Original Url: http://forum-en.guildwars2.com/forum/community/api/Guild-related-scope-discussion

Slyfer.6478:

I think i noticed some talk on a PR about how confidentiality could be addressed. So far i think fetching the roster is not breaching privacy as long as it requires the Guild Leaders API key. Next, what should be able to be fetched given the Guild Leaders API key? Here’s a list of what i’ve thought up so far.

  • Account names
  • Account guild rank
  • Account activity (when did an account last login/logoff, preferably timestamps rather than the delta we see ingame)
  • Account achievement points (i don’t think individual achievements should have access, perhaps there’s an argument for elitism there somewhere, i’m not sure)
  • Characters names linked to the accounts (this would be a godsend for big guilds)
  • Characters profession
  • Characters crafting professions
  • Guild bank (including logs hopefully)
  • Guild Upgrades
  • Guild Motd
  • Guild chat (this would be a feat but also really amazing to have)

List of things i think should be off limit when using Guild Leaders API key:
The characters equipment, inventory, bank, materials deposit, wallet, individual achievements.

Also what about PvP rank and FotM level? Would people feel offended if we knew their FoTM level and PvP rank?

Nabrok.9023:

Any guild member can see the roster in-game, therefore any guild members API key should be able to fetch the roster.

The rule of thumb is, if you can see it in the game you should be able to see it on the API.

One thing you are missing is online status, i.e. online/offline, representing/not representing, away/not away.

Teranas.6150:

Nabrok.9023:

Any guild member can see the roster in-game, therefore any guild members API key should be able to fetch the roster.

The rule of thumb is, if you can see it in the game you should be able to see it on the API.

That’s right. But by authorizing a 3rd party application you authorize it to request your own data not those of your guild mates.

It’s a privacy problem. You should not be allowed to authorize a 3rd party application to request information about another player.

Lawton Campbell.8517:

Slyfer.6478:

List of things i think should be off limit when using Guild Leaders API key:
The characters equipment, inventory, bank, materials deposit, wallet, individual achievements.

Also what about PvP rank and FotM level? Would people feel offended if we knew their FoTM level and PvP rank?

Yeah, none of that is accessible in-game (e.g., your guild leader can’t currently see those details) so they won’t be available via the API. You’d need an API key for each guild member with the appropriate permissions (access to character data and inventories) to pull it.

As per the rest of it, even though the information is currently available in-game for all guildies, since this point has been raised a couple of times by different people I think the correct decision is to start by limiting the guild endpoints (roster, guild bank, ranks, logs, etc) to only guild masters.

I think the ideal solution is to add a permission into the guild ranks that enables that rank to have API access. That’ll give guild masters the ability to figure out the privacy situation themselves. Unfortunately, that involves interaction between quite a few subsystems so it’ll take awhile to implement.

Tamasan.6457:

Lawton Campbell.8517:

I think the ideal solution is to add a permission into the guild ranks that enables that rank to have API access. That’ll give guild masters the ability to figure out the privacy situation themselves. Unfortunately, that involves interaction between quite a few subsystems so it’ll take awhile to implement.

I like the idea, just keep in mind that guild permissions are really in need of a general overhaul. They are klunky to deal with and there are issues with needing granularity between existing items like guild invite permission needing permission to admin lower ranks, and all sorts of issues with activating/triggering/claiming credit for missions. The guild CDI a few months back had the details, so no need to rehash it all.

Doing it right would be more important to me than doing it fast.

Slyfer.6478:

Lawton Campbell.8517:

I think the ideal solution is to add a permission into the guild ranks that enables that rank to have API access. That’ll give guild masters the ability to figure out the privacy situation themselves. Unfortunately, that involves interaction between quite a few subsystems so it’ll take awhile to implement.

Very good point! I know the bucket list is pretty long but it’s comforting to hear it’s planned in the future.

Edgar Doiron.2804:

Tamasan.6457:
Lawton Campbell.8517:

I think the ideal solution is to add a permission into the guild ranks that enables that rank to have API access. That’ll give guild masters the ability to figure out the privacy situation themselves. Unfortunately, that involves interaction between quite a few subsystems so it’ll take awhile to implement.

I like the idea, just keep in mind that guild permissions are really in need of a general overhaul. They are klunky to deal with and there are issues with needing granularity between existing items like guild invite permission needing permission to admin lower ranks, and all sorts of issues with activating/triggering/claiming credit for missions. The guild CDI a few months back had the details, so no need to rehash it all.

Doing it right would be more important to me than doing it fast.

Totally agree that the current guild permission is awful. Needs WAY more granuality in the options, and way more ranks, or something different to ranks totally?

Lawton Campbell.8517:

To keep the discussion mostly on-topic, the guild permission system (and faults thereof) is well outside my purview.

Pilot.6094:

I noticed that the authenticated account api returns guild ids for not-only guilds the user is a member of, but also guilds that they have been invited to and not accepted. Is this behavior by design? If so is there any chance of getting an additional property to indicate this status?

Lawton Campbell.8517:

Pilot.6094:

I noticed that the authenticated account api returns guild ids for not-only guilds the user is a member of, but also guilds that they have been invited to and not accepted. Is this behavior by design? If so is there any chance of getting an additional property to indicate this status?

Hmm, that was unintended. The fix is actually fairly involved for either approach; I think I’d rather not show those invitations at all. Thoughts?

Pilot.6094:

I’d be happy not to see the invited ones, so a removing them would be great. Once people found out – it would create guild invite spam if they showed up anyway.

rodadams.5963:

IMO, you’re not a member of a guild until you’ve accepted, so I see that making sense.
However, the data purist in me says that having more data is always better (modulo potentially abusive cases, of course).

I’ll vote for whichever is easier to implement, since both answers make sense.

Nabrok.9023:

Pilot.6094:

I noticed that the authenticated account api returns guild ids for not-only guilds the user is a member of, but also guilds that they have been invited to and not accepted. Is this behavior by design? If so is there any chance of getting an additional property to indicate this status?

Note that the leaderboards also include guilds that you are invited to but have not accepted yet when you filter by guild.

quenoz.3859:

seeing the guilds someone has been invited to could maybe be another data set, something like “guild_invites” or whatever, but they shouldnt show in the “guilds” in my opinion

Slyfer.6478:

quenoz.3859:

seeing the guilds someone has been invited to could maybe be another data set, something like “guild_invites” or whatever, but they shouldnt show in the “guilds” in my opinion

Agreed, but if this slows down development of the API or proves too difficult, i’d say only show guilds people are actually part of. It’d be nice to show guild the player is invited into but it wouldn’t be a big deal if we don’t have access to it.

Lawton Campbell.8517:

Slyfer.6478:
quenoz.3859:

seeing the guilds someone has been invited to could maybe be another data set, something like “guild_invites” or whatever, but they shouldnt show in the “guilds” in my opinion

Agreed, but if this slows down development of the API or proves too difficult, i’d say only show guilds people are actually part of. It’d be nice to show guild the player is invited into but it wouldn’t be a big deal if we don’t have access to it.

I’m probably not going to show the ones that you’re only invited to, since the “list of guilds” is accessible with just the “account” permission. I’ll try to write a fix for this one today and then deploy it sometime later this week.