These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Information Portal

 
  • Topic is locked indefinitely.
 

Dev blog: Introducing ESI - A new API for EVE Online

First post First post
Author
Previous Topic Next Topic
Roberthihiho
The Scope
Gallente Federation
#81 - 2017-06-08 04:07:48 UTC
Aeon Haginen wrote:
Any ETA on Corp Assets (both in stations/structures and inspace), Corp Wallet Journal and Corp Transactions?


Quoting this just because I am interested as well... Was working on writing a personal app (learning rails for the first time so why the heck not) that will eventually replace my 20 tab google sheet... Sadly saw that there's no way (from what I can see in the spec) to get corporation assets... and I keep all my indy stuff in my corp.
Tairon Usaro
G-Fleet Alpha
#82 - 2017-06-27 11:01:49 UTC
Probably entirely stupid questions as I am not a coder.

1.)
As far as I understand the ESI authetication process, the user of a 3rd Party Tool authorizes the scopes of the requests once and the 3 Party Tool refreshes this authorization by refresh tokens. Correct me if I got even this part wrong. But assuming I am right, does the user have a UI to revoke these refresh tokens, like it is with XML-API Keys or modifing their lifetime?

2.)
what makes the ESI authentication process safe from meddling with the landing page? Say I have a bogus web tool that directs the user to a page on eveönline.com ... looking very similar to the normal web login for but just for maliciously grabbing account credentials. wouldn't it be much safer to login seperatly @ccp-page and authorize a request by a 3rd party tool there?


3.) any rational for not having an endpoint to write calendar entries?





Steve Ronuken
Fuzzwork Enterprises
Vote Steve Ronuken for CSM
#83 - 2017-06-27 11:22:01 UTC
Tairon Usaro wrote:
Probably entirely stupid questions as I am not a coder.

1.)
As far as I understand the ESI authetication process, the user of a 3rd Party Tool authorizes the scopes of the requests once and the 3 Party Tool refreshes this authorization by refresh tokens. Correct me if I got even this part wrong. But assuming I am right, does the user have a UI to revoke these refresh tokens, like it is with XML-API Keys or modifing their lifetime?

2.)
what makes the ESI authentication process safe from meddling with the landing page? Say I have a bogus web tool that directs the user to a page on eveönline.com ... looking very similar to the normal web login for but just for maliciously grabbing account credentials. wouldn't it be much safer to login seperatly @ccp-page and authorize a request by a 3rd party tool there?


3.) any rational for not having an endpoint to write calendar entries?




1) you can revoke tokens at https://community.eveonline.com/support/third-party-applications/ . You can't modify them.

2) If you log into one of the official sites first, when you try to auth on another service you'll just be asked to pick a character and approve the scope usage. Much the same as with twitter or facebook.

Woo! CSM XI!

Fuzzwork Enterprises

Twitter: @fuzzysteve on Twitter