diff --git a/alliance_auth/settings.py.example b/alliance_auth/settings.py.example
index 4cc67219..7ab0b297 100755
--- a/alliance_auth/settings.py.example
+++ b/alliance_auth/settings.py.example
@@ -118,7 +118,9 @@ TEMPLATE_CONTEXT_PROCESSORS = (
     'util.context_processors.alliance_id',
     'util.context_processors.alliance_name',
     'util.context_processors.jabber_url',
-    'util.context_processors.domain_url'
+    'util.context_processors.domain_url',
+    'util.context_processors.member_api_mask',
+    'util.context_processors.blue_api_mask',
 )
 
 TEMPLATE_DIRS = (
@@ -153,7 +155,7 @@ STATIC_ROOT = '/home/allianceserver/allianceauth/static/'
 
 #####################################################
 ##
-## Alliance configuration starts here
+## Auth configuration starts here
 ##
 #####################################################
 
@@ -247,6 +249,18 @@ CORP_API_VCODE = os.environ.get('AA_CORP_API_VCODE', '')
 ALLIANCE_ID = os.environ.get('AA_ALLIANCE_ID', '')
 ALLIANCE_NAME = os.environ.get('AA_ALLIANCE_NAME', '')
 
+########################
+# API Configuration
+########################
+# MEMBER_API_MASK - Numeric value of minimum API mask required for members
+# MEMBER_API_ACCOUNT - Require API to be for Account and not character restricted
+# BLUE_API_MASK - Numeric value of minimum API mask required for blues
+# BLUE_API_ACCOUNT - Require API to be for Account and not character restricted
+#######################
+MEMBER_API_MASK = os.environ.get('AA_MEMBER_API_MASK', 268435455)
+MEMBER_API_ACCOUNT = 'True' == os.environ.get('AA_MEMBER_API_ACCOUNT', 'True')
+BLUE_API_MASK = os.environ.get('AA_BLUE_API_MASK', 8388608)
+BLUE_API_ACCOUNT = 'True' == os.environ.get('AA_BLUE_API_ACCOUNT', 'False')
 
 #####################
 # HR Configuration
diff --git a/celerytask/tasks.py b/celerytask/tasks.py
index bb8c4ffa..901f3945 100755
--- a/celerytask/tasks.py
+++ b/celerytask/tasks.py
@@ -217,14 +217,32 @@ def run_api_refresh():
                         for api_key_pair in api_key_pairs:
                             print 'Running on ' + api_key_pair.api_id + ':' + api_key_pair.api_key
                             if EveApiManager.api_key_is_valid(api_key_pair.api_id, api_key_pair.api_key):
-                                # Update characters
-                                characters = EveApiManager.get_characters_from_api(api_key_pair.api_id,
-                                                                                   api_key_pair.api_key)
-                                EveManager.update_characters_from_list(characters)
-                                valid_key = True
+                                #check to ensure API key meets min spec
+                                still_valid = True
+                                if authserviceinfo.is_blue:
+                                    if settings.BLUE_API_ACCOUNT:
+                                        if not EveApiManager.check_api_is_type_account(api_key_pair.api_id, api_key_pair.api_key):
+                                            still_valid = False
+                                    if not EveApiManager.check_blue_api_is_full(api_key_pair.api_id, api_key_pair.api_key):
+                                            still_valid = False
+                                else:
+                                    if settings.MEMBER_API_ACCOUNT:
+                                        if not EveApiManager.check_api_is_type_account(api_key_pair.api_id, api_key_pair.api_key):
+                                            still_valid = False
+                                    if not EveApiManager.check_api_is_full(api_key_pair.api_id, api_key_pair.api_key):
+                                            still_valid = False
+                                if still_valid is not True:
+                                    EveManager.delete_characters_by_api_id(api_key_pair.api_id, user.id)
+                                    EveManager.delete_api_key_pair(api_key_pair.api_id, user.id)
+                                else:                                    
+                                    # Update characters
+                                    characters = EveApiManager.get_characters_from_api(api_key_pair.api_id,
+                                                                                       api_key_pair.api_key)
+                                    EveManager.update_characters_from_list(characters)
+                                    valid_key = True
                             else:
-                                EveManager.delete_characters_by_api_id(api_key_pair.api_id, user)
-                                EveManager.delete_api_key_pair(api_key_pair.api_id, api_key_pair.api_key)
+                                EveManager.delete_characters_by_api_id(api_key_pair.api_id, user.id)
+                                EveManager.delete_api_key_pair(api_key_pair.api_id, user.id)
 
