These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

API keys for recruitment
Author
Previous Topic Next Topic
Feyd Rautha Harkonnen
Doomheim
#101 - 2015-03-17 14:17:22 UTC
Tipa Riot wrote:
Feyd Rautha Harkonnen wrote:
No Class wrote:
So i'm looking for a new corp, but on the adverts i'm seeing almost all of them want my FULL API key. Is this safe? Can anything bad come of this?

Safe.

No it is not, never not post a full API to some internet page Ugh

API's are read-only access to info and don't provide any form of EvE account logon, so please expand on how 'not safe'?


Would you like to know more?
Tipa Riot
Federal Navy Academy
Gallente Federation
#102 - 2015-03-17 14:28:22 UTC  |  Edited by: Tipa Riot
Feyd Rautha Harkonnen wrote:
Tipa Riot wrote:
Feyd Rautha Harkonnen wrote:
No Class wrote:
So i'm looking for a new corp, but on the adverts i'm seeing almost all of them want my FULL API key. Is this safe? Can anything bad come of this?

Safe.

No it is not, never not post a full API to some internet page Ugh

API's are read-only access to info and don't provide any form of EvE account logon, so please expand on how 'not safe'?

Sure, it does not provide real life information directly, if you were cautious with what you do in game. But I'm not sure everybody is aware, that a full API provides your mails, your wallet transactions, your inventory, your location, your industry jobs, your market orders, etc. on all chars ...which allows a 3rd party to compile a nice profile about your life in New Eden.

To interact with 3rd party software you are using restricted APIs.

I'm my own NPC alt.
Feyd Rautha Harkonnen
Doomheim
#103 - 2015-03-17 14:40:43 UTC
BrundleMeth wrote:

What crap. You are saying not wanting to give away personal information about my account is the same as disobeying their FC in a fleet? It's not as you say "they can't follow a simple rule". It is rather they don't WANT to follow a stupid demand for personal information. Hardly the same as following commands when "playing a bloody game".

Just an absolute stupid comparison...

There are epic levels of misinformation about what EvE API's are and are not being thrown about in this thread, by people that clearly haven't a fricken clue, and in the absence of real knowlege are confusing normal internet security practices around protecting personal information with EvE toon API's...

- EvE API keys provide a way for someone else to view your characters in-game information in a read-only manner only. The API does not provide the ability to post changes or updates, of any kind. So first off, its READ ONLY.

- Secondly, EvE API keys do not provide any account level information, like your logon id, password or personal details kept in your EvE account by CCP. The only information exposed through API's is in-game toon information, no real life information.

In short, the worst 'exposure' you get from giving someone a full set of API keys, is they can read your in-game EvE mails and see all your in-game transactions on the marketplace etc etc. Whoop-de-fricken-doo, and if you were dumb enough to EvE mail someone in game any personal info in the first place, the security issue is you, not an API after the fact....

F



Would you like to know more?
Feyd Rautha Harkonnen
Doomheim
#104 - 2015-03-17 14:46:36 UTC  |  Edited by: ISD Dorrim Barstorlode
Tipa Riot wrote:

Sure, it does not provide real life information directly, if you were cautious with what you do in game. But I'm not sure everybody is aware, that a full API provides your mails, your wallet transactions, your inventory, your location, your industry jobs, your market orders, etc. on all chars ...which allows a 3rd party to compile a nice profile about your life in New Eden.

To interact with 3rd party software you are using restricted APIs.

See my previous post, no real life (account) information is exposed directly or otherwise by the API's, so you are confabulating the issue by mixing 'real life information' security concerns with TOON information...

Secondly, having someone else compile a profile of your TOON life in New Eden is exactly the point of a new-applicant security review by a recruiter brainiac.

Where you cross the line is by portraying EvE API's as 'unsafe', when there are no internet security concerns with it, just your personal preference not to allow a recruiter to see what you have been up to IN EVE. Thats a TOON privacy concern, NOT a personal security/safety one, or a real-life information one.

