Sharing cutdown API information with Third Party apps


(GKFC) #1

Hi,

Just checking how / if this is possible now? I liked being able to do this with the previous API system.

Cheers,

G.


(ISD Sakimura) #2

there are many information that you can “share” with third party apps, all it requires is that it is using EVE’s SSO (Single Sign On).


(Blacksmoke16) #3

If an app is requesting something you do not want to give, then don’t login to that app.


(Catherine Solenne) #4

Adding on to what @Blacksmoke16 said, in contrast to the old XML API keys, where the player created an API key with the required access rights as instructed by the app, with SSO the app directly requests the scopes that are required. When you are logging in to the app using EVE SSO you will see a list of the requested scopes.

Some third party apps will give you the option to define what access you want to give, for example zkillboard where you can grant either character killmails, corporation killmails or both.

Always check what scopes are requested when authenticating to anything with EVE SSO. If you think an app is requesting something that isn’t justified for the functionality provided by the app don’t complete the login. You can always try to get in contact with the developer for clarification, most of us are pretty approachable :wink:


(GKFC) #5

Thanks for the responses.

Yes that’s what I was getting at… previously I was able to control what aspects of the character an app could get access to.

Now it seems (regardless of whether I want to use certain areas of an app) I have to allow the scopes that it requests. Not sure I’m a huge fan of that change tbh.


(Blacksmoke16) #6

If the app developer is doing things right he would enable you to say login with no/minimal scopes, then reauth for additional scopes that give access to other portions/features of the app.


(Catherine Solenne) #7

You can customize the scopes you are granting, but most apps will just refuse the token if it doesn’t have the scopes it expects. It’s the responsibility of the developer to only request minimal scopes for the app, you as the user shouldn’t have to worry about it.

The sad reality of the matter is that some third party devs are still stuck in the “Full API Key” mentality that was so pervasive for many years of XML API use. We’re in a bit of a weird transition period where people are getting used to the new way of doing things, but I expect matters will improve over time.


(system) #8

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.