                         if valid_key:
                             # Check our main character
diff --git a/eveonline/forms.py b/eveonline/forms.py
index a4a9a43d..547862b9 100644
--- a/eveonline/forms.py
+++ b/eveonline/forms.py
@@ -1,4 +1,5 @@
 from django import forms
+from django.conf import settings
 
 from services.managers.eve_api_manager import EveApiManager
 from eveonline.managers import EveManager
@@ -19,13 +20,24 @@ class UpdateKeyForm(forms.Form):
         except:
             pass
 
-        if not check_blue:
-            if not EveApiManager.check_api_is_type_account(self.cleaned_data['api_id'],
+        if check_blue:
+            if settings.BLUE_API_ACCOUNT:
+                if not EveApiManager.check_api_is_type_account(self.cleaned_data['api_id'],
+                                                               self.cleaned_data['api_key']):
+                    raise forms.ValidationError(u'API not of type account')
+
+            if not EveApiManager.check_blue_api_is_full(self.cleaned_data['api_id'],
+                                                   self.cleaned_data['api_key']):
+                raise forms.ValidationError(u'API supplied is too restricted. Minimum access mask is ' + str(settings.BLUE_API_MASK))
+
+        else:
+            if settings.MEMBER_API_ACCOUNT:
+                if not EveApiManager.check_api_is_type_account(self.cleaned_data['api_id'],
                                                            self.cleaned_data['api_key']):
-                raise forms.ValidationError(u'API not of type account')
+                    raise forms.ValidationError(u'API not of type account')
 
             if not EveApiManager.check_api_is_full(self.cleaned_data['api_id'],
                                                    self.cleaned_data['api_key']):
-                raise forms.ValidationError(u'API supplied is not a full api key')
+                raise forms.ValidationError(u'API supplied is too restricted. Minimum access mask is ' + str(settings.MEMBER_API_MASK))
 
         return self.cleaned_data
diff --git a/services/managers/eve_api_manager.py b/services/managers/eve_api_manager.py
index 9c61455c..bf4d31ea 100644
--- a/services/managers/eve_api_manager.py
+++ b/services/managers/eve_api_manager.py
@@ -81,13 +81,24 @@ class EveApiManager():
             api = evelink.api.API(api_key=(api_id, api_key))
             account = evelink.account.Account(api=api)
             info = account.key_info()
-            return info[0]['access_mask'] == 268435455
+            return info[0]['access_mask'] >= int(settings.MEMBER_API_MASK)
 
         except evelink.api.APIError as error:
             print error
 
         return False
 
+    @staticmethod
+    def check_blue_api_is_full(api_id, api_key):
+        try:
+            api = evelink.api.API(api_key=(api_id, api_key))
+            account = evelink.account.Account(api=api)
+            info = account.key_info()
+            return info[0]['access_mask'] >= int(settings.BLUE_API_MASK)
+ 
+        except evelink.api.APIError as error:
+            print error
+
 
     @staticmethod
     def get_api_info(api_id, api_key):
diff --git a/stock/templates/registered/addapikey.html b/stock/templates/registered/addapikey.html
index 1f802162..5059a1a0 100644
--- a/stock/templates/registered/addapikey.html
+++ b/stock/templates/registered/addapikey.html
@@ -20,7 +20,7 @@
 
                     <p class="text-center">
                         <a target="_blank"
-                           href="https://community.eveonline.com/support/api-key/CreatePredefined?accessMask=268435455">Create
+                           href="https://community.eveonline.com/support/api-key/CreatePredefined?accessMask={{MEMBER_API_MASK}}">Create
                             a full API key</a>
                     </p>
                     {% if IS_CORP %}
@@ -42,7 +42,7 @@
 
                     <p class="text-center">
                         <a target="_blank"
-                           href="https://community.eveonline.com/support/api-key/CreatePredefined?accessMask=8388608">Create
+                           href="https://community.eveonline.com/support/api-key/CreatePredefined?accessMask={{BLUE_API_MASK}}">Create
                             a blue key</a>
                     </p>
 
diff --git a/util/context_processors.py b/util/context_processors.py
index 1e188065..5268280d 100755
--- a/util/context_processors.py
+++ b/util/context_processors.py
@@ -20,6 +20,11 @@ def alliance_name(request):
 def jabber_url(request):
     return {'JABBER_URL': settings.JABBER_URL}
 
+def member_api_mask(request):
+    return {'MEMBER_API_MASK': settings.MEMBER_API_MASK}
+
+def blue_api_mask(request):
+    return {'BLUE_API_MASK': settings.BLUE_API_MASK}
 
 def domain_url(request):
     return {'DOMAIN': settings.DOMAIN, 'MUMBLE_URL': settings.MUMBLE_URL,