User:Rayanth/Sandbox2

From EVE University Wiki
Jump to: navigation, search

ESI and SSO

For Non-Developers

Safety: Your SSO username and password are completely safe from the third party application you're logging in to. When logging in to another service with SSO, you are actually logging on to the SSO server via a website hosted by CCP themselves. This setup is the core of an authentication method called OAuth (and its newer version, OAuth2). OAuth/OAuth2 are very widely used today, and act as the core component for logs on most social media giants, including Facebook, Twitter, and Google, including any other site that allows you to use those Social Media accounts to log in to them. Here is a brief tour of the process, for a new 3rd party EVE Online tool, 3rd Party Website (3PW for short):

  • 3PW registers its existence on CCP's servers. It defines a Redirect URL that will be listening for SSO to talk to it when a user logs in.
  • 3PW receives a Client ID that it can identify itself with, and a Secret Key that lets it prove it is who it says it is, to SSO's servers.
  • User decides to log in to 3PW
  • 3PW redirects user to CCP-hosted SSO service. In the background, 3PW passes SSO its Client ID, Secret Key, Redirect URL, and a list of Scopes it would like access to.
  • SSO verifies that 3PW's Client ID and Secret Key match, and to be sure they weren't hijacked, ensures the Redirect URL matches the one on record.
  • User logs in to SSO as normal
  • SSO presents User with the requested Scopes to verify they are willing to grant them
  • User accepts the scopes
  • SSO generates a short-duration (5 minutes) token and redirects the User to 3PW's Redirect URL, attaching the token to the URL.
  • 3PW reads the token, and sends it back to SSO behind the scenes, to request a proper Authentication Token that lasts 20 minutes, and a Refresh token that lasts indefinitely. (The refresh token allows 3PW to refresh the Authentication token without making the user log in again)
  • 3PW now can use the Authentication Token to request information from ESI that User granted it, via the requested Scopes.

The important thing to take away from this is that the above exchange ensures that each of the three parties can trust the other two:

  • 3PW trusts the User because SSO authenticated them
  • 3PW trusts SSO because
  • SSO trusts 3PW because it verified the Client ID, Secret Key, and Redirect URL
  • SSO trusts User because the user used their credentials (including 2FA if enabled)
  • User trusts SSO because they have an existing with SSO
  • User implicitly trusts 3PW because SSO verified 3PW's credentials.

Scopes

There are currently a total of 68 different scopes that can be requested/given to an application via ESI and SSO. These scopes control access to 126 of the 206 ESI endpoints (the remaining 80 are public and require no scopes). Some are only available to members of a corporation who have been granted particular titles/roles within the corporation. The following tables will help identify exactly what a granted scope permits access to.

publicData: This scope does not provide the 3rd party app with any information that is not publicly available. Its primary use is to give a Refresh token for the user's credentials, where otherwise no scope is requested.

Character-Focused scopes:

BreakBreak

Existing Page

EVE Swagger Interface (ESI) is an API to get data from the EVE server. It replaces CREST and the XML API which were shut down on May 8th, 2018.[1]

Remember that scamming with API is specifically not allowed[2]

Several guides on how to use ESI exist:

Further some libraries exist to use ESI with Python. For further information see the "See Also" section.

API authorization managment

You can manage API permissions from you at https://community.eveonline.com/support/third-party-applications/

In here you can see all applications that have access to your API. You can see exactly what scopes you have authorized for them. You can also revoke authorizations.

See also

References

[[Category:API]]

BreakBreakBreak

NewPage

EVE Swagger Interface (ESI) is an API that can be used by third party applications to interact with data from the EVE game servers. It replaces CREST and the XML API which were shut down on May 8th, 2018.[1]

ESI has both public-data and authenticated endpoints, the latter of which require a character to log in via EVE SSO to their character account to gain access to information specific to their character or, provided they have the appropriate corporate roles, their corporation. At present there are 81 public-data and 125 Authenticated endpoints (206 total).

CCP has indicated that their goal is to completely replace the Static Data Export (SDE) with ESI, but as of December 2019, there are still many missing features.

As a reminder to developers, it is expressly forbidden for developers of third party applications to use them for ill intent[2][3]

ESI and SSO are commonly used together, however they do have independent features and uses as well. For this reason, they have been split into their own articles. See EVE SSO for information regarding the character authentication (and management thereof) aspect.

