So shortly after the new API access method was implemented by CCP I started looking into rewriting the API proxy one of my projects are running, and namely I needed a way to determine what endpoints the supplied API credentials had access to.

The API data generated by account owners now have something called an Access Mask which is saved against the KeyID and vCode. This access mask can be 'compared' against the required mask for individual endpoints.

So how does this work?