Manu Fortius Wants You!

Looking for a corporation to join that accentuates your play-style? At Manu Fortius, we have assembled a group of the best capsuleers to fly with. We take pride in fostering an atmosphere of like-minded people with common goals and a place where you can help the corp for the greater good and also allowing the freedom to choose your own path. Check us out!

Sunday, February 23, 2014

API Keys and What they Mean to You

Originally published in June, 2013 on our then alliance forums

The API key is used by third-party developers and corporation CEO's to access a character's information. Before you throw up your hands and rage about security, remember this: It does not allow access to control your character, steal your assets or ruin your life. It is simply a read-only view of your character's skills, assets, mail, industrial jobs, market transactions, etc. You can customize your key to allow only certain blocks of information to be made available and it has nothing to do with your account-level access, passwords or login information.
Programs like EVEMon, EFT (to some extent), EVE Aura (Android), and a slew of others use the API key information to provide third-party software to access your character information to provide a service. The EVE API key is safe and in use by nearly 100% of every EVE player across multiple accounts. No one has ever had anything bad happen to them unless they send out an email with their login information or they were up to no good as a spy and got caught trading intel and subsequently booted from a corp or set up with misinformation and entered a trap.
As I stated, you can customize your API to allow only certain information be made available. Some third-party programs require a full-use API key to provide all the functions of that program to work correctly.
It is extremely common that CEO's, recruiters or directors ask a potential recruit for an API key as part of the recruiting process for security reasons. As far as I have ascertained, the mail stays available in EVEMon for a very long time, allowing a CEO to see if there was any correspondence regarding a potential spy mission. As stated above, it is a read-only thing, so there is no reason not to allow a potential corp to obtain your API key. Their duty is to provide security for the corp and they are only doing it to maintain a safe environment for their members.
The most important and useful thing an API key does is allow you to view your training queues via EVEMon. You get real-time feedback on what your character(s) is doing and how long until you need to update your skill queues. That alone makes the API key a god-send.
As of this writing, API keys are only available to pull on a an account-level after 48hours of the account being live. That is across the board, no matter how many toons you have on that one master account.
Another benefit is that you can view market transactions, industrial jobs, make skill training plans, view assets, EVEmail, standings, etc. So it is well worth setting one up and then downloading those third-party apps that you find useful.
You can access the API key section on the EVE Online site under HELP & SUPPORT, API Key Management.

The following information is taken directly from the EVE Online Site without any modification

What is an API key? What do I use it for?

The API key is a private code that identifies your account and allows third party programs and web sites to access information about your characters and corporations. Using this data, such utilities can improve your EVE experience by providing useful functionality such as wallet exports, skill training notifications, and other tools.

Is this safe? Can someone steal my account?

It is safe to provide your API key to applications and web sites as long as you are prepared to allow the application or web site to see your character and corporation information. You can specify which information is accessible for each customizable API key.
Sharing an API key does NOT give people access to your account while sharing your account password would. Therein lies the whole purpose of API keys. An API key only allows the recipient to view your character and corporation data but gives them NO control over it. They are NOT able to log in to the game or post on the forums with the API information. No part of the API key information is in any way generated from your account password - there is no way to calculate your password using this information.
This is the only safe way to give programs and web sites access to your data. Do not give out your account username or password to any person, program, or web site. Please keep in mind that doing so is a violation of the EULA and can lead to account termination.

I gave someone my API key and now I want them to stop using it!

If you believe that someone is misusing your API key, you can delete it from the list above or simply change the Verification Code. Please note that all programs and web sites that are using your old API key information will no longer be able to access your data unless you provide them with the updated info or a new API key.

So, in short: Don't fear the API. Embrace it.