F

Removed some words. -ISD Dorrim Barstorlode

Would you like to know more?
TigerXtrm
KarmaFleet
Goonswarm Federation
#105 - 2015-03-17 14:56:43 UTC
Loraine Gess wrote:
Pok Nibin wrote:
Full APIs are unnecessary, and any CEO asking for one demonstrates a lack of knowledge about the game sufficient to call his or her competence into question. Should a corp ask it of you, take that in consideration and ask yourself if you really want to be part of a group if their leadership is so...questionable.




So apparently everyone better than you, including all the large nullsec organizations, are incompetent. Of course.


With the API system these days being capable of including only specific information, there should be no reason for anyone to ask a Full API key. If they want to see your kill history, mails, location, wallet and assets then they should ask for a key that covers just those 5 things. Not everything else on top of that.

Honestly it's little effort as a corp to just generate a pre-made link for people to use... Full API's are so 2007.

My YouTube Channel - EVE Tutorials & other game related things!

My Website - Blogs, Livestreams & Forums
Feyd Rautha Harkonnen
Doomheim
#106 - 2015-03-17 15:02:19 UTC  |  Edited by: Feyd Rautha Harkonnen
TigerXtrm wrote:

With the API system these days being capable of including only specific information, there should be no reason for anyone to ask a Full API key. If they want to see your kill history, mails, location, wallet and assets then they should ask for a key that covers just those 5 things. Not everything else on top of that.

Honestly it's little effort as a corp to just generate a pre-made link for people to use... Full API's are so 2007.

You missed character sheet for skill checks, standings (to see who you have blue'd etc), and actual transactions to audit money sent to/from undisclosed alts or enemy spymasters, etc... There are reasons why full keys are needed by recruiters and on an going basis by internal-security directors guys....

You want to be part of a quality alliance/corp? Prepare to hand over full keys. Anyone not requiring them is more of a risk to you and your assets by being scrublords, who will get you killed (in game) by someone else they didn't check IMHO... think about that.

F

Would you like to know more?
Tipa Riot
Federal Navy Academy
Gallente Federation
#107 - 2015-03-17 15:29:41 UTC  |  Edited by: ISD Dorrim Barstorlode
Feyd Rautha Harkonnen wrote:

Where you cross the line is by portraying EvE API's as 'unsafe', when there are no internet security concerns with it, just your personal preference not to allow a recruiter to see what you have been up to IN EVE. Thats a TOON privacy concern, NOT a personal security/safety one, or a real-life information one.
F

Yes, it's char privacy. Yes, we all live in a perfect rational world, where people read Terms of Use and strictly separate social interaction with their chars in-game and real-life interaction (on both sides). Also seeing char information exploited could negatively influence your real-life experience playing that char. Hence it's not just plain safe, there are risks you need to be aware of, even if they are not directly connected to your account.

I'm my own NPC alt.
Feyd Rautha Harkonnen
Doomheim
#108 - 2015-03-17 18:14:44 UTC
Tipa Riot wrote:

Yes, it's char privacy. Yes, we all live in a perfect rational world, where people read Terms of Use and strictly separate social interaction with their chars in-game and real-life interaction (on both sides).

Nothing in an API key breaks that separation, as I mentioned.

If someone crosses that line by putting personal info in an EvE mail in the first place, they screwed up at mail creation time, not at API key publish time. Elvis has already left the building.

Quote:

Also seeing char information exploited could negatively influence your real-life experience playing that char. Hence it's not just plain safe, there are risks you need to be aware of, even if they are not directly connected to your account.

Let's clarify 'safe' and 'risks' here, because you (and others) seem to be disingenuously confusing the 'risks' of EvE character API use, with real life internet privacy and security concerns...not cool.

So, is your toon exposed to more 'risk' of being 'meta-gamed' by other entities in-game if your API key leaks and an enemy alliance sees your EvE-mails and gets intel on where you park your Vindicator? Ok, let's say they use that intel from your API keys to camp the station your Vindy is in, or they see in your EvE mails where you are going to be mission-running with it the next day...so they blap your ship...

