Do we have to "pay" to develop third party applications built on ESI?

So again, either pay for some omega time, or just don’t. It’s not hard.

Surprisingly I don’t think ccp will lose sleep over it.

I don’t want my development key associated with my actual game account. I want them decoupled.

Why? And if that’s the case just sub some other account. You seem to really like finding ways to make thing needlessly difficult. Are you just masochistic or do you just like complaining?

Besides I thought eve was dying is it even worth the effort?


Then make another account?

Likely an Arch user.


The developer agreement is different because you could have access to data of other players, not just simple “I consent to terms and conditions.” I.e. they reserve the right to hold you liable if you were to misuse a dev app. As such needing to have payment on record prevents using temp emails or something that would result in the account being untraceable.


The developer agreement is different because you have access to data of other players

The account owner controls their own ESI permissions.

I actually want even more fine grained control of permissioning to each endpoint for user control so even if I request permissions, the owner should be able to restruct each endpoint permission, I have a topic on this already. See here More control over ESI permissions

The applicaiton won’t be collecting data, it will be a local app not a website.

FWIW, if your application doesn’t need any of the authed endpoints, you don’t need a dev app just access the public endpoints.

It will be a character app so the user would need to permission their data. It will be their control.

1 Like

Gotcha. Another option is if this is a local app specific to a single character (or multiple characters belonging to a single human) you could just have them create their own dev application and plug in the client and secret keys.

Lol wut? You want me to tell the user to go dev their own app and get a secret key? Lol. What’s the point then?

No, I said go create a dev app for themselves and plug in the client and secret keys into your application. I.e. this way each “instance” of your application is specific to each user.

That’s not going to work and be practical is it.

I wasn’t asked to do that for EveMon on Windows was I yet I have to SSO my characters in.

Do I need a secret key if I wanted to build something like that?


Maybe it’s easier if you just file a support ticket with CCP?

It’s a solid workaround if you don’t want to pay and still develop your application.

No because they paid and registered a single dev app for the project. Of which of course the dev app is not specific to a specific OS or something. I.e. if you were to get EveMon working on Linux, it would work just the same from an SSO perspective.

You need a dev app if you want to do anything with non-public character information. I.e. anything that requires them to SSO.

What is the point of SSO if I have to also get a key, the user of the applicaiton is responsible for their keys and application usage.

I am not responsible for the users of the application. The control stays with them.

To be clear, EVE ESI follows an OAUth2 flow, of which the dev application’s keys are used for this. See SSO | esi-docs. There are no API keys or anything like the XML API of late.

The user uses your application but is usually never aware of the tokens used to access their data. All they do is go an SSO flow much like if you were to login to the EVE mobile app, or that you used to log into the forums. I.e. they only ever really interact with your application.

From Evemon license, not even they want to be responsible for the users. You will find every piece of software does this.


I as a developer am NOT responsible for the users use of the application.

So we have to ship the secret key with every release of our application? You have to be bonkers if that is the case.

Doesn’t that risk capture and replay? What’s to stop one application impersonating another dev key?

Ideally you wouldn’t no, for the reasons you mentioned. How to handle this depends on what type of application you have. Given it sounds like you’re making a desktop app checkout OAuth 2.0 for Mobile or Desktop Applications | esi-docs for how to handle that.

Thanks, however, this “dev key” still implies liability and responsibility for the users of the application, also some people prefer to build from source themselves then run, especially on Linux and BSD platforms where they would also sign their known reviewed build of the app, including their own modifications.