Changes to the public citadel endpoint
On Tuesday 9th of May, Team Tech Co will be releasing a behavior change to the /universe/structures/ endpoint. This change will affect all versions of the endpoint, and although it will not change the specification of the endpoint (so you won't need to update your code), you may wish to know about how the behavior changed and why.
Until now, this endpoint has been returning the structure ID’s of every structure that had the "public" entity on its ACL's allowed docking rights. This was done on the basis that such citadels are clearly visible in space and in the in-game structure browser, and thus matched information given in game.
However, this is not quite correct. It is possible to add the "public" entity to one's ACL's, and then explicitly ban someone. Some of you may have noticed that if you crawl all structures on the public list, some of them will return access denied errors despite ostensibly being "public". That happens because you, your corporation or your alliance is explicitly banned from that citadel.
As such, we have until now been returning structures that are kinda-sorta not public. We don't consider this to be an information leak, because these structures are easily discovered and regularly indexed by players the old fashioned way using armies of alts parked in every region in the game anyway, but it is damn confusing when you're trying to use the API, and unintuitive to the owners of the citadel.
We've modified this behavior, and from 2017-05-09 structures will only show up in the public structures API endpoint if they have the public entity on their docking list and also have not banned anyone from docking. If you wish for your citadel to be public and discoverable, you will need to meet these criteria, otherwise your citadel will be considered selective, and will not be discoverable via the API.
Team Tech Co is available in #devfleet on the Tweetfleet Slack if you have any further questions