean who really cares if you have something shiney in your hanger or you have 100bil isk.

in a game where people can steal and awox corps and players the directors are only looking out for every other player in the corp. i see no issue with this and good luck getting into a decent corp with that mindset

And what exactly is seeing the assets and wallet of a player going to tell them that would in any way be related to the security of a corp? Answer: none!

Which is why if a corp insists that the wallet and assets are "necessary" for an API check then I don't bother with pursuing membership with that corp.


whats so secret about it? if corps are building tools or using asset lists and wallet for building doctrines around what people can afford to fly or making sure they can afford to be deployed during wars and ever changing doctrines then whats the issue or to check people have carriers and other tactical assets for when they are needed, as said nobody really cares about your isk as long as your joining fleets (all my isk gets transferred to my trading alt anyway), but what use are you to a pvp corp if you dont have the right assets and no money to buy them? if its irrelevant then why even care about showing it.

it doesnt really do much as so many people have alts but having tools and stats are pretty cool

Domination Nephilim - Angel Cartel

Calm down miner. As you pointed out, people think they can get away with stuff they would not in rl... Like for example illegal mining... - Ima Wreckyou*

Aralyn Cormallen
Deep Core Mining Inc.
Caldari State
#28 - 2015-03-03 12:11:49 UTC  |  Edited by: Aralyn Cormallen
This is always an arguement between the "My Privacy!" crowd and the "Meh, who cares" crowd.

There are many completely acceptable reasons to want to see or check any and all parts of the API, but likewise, there are many reasons why those same parts don't need to be seen. It is all a matter of your point of view. Ultimately, it's going to depend on what you personally consider acceptable.

What you need to know about API's is:

- They can see your skills. They cannot change your training.
- They can see your assets and wallet, and they can see who you have given money to in the past. They cannot take any of those assets or send them on to anyone else.
- They can read your mails. They cannot read mails you have deleted, and they cannot send mails in your name.
- They can see your contacts. They cannot change any of your personal contacts or add any personal contacts (although, if you join, you will inherit corp/alliance contacts)

If you are giving your API to anyone, you have to ask yourself:

- What are you lettimg them see?
- Can allowing this information to be seen put you, your assets, or your plans at risk?
- Can keeping information hidden place you, your assets, or plans at risk ? (bear in mind, any information a recruiter allows you to keep hidden, he is likely allowing others to keep hidden - what potential risk are you being put in by lax recruiting standards)

Ultimately it is your choice. Some places will ask for full APIs, others will ask for tailored APIs to cut out the irrelevant information. For example, to be a member of my corp and alliance, I have submitted three different APIs for each of my two accounts with information pertinent to what I am involved in. One of those does indeed include assets, something that a lot of people would balk at. Why? Because I am part of the Alliances Capital and Supercapital groups, and as part of that, its kinda mandatory to ensure I possess the Capital and Supercapital assets I claim I have (and that I have the skills to fly the vessel, and my ship fitted to the level required by alliance doctrine). It may not be much, but thats an extra level of security to my ships, since I know that random throwaway spy alts can't infiltrate those groups without having the needed skills and assets, and it also means I am not being put at risk on the field by discovering too late that my cap buddy doesn't have the skills or mods needed to do his job, something that could leave me stranded and vulnerable. To me, the extra protection provided to my Supercarrier by knowing every other SC going in to battle with me is correctly fit and piloted, is worth the miniscule risk added to my pimped Nightmare by having that appear on the API survey.
Loraine Gess
Confedeferate Union of Tax Legalists
#29 - 2015-03-03 12:50:14 UTC
Vimsy Vortis wrote:
Loraine Gess wrote:
Pok Nibin wrote:
Full APIs are unnecessary, and any CEO asking for one demonstrates a lack of knowledge about the game sufficient to call his or her competence into question. Should a corp ask it of you, take that in consideration and ask yourself if you really want to be part of a group if their leadership is so...questionable.




So apparently everyone better than you, including all the large nullsec organizations, are incompetent. Of course.

If you think it's necessary to view someone's industry information and faction warfare stats when recruiting them then yes, you are incompetent.

70% of the information available via the API is totally irrelevant to a recruiter, but they still ask for all of those boxes to be ticked anyway. That is dumb, you shouldn't ask people for a bunch of information you don't want and don't intend to even look at. It just makes people suspicious of your intentions.