Whoop-de-do.

That's the type of 'risks' we are talking about here to in-game toons and leaks of in-game information (just as if you did it in corp chat or Teampseak to a spy). Guess what, meta gaming is EvE, it will happen with or without API keys, deal with it...

Key however is that none of this relates to real life personal info or risk, provided again you aren't putting that crap in your EvE mails to others in the first place, which again isn't an API key issue, but a stupid person issue.

F

Would you like to know more?
Dun'Gal
Myriad Contractors Inc.
#109 - 2015-03-17 20:32:30 UTC
Haven't read through all the posts yet, so I'm sure it's been said. Full API is only harmful to you if you are up to no good when getting recruited, it's as simple as that. The only reason it's asked for is to pick out the careless spai's, ie the ones who don't bother creating new characters for future thefts, etc. Anyone determined enough is going to slip past even this scrutiny, wallet api's allow one to see player to player ISK transfers and if it's between, shall we say, unscrupulous types then that could raise flags. Also there are corporations who only accept mains, wallet information can also help detect this, in the same way. No reputable corp is likely to give a rats ass about your current wallet ballance, or assets, they just want to see who you know, and what you are up to.
Tipa Riot
Federal Navy Academy
Gallente Federation
#110 - 2015-03-17 20:47:10 UTC
Feyd Rautha Harkonnen wrote:
No Class wrote:
So i'm looking for a new corp, but on the adverts i'm seeing almost all of them want my FULL API key. Is this safe? Can anything bad come of this?

Safe.

Here is a tool commonly used by recruiters to do audits. Cut yourself full keys and load them there to see what they can see. 'onepage' summary is dank.

F

Before we lose context, I replay the question/answer leading to the dispute. I think the meaning of "anything" does not restrict the potential scope of answers to only real life threats.

I'm my own NPC alt.
Mithandra
B.O.P Supplication For Glorious
Dracarys.
#111 - 2015-03-18 13:06:47 UTC
Most corps require full api keys because its a small defence against corp thieves, awoxers and spys. A small defence,not a good defence.

Is it safe?

No real life personal data is made available. No ability to hack your account is granted..... unless you've done something stupid like record your details in an evemail.

A full api lets the recruiter know everything about your character, not you personally.

Once the recruiter has looked at your full api and made a decision one way or the other... delete that api key.



Eve is the dark haired, totally hot emo gothchild of the gaming community
Alt Two
Caldari Capital Construction Inc.
#112 - 2015-03-18 20:59:01 UTC
Lan Wang wrote:
well the fact that api's are used for all sorts of stuff including verifying who you are and also verifying you are actually in the corp before being able to use teamspeak and forums etc, not every situation where an api is requested is for spying on you or looking at your assets, i mean who really cares if you have something shiney in your hanger or you have 100bil isk.

If you need a full api key to verify if someone is in your corp or not you are doing it terribly terribly wrong.
https://api.eveonline.com/eve/CharacterAffiliation.xml.aspx?ids=91801779
Oh look it has your corp info. I guess that means I must have your full api key then.
Xpaulusx
Naari LLC
#113 - 2015-03-18 23:51:30 UTC
You should be more concerned if they don't ask you for Full API that's a Red Flag either their judgement stinks or they are going to pull something on you so API doesn't matter IMO.

......................................................
Gallowmere Rorschach
The Scope
Gallente Federation
#114 - 2015-03-19 01:53:14 UTC
A couple of people have already posted anything I could possibly have to say on the subject. Feyd conveyed it very well.

However, this:
Xpaulusx wrote:
You should be more concerned if they don't ask you for Full API that's a Red Flag either their judgement stinks or they are going to pull something on you so API doesn't matter IMO.

is probably one of the most important takeaways. Seriously, if a corp doesn't even try to give a damn about who they let in; well, that's when you really need to worry about what could happen to your stuff.