We're trying to write an automated script (i.e. no user interactions) that pulls YouTube reporting data from API (esp. with Google Python API Client).
Currently, we have a Google user that is a Content Manager of a channel, and we can access its Creator Studio on YouTube.
So far, we have followed the official code sample, created a client secret file for the Google Account, and we're able to access the reports after approving the permissions in a browser popup. However, since we are going to port it to an automated script, this is not practical for us.
Is there a way such that we can have a "client secret file" that allows us to talk directly to Google API without the need for extra verifications?
(The OAuth playground looks promising, as we're able to generate Refresh Token and Access Token there; however, we're not sure about how to use them in the Python API Client...)
Related
I have looked around Stack Overflow and seen a few posts about this but none of the solutions help.
I have a Google account which I use in YouTube. I have created a second channel on that YouTube account so that I can upload videos with a specific theme to separate them from the main videos.
Trying to use the Google API to upload the videos so that I can run it via a Python script, I keep hitting brick walls with Google who is looking for app verification, privacy policies and web page links - none of which I have.
This application is a Python script that's not available to the public and doesn't gather any public information. All I am trying to do is upload videos to my own personal YouTube account.
So I'm beginning to think it is something else I should be using rather than the API (the uploading web page isn't suitable for use in a script).
My two question are:
Can I use the YouTube API to upload a video directly to the second channel on my personal YouTube account?
Is there another simpler mechanism I should be using to upload videos via a script to my personal YouTube account? The reason I have to do it via script is that the device is unattended.
Thanks,
David
You have to acknowledge that each and every app (this to be understood in a broad sense that includes even a small script like this one from Google upload_video.py) must be verified and approved by Google prior to be able to make videos publicly available via the YouTube site.
Answer to question no. 1: yes, that is perfectly possible.
As part of the OAuth 2.0 authentication/authorization flow, you will be presented, within the browser, with the option of selecting to which account your app is to be given access rights.
You may well exercise this behavior, prior to making use of your script, with the help of Google Developers OAuth 2.0 Playground.
Upon a successful OAuth flow, you may verify (and also revoke) the permissions granted by your account on the account's permissions page.
Answer to question no. 2: no, there's no way to upload programmatically videos on YouTube that's in compliance with YouTube's DTOS, other than using the Videos.insert API endpoint.
Addendum
Since by now you have at least two credentials sets, it may be of need to know to which of your YouTube channels a given credentials object is associated.
If using the Google APIs Client Library for Python, you may easily obtain from the API the channel ID to which a given credentials object CREDENTIALS is associated by issuing a call to the Channels.list API endpoint, passing to it the parameter mine as mine=true:
from googleapiclient.discovery import build
youtube = build(
'youtube', 'v3',
credentials = CREDENTIALS)
response = youtube.channels().list(
mine = 'true',
part = 'id',
fields = 'items(id)',
maxResults = 1
).execute()
channel_id = response['items'][0]['id']
Note that the code above uses the fields request parameter for to obtain from the Channels.list endpoint only the channel's ID info (it is always good to ask from the API only the info that is of actual use).
A caveat using the above procedure is the following: if a given CREDENTIALS instance has its scopes containing only:
https://www.googleapis.com/auth/youtube.upload,
then the API will respond with an error of type insufficientPermissions and of message Request had insufficient authentication scopes.
For to invoke successfully the Channels.list it would be sufficient that the scopes attached to CREDENTIALS to include either of the one below:
https://www.googleapis.com/auth/youtube.readonly,
https://www.googleapis.com/auth/youtube.
I am attempting to get get a Ruby on Rails project that uses the Google AdWords API.
What I did so far, following the steps in this guide:
I created an AdWords Manager account.
I created a test account that is part of the AdWords Manager account.
I set up the Ruby client library in my Rails project.
I then attempted to set up OAuth2 authentication with the example code from the guide.
However since the guide was written (and the video version of the guide was made) it seems that the interface has changed. I am able to create a Client ID client_secrets.json-file, or a Service Account .json file. I am able to export these and read the settings from .
I added the required settings, using an OAUTH2_SERVICE_ACCOUNT .json file.
Now, when attempting to connect, I get back the AdwordsAPIException AuthenticationError.NOT_ADS_USER.
I therefore know that the actual authentication works. However, the authorization does not.
How can I turn on AdWords API support for the oAuth credentials from my google accounts? The Google Credentials Console lists many APIs that you can turn on, but the AdWords API is not in there. The AdWords guide does not mention turning on an API at all, and only tells you to create a new Credential.
What is going on here?
The Adwords API does not need to be added to your project in the Google Cloud console (it's always enabled)—as indicated by the error message, the actual problem lies in the fact that your service account does not have access to any Adwords accounts.