I take it you don't do recruitment, or you don't do it very well. Every scrap of information that appears can always be vetted later, if not meta checked immediately, to eliminate problems before they become large problems. The more facts someone has to juggle, the harder the liar finds to do so.
ChromeStriker
Sebiestor Tribe
Minmatar Republic
#30 - 2015-03-03 12:50:20 UTC  |  Edited by: ChromeStriker
Storm Novah wrote:


Which is why if a corp insists that the wallet and assets are "necessary" for an API check then I don't bother with pursuing membership with that corp.


Just to clear up this small point...

First it shows if you are self efficient, and able to support yourself effectivly. A corp will normally help in making isk but not hand holding.

Second it can flag up some annomilies... i interviewed a toon that transfered 5 billion isk between a couple of toons 3 months before and when i asked why they dropped the conversation never to be seen again. Roll

Its all little bits useful for an interviw... finding about alts they failed to mention, surprise income sources, aplicable for a training corp, they say they can do x but can really only do y....

No Worries

knobber Jobbler
State War Academy
Caldari State
#31 - 2015-03-03 12:59:05 UTC
Storm Novah wrote:

And what exactly is seeing the assets and wallet of a player going to tell them that would in any way be related to the security of a corp? Answer: none!


Good one. I assume your corp is pretty irrelevant, otherwise it's full of spies and you have no way of knowing if they're on the take or not from another corp or alliance.
Vimsy Vortis
Shoulda Checked Local
Break-A-Wish Foundation
#32 - 2015-03-03 21:47:53 UTC
Loraine Gess wrote:
I take it you don't do recruitment, or you don't do it very well. Every scrap of information that appears can always be vetted later, if not meta checked immediately, to eliminate problems before they become large problems. The more facts someone has to juggle, the harder the liar finds to do so.


Actually we just prefer not to run our computer game guild like a totalitarian police state.
Pok Nibin
Doomheim
#33 - 2015-03-03 22:09:46 UTC  |  Edited by: Pok Nibin
Aralyn Cormallen wrote:
What you need to know about API's is:

- They can see your skills. They cannot change your training.
- They can see your assets and wallet, and they can see who you have given money to in the past. They cannot take any of those assets or send them on to anyone else.
- They can read your mails. They cannot read mails you have deleted, and they cannot send mails in your name.
- They can see your contacts. They cannot change any of your personal contacts or add any personal contacts (although, if you join, you will inherit corp/alliance contacts)

If you are giving your API to anyone, you have to ask yourself:..
I'll ask myself whatever the F I want. I'm certainly not going to consult YOU to find out what I should ask my SELF. I find this attitude to be overbearing and useless...which are the two traits most in common with CEOs that demand full APIs. I don't want anyone to read my wallet. Why? It has nothing to do with PRIVACY. It has to do with, the information is useless. CEOs that think they're getting spy information from seeing member's wallets are IDIOTS. I don't want an IDIOT for a CEO, so I don't want my CEO looking at my wallet. I know that makes sense, but does it make sense to YOU?
(I seriously doubt it.)

I do not want my CEO reading my contacts; none of my contacts. They are MY contacts. That's why they're called "MY CONTACTS." This informations is of no use to a CEO and can be hilariously manipulated by a SPY to create any impression a SPY wishes to create. If a CEO doesn't know this, then he/she is too dumb to be a CEO and I don't WANT a DUMB CEO so I don't want my CEO looking at MY CONTACTS! Is that too SUBTLE FOR YOU?

If anyone is asking for your API to be in their corp, you have to ask yourself, "Do I want to associate myself with people that are this STUPID?"

The right to free speech doesn't automatically carry with it the right to be taken seriously.

Davir Sometaww
Spooks On Pings
SE7EN-SINS
#34 - 2015-03-03 22:53:43 UTC
No Class wrote:
So i'm looking for a new corp, but on the adverts i'm seeing almost all of them want my FULL API key. Is this safe? Can anything bad come of this?


Yes.
Storm Novah
Yada Industries
#35 - 2015-03-04 00:29:04 UTC
knobber Jobbler wrote:
Storm Novah wrote:

And what exactly is seeing the assets and wallet of a player going to tell them that would in any way be related to the security of a corp? Answer: none!


Good one. I assume your corp is pretty irrelevant, otherwise it's full of spies and you have no way of knowing if they're on the take or not from another corp or alliance.

