ESI token question

Captain_Panther · April 21, 2018, 1:28pm

Hi, I have some messenger bot code wich uses XML to get notifications from user. It requires API key values to request the data. I’m trying to port it to ESI but have difficulties with access logic due to ESI demanding a token from me.

I see only SSO examples when user have to manually pass web authentication to obtain a token. Is there any way to automate this process? I have all the API key and CCP app codes at hand.

Whitehound · April 21, 2018, 2:51pm

You mean you’re looking for a description of the process? if so then read here:

https://developers.eveonline.com/blog/article/sso-to-authenticated-calls

In short, once you have a user’s refresh token can you always refresh the authorization. You should however not try to work around the SSO prompt, but have users use it at least once so they know they’re signing on via CCP.

Once you have the first code can you use refresh tokens to get new access tokens. You should then make sure not to mix tokens among users, but keep them safe and secure.

Captain_Panther · April 21, 2018, 3:45pm

Thanks, but the old process wasn’t meant to use any manual authentication. The user (probably CEO) API KEY were used to fetch notifications. The bot itself works as a service and don’t have any means for manual user SSO.

Seems like it is not achiavable with ESI? XML API can fetch similar data with the API KEY codes only.

Whitehound · April 21, 2018, 3:56pm

You’d have to set up a minimal web page for a user to sign on and then store the result (the refresh token) in a database where your bot can access it. But I don’t know if there is any other way to do it, sorry.

Captain_Panther · April 21, 2018, 3:57pm

Thanks, I’ve just stumbled upon the refresh token I’ve missed earlier. So it will only require one time authentication.

Whitehound · April 21, 2018, 4:00pm

Yes. You get two tokens with your first authorization. One is the access token to access data from the ESI server (used in a header ‘Authorization: Bearer …token…’) and the other is a refresh token. The access token lasts for 20min, and then you’d have to get a new one by sending a refresh token to the OAuth server. This way can you get a new access token and a new refresh token indefinitely or until the user decides to revoke access on CCP’s web page.

system1 · July 20, 2018, 4:00pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ESI auth without browser login Third Party Developers	6	2743	May 1, 2018
Can't get it to work: C# Console App Refreshing ESI Token Third Party Developers	5	912	July 21, 2019
New API? Third Party Developers	19	3516	September 3, 2018
ESI and authorizations Third Party Developers	10	2522	April 6, 2018
ESI SSO Retrieving Access Token Server Error 500 Third Party Developers	7	1902	July 27, 2018

ESI token question

Related topics