No sane developer is going to take liability for a user’s actions.
That is like a hammer maker taking responsibility for an idiot that hits themselves or others on the head with the hammer.
I can sit and modify and proxy EveMon to do different things possibly than what they built it for, and then they take liability for my actions? I don’t think so.
It is quite easy to modify a binary in memory and on file. Even data in transiit.
No sane developer is going to take liability for a user’s actions.
Ofc. not, but, they do have liability that their application does not do harm on purpose…
Ofc. ESI isn’t just a free resource you can use without liability…
Like does nothing of this make sense to you?
ofc. you’re never going to enter this agreement, so, I will tap out now, good luck mate 
While I would agree with Zoiie that asking a using to register a dev app isn’t a very practical solution, I did want to address:
I wasn’t asked to do that for EveMon on Windows was I yet I have to SSO my characters in.
As a user, you used to have to register an API key to use any third party app. I had one for EveMon, EFT, Corp background checks…
They just all got replaced with SSO which is much nicer But there’s definitely historical relevance in Eve for having to create your own key to use a thing.
The dev key makes sense for a “service” from an online web site (except self hosted for personal use).
However, for deliverable desktop and mobile apps, it makes no sense and is VERY impractical and also risky of abuse by the end user (I explained earlier some methods to piggy back on the dev key and PKCE challenge).
I understand having a contact to get faults fixed, but you cannot depend upon that, and have to mitigate against that at the server end, and caching and throtelling the user is one method.
For end user deliverable applications that are not online “services” (web based), it is more of an issue with this dev key to manage and imo not worth it. For this scenario, the API key was more practical and made sense.
It is about where one places the technical burden and liability. For desktops/mobile/self hosted apps, the key burden should be on the user, along with liability, for online service based for many users, the burden should be on the service hoster.
This is a case where one size of a solution does not fit all in a practical way.
Imo this dev key hinders application development, it puts up a barrier of entry, not just on this cost, but technical. I am referring to the context of a deliverable app, not an online service.
There IS a difference between end user deliverable application vs online web service hosted app.
Take your fight to ccp then. I’m sure @CCP_Aurora or @CCP_Fleebix can explain it better.
Can someone summarize the question?
Devs are not capable of fix this issue and are not bothered with it. I am waiting this to be fixed for almost 3 weeks ridiculous.
Why does someone need to pay to be a third party dev? And when will it be fixed?
My two cents about “paid” access to API.
When you have paid a game at least once, you have track of your real identity, and if, as a developer, you’ve done some damage using API, you may take responsibility in real life. It improves things for API owners (in this exact case, for CCP Games) a lot.
Some platforms use similar approach. For example, in Steam you can use their API only after spending at least $5 in their store.
When people are allowed to use API (as a developer) right away, they may exploit it and take no responsibility for any damage — just because they are anonymous. And they may register hundreds of new accounts per day and use them for spam, fishing and so on.
I’m not judging if a “paid” access is a good or a bad thing in this exact case, I’m only trying to explain what the motivation lies behind such decisions.
The dev key has to go, for desktop application delivery it is a hinderance.
I will not be developing with this dev key in place for desktop applications requirement.
The only key I will support is using the user key/token.
The dev key is not appropriate for a non-hosted application. The application will not be under my control once released to the user. It is not a hosted application that consumes the API.
Do not equate a desktop/mobile application to a hosted web application, they are two very different control scenarios. I explained earlier how one can modify a developer released desktop application, not as they intended, yet still ride on their dev key / PKCE challenge.
Not Pyfa, however. Surprising omission, but it has been awhile since I have used it, since the EVE Portal app is better for looking up skills than the in game client these days.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.