ESI Endpoints

ESI provides 206 endpoints, 81 of which related to public data and need no character or client authentication, and 135 of which are authenticated as they relate to privileged information about specific characters or corporations.

The general categories these endpoints fall under are:

Category Public Auth Description
Alliances 4 General information about Alliances and their member corporations
Assets 6 Inventory details for characters and corporations
Bookmarks 4 All of a character or corporation's[4] bookmarks and bookmark folders
Calendar 4 Read and respond to a character's calendar events
Character 4 11 Information relating specifically to a character, where it does not fall under any other category.
Clones 2 Information on a character's clones and their active implants
Contacts 9 Read Contacts lists for characters, corporations and alliances, and edit them for characters.
Contracts 3 6 List public, character and corporate contracts, bids placed on them, and items contained in them.
Corporation 4 18 Information relating specifically to a corporation, where it does not fall under any other category.
Dogma 5 Information regarding Dogma, EVE's system for attributes on items and entities.
Faction Warfare 6 2 Public statistics on faction warfare, systems, leaderboards, and a character's statistics.
Fittings 3 View, create or delete a character's in-game saved fittings.
Fleets 14 Provides endpoints for a complete breakdown of a fleet's composition, and allows managing it externally.
Incursions 1 A list of currently active Incursions and some basic info about them
Industry 2 6 System Cost Indices, Industry facilities, and all information about a character's active industry jobs.
Insurance 1 A list of insurance prices for all classes of ships.
Killmails 1 2 Retrieve killmails relating to a character, or all details on a killmail for which you have the appropriate information.
Location 3 View whether a character is online, what they're flying, and where they are located.
Loyalty 1 1 List offers available from a provided NPC Corporation's LP Store, and a character's available LP.
Mail 9 All actions related to viewing, sending and deleting in-game mail for a character.
Market 6 5 Market orders and histories, as well as a character or corporation's specific orders.
Opportunities 4 1 A list of tasks associated with the New Player Experience / Tutorial, and whether a character has completed them.
Planetary Interaction 1 3 Details on a character's planetary colonies and their layouts, as well as public information on PI Schematics.
Routes 1 Use the game's algorithms to calculate a route between two systems
Search 1 1 Perform a search on the provided string against the chosen categories. If for a character, will also search private things the character can see.
Skills 3 Information on a character's attributes, skills and skill training queue.
Sovereignty 3 Lists of sovereignty campaigns, systems and structures.
Status 1 Status of the game: Whether it's running, what version, and how many players are logged in.
Universe 30 Just about all general public, static data in the game.
User Interface 5 Allows opening certain UI windows for a character if they are logged in to the game.
Wallet 6 Character and Corporation wallet balances and transactions.
Wars 3 Details on all wars that have happened in the game, including their killmails.

Resources For Developers

There are a number of resources online for developers looking to begin using ESI, many of which also cover SSO for authenticating endpoints.

https://docs.esi.evetech.net/ Community-maintained documentation for ESI.
https://eveonline-third-party-documentation.readthedocs.io/en/latest/esi/index.html CCP's documentation on ESI. (Outdated)
https://github.com/esi/esi-issues Official Git Repository for tracking issues and requests for ESI.
https://github.com/esi/esi-issues/issues/1103 A specific issue on the above repository, that compares ESI to the information available in SDE.
https://community.eveonline.com/news/dev-blogs/introducing-esi/ Original Announcement introducing ESI.
https://esi.evetech.net/ui/ CCP's front-end User Interface for "playing" with ESI and discovering what the various endpoints can do.
https://github.com/devfleet/awesome-eve#developer-tools-resources-and-apis Community-maintained list of resources and tools to work with ESI.
https://forums.eveonline.com/t/3-3-0-gesi-google-sheets-esi-library/13406 GESI - A library for working with ESI in Google Sheets
https://developers.eveonline.com/blog/article/using-esi-with-google-sheets A slightly outdated CCP Dev blog on working with GESI (see above)
https://www.fuzzwork.co.uk/2017/03/14/using-esi-google-sheets/ A different guide on working with GESI (see above)
https://wiki.zansha.space/index.php/SSO_Authentication_in_Microsoft_Power_Query Information on working with ESI in MS Excel with Power Query

References