I just want to fetch some data from the playlist, to make it work. Which Credentials do I need to use?
API keys
OAuth 2.0 client ID
If you are just getting playlist, searching YouTube videos via keyword or listing videos you can use API keys, but if you have to upload videos or access private user data you have to use OAuth 2.0 client ID.
OAuth 2.0: Your application must send an OAuth 2.0 token with any request that accesses private user data. Your application sends a client ID and, possibly, a client secret to obtain a token. You can generate OAuth 2.0 credentials for web applications, service accounts, or installed applications.
See the Creating OAuth 2.0 credentials section for more information.
API keys: A request that does not provide an OAuth 2.0 token must send an API key. The key identifies your project and provides API access, quota, and reports.
See the Creating API Keys section for information about creating an API key.
Hope this helps.
Related
A newbie question about API security:
When I applied API service from some API providers, usually I just login and generate an api key or token in their api management site. After that I can embed this api key or token in the request to access the API.
I was told that the this is OAuth 2. But, after reading a few articles about OAuth 2, it seems the OAuth-2 token issued from OAuth server will expire and a refresh-token is required to fetch a new token.
But the API keys I got from those API providers does not mention about the expiration, instead, I can manually revoke the API Key on their API management site.
So, if I have some APIs which I want to use the similar way (let the user manage their own api key on my site) to protect, how can I achieve that by using the OAuth 2 server?
I think what you explained above are 2 different ways to authorize a request:
A. Using API Keys
These API keys are usually a long string that you generate inside a dashboard
You as a developer would usually have 1 API key throughout your app, and you append this API key to requests to the API provider
B. Using OAuth 2.0
OAuth 2.0 uses a different kind of token to authorize requests, it usually involves a short-lived access token and long-lived refresh token.
These tokens are usually for Users, each user will have a different token that expires every X days.
To acquire a token, the user has to "log in" to your site or an Identity Provider's site (like Google Accounts) and enter their credentials every time the token expires.
Here's a picture to show the difference:
If you want to provide an API service for other developers:
Use OAuth 2.0 to log in the developers to their dashboard (this means your server routes that interact with the dashboard would be protected by the OAuth 2.0 tokens, requiring the developer to log in to update some settings)
Use API Keys to access your provided API routes. Developers have to log in and generate API keys from the dashboard. Then they can use this API key to fetch resources from your API.
Here's a more thorough explanation about OAuth 2.0, access tokens, and how to implement it on your site.
A client has requested implementation of the new Google Photos API as a feed of their photos on the website.
The issue arises whereas the library only supports OAuth 2.0 to authorise the library requests. Meaning that each visitor needs to authenticate themselves prior to seeing the photos.
Authorization
Like other Google REST APIs, the Library API uses OAuth 2.0 to handle authentication and authorization. Your app can request access to the user's Google Photos library via the various authorization scopes provided by the API.
Note that the Library API does not support service accounts; to use
this API, users must be signed in to a valid Google Account.
Does anyone know a way that I can authenticate the library for all web traffic? I want to use Google Photos as a CMS for images and have a constant feed on the site.
Since the Google Photo APIs requires OAuth 2.0 User Credentials, you will not be able to use this API as a CMS for you website.
Each API request requires an OAuth Token and this token can only be obtained by a person authenticating with Google Accounts. The OAuth Flow requires the user to authenticate and grant permission to their personal Google Account.
In addition this API requires that you create OAuth Client Secrets which is used to track your app.
I am using oAuth to call Intuit Quickbook Onlinde data API.
Is there any method to get comsumerKey and Secret ussing App Token value in oAuth ?
thank,
manish
You can use this - https://appcenter.intuit.com/Playground/OAuth
Connect to QB Ref (3 legged Oauth) Ref - https://developer.intuit.com/docs/0025_quickbooksapi/0010_getting_started/0020_connect/0010_from_within_your_app
You can refer the sample JAVA/.Net app as well to generated accessKey, accessSecret against your QBO account(relam).
Thanks
As the official document says:
Both Consumer Key and Secret are assigned to your app by Intuit and displayed in the app profile on the IPP developer site.
consumer key
An OAuth value, used by the app to identify itself to the Intuit OAuth provider service. The consumer key is generated when you create the app on the IPP developer site and is displayed on the Manage App tab. The Development and Production instances of an app have different consumer key values. A consumer key is required in the header of an HTTP request to Data Services for QuickBooks or the QuickBooks API.
consumer secret
An OAuth consumer secret. A secret used by the app to establish ownership of the consumer key. The consumer secret is generated when you create the app on the IPP developer site and is displayed on the Manage App tab. The Development and Production instances of an app have different consumer secret values. A consumer secret is required in the header of an HTTP request to Data Services for QuickBooks or the QuickBooks API.
And here is a tutorial of Implement OAuth in Your App.
I am developing a google app engine - java project where I want to integrate Salesforce APIs.
I want to authorize user with Oauth 2.0 and want to retrieve contacts of the authorized user.
Salesforce API returns code in response of the first request and then again I request for the access token from the code.
With the access token when I call any of the service API it gives me following error
[{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]
I found the issue.
In configurations Administration Profile was missing to be connected with Apps whose client ID and secret I was using.
you are not getting valid access token.
generate the proper url to get the access token
https://developer.salesforce.com/page/Digging_Deeper_into_OAuth_2.0_at_Salesforce.com
For more proper information, you can have a look of this
I am trying to use Vimeo services on a web application where users need to be able to upload and list/watch videos. I have created a Vimeo App and they have given an Access token and an Access token secret using which I can access my own account.
Could someone tell me how do I do that from .NET C#
Instantiate an OAuthConsumer from DotNetOpenAuth, passing in an InMemoryTokenManager which you can find from the samples. Add your access token and secret to that token manager. You will also need your consumer key and secret. Then use the OAuthConsumer instance to make authorized outbound calls.
Hint: You won't need to do any of the OAuth authorization flows, since you already have the access token.