As a matter of fact, the only way to use service accounts to authenticate against the Adwords API is when you're also using a G Suite domain (see the corresponding documentation, section "Prerequisites".
If you have a G Suite domain, you'll need to
Enable "G Suite Domain-wide Delegation" on your service account key
Add the project ID of the Google cloud project to your G Suite domain's authorized API client list
Use your service account to impersonate any user from your G suite domain that has Adwords access
As you can see, it's quite an involved process. My recommendation (that is shared by the above article) is to use an OAuth2 installed application flow for any user that has Adwords access. This requires to store the obtained refresh token on your end, but is more flexible (and arguably safer) than a delegation-enabled service account and easier to set up.
let's say I've created slack app and I have client id and secret.
What is the easiest way to get SLACK_APP_TOKEN in my hands that will be able to create channel?
If you want a proper access token that is related to your Slack App the only way to get it is to install your Slack app with the OAuth process as described here in the Slack documentation. You will need a mini website with a script (e.g. PHP) to perform the installation.
The so called test token will also allow you use the Slack API (e.g. to create a channel), provided that the user that created the test token has that right on your Slack. It is the easiest to obtain, but it will always be linked to a user account, not a Slack app. And you can not request specific scopes for it. So for most applications its better to use a Slack App and get a proper access token by installing it.
If you are looking for an example for an installer script, here is a complete script in PHP. It will run on any webserver that supports PHP. Its very basic, but it will work just fine.
I'm creating a simple iPhone app. The basic premise is that the app will display some data (That I provide online) on the application. The data changes over time, so the app has to draw the data from online and display it. I don't have a significant programming background so I don't want to use my own server.
Thus, I thought it would be significantly easier to just put the data into some documents on a Google account and then access them programmatically via the Google Drive API. I could then update the data in my Drive account and it would get updated in the application. The key here is that I am ONLY accessing ONE account that I own MYSELF. The users' accounts are not being accessed. Therefore the goal is to never have to log in manually. It should all happen behind the scenes, aka, it should look like a server, not a google doc.
With this in mind, it doesn't make sense to show the Google Accounts sign-in page to my users as the standard OAuth2.0 tutorial shows here:https://developers.google.com/drive/quickstart-ios#step_1_enable_the_drive_api
I should be able to access my own data by somehow hardcoding in my username, password etc. Google agrees here: https://developers.google.com/drive/service-accounts#use_regular_google_accounts_as_application-owned_accounts
The above link mentions a "refresh token" that I'm supposed to save. However, I have no idea how to build and save that token, or even for that matter, where to find it.
I've gone through both the basic tutorial and the Dr. Edit Tutorial for iOS, but they both assume that the application is accessing USER accounts not application-owned accounts.
I'm not asking for someone to write the code for me (though tidbits are nice), but if you can point me to a step-by-step guide or related sample code that would help me get started that would be awesome. I'll even come back and post the code that I use!
EDIT: Since I realized that the Google Drive API wasn't something I could use for what I am trying to do, I eventually found Parse which is an awesome tool that handles all the server backend for me and is free at the basic level.
Google APIs objective-C client library doesn't support service (application-owned) accounts, because they are supposed to be used by a server-side apps, instead of clients -- you shouldn't be distributing your private key as a part of an app.
If you would like to distribute content from a service account, maybe you should write a server leg to do the authentication and pass clients credentials in a secure way for them to talk to the API on the behalf of the service account. Or, use Web publishing to make documents universally accessible without authorization and authentication if privacy is not a concern.
I'm in the process of learning how to interface with OAuth. I'm using a fusion table as the back end of a database and then using google apps scripts to interface with that database. Parts of the apps script will run of time scheduled triggers while other parts will be published as a webApp. I've run into some other OAuth issues (see thread link below), but this question is much more fundamental. When reading the Google API OAuth literature, it describes different OAuth flows and I don't know which one my program is. Is my application a "web server application", "client-side", "service account" or what.
Google API OAuth info: https://developers.google.com/accounts/docs/OAuth2
Other Thread: Getting Google Apps Script to Authorize Fusion Table API
First of all, the fact that you install a trigger to run a certain function at certain times has no bearing on which Oauth Flow you should use.
Oauth is used to allow Users of your App to grant your App permission to access certain resources that normally only they would have access to.
When you include certain API calls in an App Script, Google Apps automatically presents the user with a Dialog asking for "Authorization" to use these resources on their behalf.
Therefore, in your use case of an App Script as a Front-End to a Fusion Table, you would not need to use Oauth to get Users to Grant permission.
You can Publish your Script to "act" as the User or as the Script Owner.