How many API Keys do you have set up? How often do you clear out unused/old API Keys? Maybe for some of you newer Pilots the questions could be; What is an API Key? What do I use it for?
Below is a copy and paste taken directly from EVE’s Account Management API Key Management page:
What is an API key? What do I use it for?
The API key is a private code that identifies your account and allows third party programs and web sites to access information about your characters and corporations. Using this data, such utilities can improve your EVE experience by providing useful functionality such as wallet exports, skill training notifications, and other tools.
Is this safe?
Can someone steal my account?
It is safe to provide your API key to applications and web sites as long as you are prepared to allow the application or web site to see your character and corporation information. You can specify which information is accessible for each customizable API key.
Sharing an API key does NOT give people access to your account while sharing your account password would. Therein lies the whole purpose of API keys. An API key only allows the recipient to view your character and corporation data but gives them NO control over it. They are NOT able to log in to the game or post on the forums with the API information. No part of the API key information is in any way generated from your account password – there is no way to calculate your password using this information.
This is the only safe way to give programs and web sites access to your data. Do not give out your account username or password to any person, program, or web site. Please keep in mind that doing so is a violation of the EULA and can lead to account termination.
I still don’t like it.
If you are not certain that the web site or program asking for your API key is safe, please do not give it to them! You are responsible for any usage of the information obtained by using your API keys.
I gave someone my API key and now I want them to stop using it!
If you believe that someone is misusing your API key, you can delete it from the list above or simply change the Verification Code. Please note that all programs and web sites that are using your old API key information will no longer be able to access your data unless you provide them with the updated info or a new API key.
You can view API activity on your account by using the API Access Log. If you believe someone is misusing one of your API keys, please change the Verification Code or delete the API key from the list above.
So what does this all mean? Well… every so often you should go through your list of API Keys and make certain that they are necessary… if they’re not either delete them or change the Verification Code. Cleaning up API Keys is especially important if you are switching Alliances/Corporations – unless of course you are a spy – you don’t want your old Alliance/Corporation to get intel through your negligence.
– – –