The API is going HTTPS | EVE Online

The API is going HTTPS

2011-01-26 - By CCP Stillman

Hi everyone,

If you're anything like me, you religiously check the status of your character training and market orders on your smartphone. It's the greatest invention ever, especially if you can't log into EVE Online or EVE Gate. It's also nice to be able to pull out your smartphone at Fanfest and show off your nice skills and large wallet.

As we've added more information to the API, there's more incentive to try and acquire these keys by nefarious people. Due to the underlying use of HTTP when querying the API, it's possible to sniff the data stream of an API user and acquire their API key if they're using an unsecure Internet connection. This is not a good idea. And we don't want it to be that way. So we went ahead and enabled HTTPS on our API servers, which makes too much sense.

So this is a PSA that we as of now allow you to query the API using HTTPS, which is a much more secure way of transmitting data to your favorite API applications. Here's a few specific things you might want to consider:

If you're an API developer: You should update your application to access the API using HTTPS. The overhead of HTTPS is not that big, even on mobile devices. Due to this, we will turn off normal HTTP access to the API in the future. When a specific date is decided for when this to happen we will make sure to give you appropriate advance warning

If you're the user of any API application: Please make sure to update any application you use which makes use of the API if an update is available.

That's all for now. Rumors have it that PrismX might inform you of some interesting ideas we have in the near future. Until then, fly safe!