How to access API endpoints from Eve Online’s Eve Swagger Interface requiring authentication using PHP – part II

I have been working on an application that collects market data from Eve Online’s sagger interface and have written a few PHP scripts to automate the steps I established via the DOS command prompt outlined in part I. To recap: what I am doing is collecting all market data from every NPC station in every region, plus collecting the market data from every player-owned structure whose roles are set up public access (meaning that a player not in that corporation can dock and access the market buy and sell orders based out of that structure).

Collecting the NPC market data is fairly straightforward and simply requires iterating over every region and pulling data from the /markets/{region_id}/orders/ endpoint. But any structures endpoint (like universe/structures/ and /markets/structures/) requires authentication against the API using an active account’s credentials in order to proceed.

Again, the steps for obtaining and maintaining a valid access token to access an API endpoint that requires authentication are as follows:

  1. Register new application in Eve as a third party developer
  2. Create authorization link to generate authorization code
  3. Use authorization code to generate access token and refresh token
  4. Use Refresh Token to create an auto regenerating access token
  5. Use regenerated access token to access ESI

The PHP method

I’m not going to rehash how to register a new application in Eve since I already outlined it here. Similarly I’m not going to outline how to create the authorization link.

Once I’ve obtained the authentication code, I paste the relevant information into a PHP script called app_credentials.php that will be an include for the next script:

<?PHP
$authCode = 'xxxxxxxxxxxxxxxxxxx';
$secretKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$clientID = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$base64 = base64_encode("$clientID:$secretKey");
?>

The next step is to run a PHP script that takes the credentials and PUTs them into the Eve OAuth API endpoint.

<?PHP
include 'app_credentials.php'; //load $secretKey, $clientID, and $base64 strings

$handle = fopen("access_token_original.json","w");

//Get access and refresh tokens

$authURL = 'https://login.eveonline.com/v2/oauth/token';
$authPost = "grant_type=authorization_code&code=".$authCode;
$authHeader = array(
	"Content-Type: application/x-www-form-urlencoded",
	"Authorization: Basic $base64"
	);

$ch = curl_init($authURL);

curl_setopt($ch, CURLOPT_HTTPHEADER, $authHeader);
curl_setopt($ch, CURLOPT_POSTFIELDS, $authPost);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  
$authResponse = curl_exec($ch);

fwrite ($handle,$authResponse);

fclose($handle);
curl_close($ch);
?>

The resulting JSON is written into a file called access_token_original.json. This file contains the access token which allows authenticated access to the ESI. However this token is only valid for 20 minutes and will expire unless refreshed. The resulting json file also contains something called a refresh token. The refresh token, plus the original base64-encoded secret key and clientID will be used to create a refreshed access token that will be stored in a file.

<?PHP
include 'app_credentials.php'; //load $secretKey, $clientID, and $base64 strings

$json = file_get_contents('access_token_original.json');
$json_data = json_decode($json,true);
$refreshToken = $json_data['refresh_token'];
echo $refreshToken."\n\n";

$authURL = 'https://login.eveonline.com/v2/oauth/token';
$authPost = "grant_type=refresh_token&refresh_token=".$refreshToken;
$authHeader = array(
	"Accept: application/json",
	"Content-Type:application/x-www-form-urlencoded",
	"Authorization: Basic $base64"
	);

$ch = curl_init($authURL);

curl_setopt($ch, CURLOPT_HTTPHEADER, $authHeader);
curl_setopt($ch, CURLOPT_POSTFIELDS, $authPost);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  
$authResponse = curl_exec($ch);

echo $authResponse."\n\n";

if (file_exists('access_token_refreshed.json')) {
	unlink('access_token_refreshed.json'); //delete old file
}

$handle2 = fopen("access_token_refreshed.json","w");
fwrite ($handle2,$authResponse);
fclose($handle2);
curl_close($ch);
?>

This script pulls in the clientID and secret key from app_credentials.php, pulls the refresh token from access_token_original.json and PUTs it into another OAuth endpoint. It then deletes the previous file containing any previous refreshd access token and then writes a new file called access_token_refreshed.json that contains a refreshed access token good for an additional twenty minutes. My subsequent market collection scripts all rely on the valid access token stored in access_token_refreshed.json for authentication to the ESI.

So when I start my data collection I:

  1. Launch the link in a browser to fetch the auth code
  2. Paste the auth code into app_credentials.php
  3. run php access_token_fetch.php to obtain a valid access token and a refresh token
  4. Execute a scheduled task that runs php access_token_refresh.php every 15 minutes (leaving me a five minute buffer) that generates a json file containing a valid access token, usable by any script I want to pull data.

Leave a Comment

Your email address will not be published.