Actually the corp is my own and all the drama that accompanies applying for a large corp (not to mention the political drama you deal with once you get in) is the main reason I don't even bother.
Spurty
#36 - 2015-03-04 00:39:01 UTC
No Class wrote:
Wow, thanks for the honest responses. I feel allot better about it now.


It's a READ ONLY view of your characters.

The purpose is often to allow for automation of access to secure resources such as forums, communications and 3rd party tools.

Now, if you need to 'hide' something from recruiters, you're probably already too much effort for any entity with over 100 characters in it.

Look here for more details https://developers.eveonline.com/resource/xml-api

Don't be too scared.

There are good ships,

And wood ships,

And ships that sail the sea

But the best ships are Spaceships

Built by CCP

Jonah Gravenstein
Machiavellian Space Bastards
#37 - 2015-03-04 01:07:00 UTC
Nami Kumamato wrote:
Do deleted mails appear in the full API also ?
Depends on whether or not you remember to empty the trash folder.


In the beginning there was nothing, which exploded.

New Player FAQ

Feyd's Survival Pack

Serene Repose
#38 - 2015-03-04 01:22:41 UTC
War Kitten wrote:
Vimsy Vortis wrote:
Loraine Gess wrote:
Pok Nibin wrote:
Full APIs are unnecessary, and any CEO asking for one demonstrates a lack of knowledge about the game sufficient to call his or her competence into question. Should a corp ask it of you, take that in consideration and ask yourself if you really want to be part of a group if their leadership is so...questionable.




So apparently everyone better than you, including all the large nullsec organizations, are incompetent. Of course.

If you think it's necessary to view someone's industry information and faction warfare stats when recruiting them then yes, you are incompetent.

70% of the information available via the API is totally irrelevant to a recruiter, but they still ask for all of those boxes to be ticked anyway. That is dumb, you shouldn't ask people for a bunch of information you don't want and don't intend to even look at. It just makes people suspicious of your intentions.


If the information is irrelevant, why are you intent on hiding it? Industrial activities can tell your leaders whether or not you're building cap/supercaps and selling them to enemies. Faction war stats can indicate whether you're familiar with lowsec. Just because you haven't done any recruiting and don't think it is useful information doesn't mean it isn't.

... and for large alliances, the API is the best way to keep tabs on hundreds or thousands of people. An active API key is used to authenticate you on forums, teamspeak, jabber, mumble, and various other tools that your group might offer. It's going to be non-negotiable for most serious corps and alliances in the game to maintain an active API key.

But if you don't want to be a member of a large organized group, that's entirely your choice, and you can hide all your dirty secrets about faction warfare and how many scourge missiles you've built in the last 3 months.

Please. Tell me you didn't say that. You need an API to tell if a corpy is selling capitals to the enemy? The only way this makes sense is if you AREN'T a CEO. Tell me, just how many people in this game can build caps? How many can build caps on the side - UNDETECTED? The best way to keep up with personnel in a large organization is by structural hierarchy and authority delegation. The best way to THINK you're doing all this is to monitor APIs and hallucinate.

...scourge missiles.....yeah...a lot of text you have, but no point.

We must accommodate the idiocracy.

Scipio Artelius
Weaponised Vegemite
Flying Dangerous
#39 - 2015-03-04 01:47:43 UTC  |  Edited by: Scipio Artelius
Thora Zhubilai wrote:
can i have API key from recruiters, directors or from CEO?...
no!

Have you ever asked?

If you applied to join Vendo and we wanted to look at your API (we only use limited when we need them at all), then I'd have no problem handing over mine. None of the Directors or the CEO would have a problem with it.

I'm sure we aren't unique in that regard. We know what people feel about being asked for an API. Only right that they be able to check us out as well.
Sibyyl
Garoun Investment Bank
Gallente Federation
#40 - 2015-03-04 02:53:28 UTC

Jonah Gravenstein wrote:
Nami Kumamato wrote:
Do deleted mails appear in the full API also ?
Depends on whether or not you remember to empty the trash folder.




I had a conversation about this with a friend one time. Don't count on deleting your mails faster than your corp pinging the API and downloading what's there. It's a better policy to not have anything sensitive in email.

I have a hard time following that advice myself.. most or all my mails have some personal content so it is not trivial just to hide myself completely.

Joffy Aulx-Gao for CSM. Fix links and OGB. Ban stabs from plexes. Fulfill karmic justice.