In the YouTube reference documentation found here:
https://developers.google.com/youtube/v3/docs/
It says:
"Every request must either specify an API key (with the key parameter)"
However, the language that is used in the Google Developer Console, they call credentials "Client ID" and "Client Secret"
Which one do they mean? Or are they talking about something completely different when they say "key?"
The key that the document is referring to is the API key. As stated in the link that you have provided:
Every request must either specify an API key (with the key parameter) or provide an OAuth 2.0 token.
If you will be accessing user's private data or simply insert, update, and delete request OAuth 2.0 (clientID and client secret) must be use.
One example would be Videos: insert.
If you just list videos using search keyword, request for a method that do not need to identify a particular user, you can use an application API key.
https://www.googleapis.com/youtube/v3/videos?key={API-key}&fields=items(snippet(title,description,tags))&part=snippet&id={video_id}
Hope this helps.
Related
I’m updating a third party app that currently integrates with Twinfield using the session’s method with username and password to use the oAuth method.
In confused by the documentation though... do I still need to use the sessions or when using oAuth do I just call the endpoint(s) by passing the access token in the header as normal?
Also their Soap definition has four properties, the usual ClientID and Secret but also accessSecret? What’s that?
TLDR: you no longer need to use the sessions and SelectCompany; when you have the access token you can use that and the company code directly in the header.
You can obtain the access token as described here.
The documentation is a bit unclear on how to use the access token in your calls.
In the old username/password/session flow, you referred to a SessionID in the SOAP Header, and you would do a SelectCompany call to select the relevant target ("administratie").
In the OAuth flow, the SessionID is no longer relevant. Once you obtained a valid access token, you should set that in the header using the AccessToken field.
Instead of the old SelectCompany call, you can set the CompanyCode directly in the header. So if you have obtained an access token eyWhatANiceToken, and want to retrieve data for company "My Company BV [130001]" you have set AccessToken to eyWhatANiceToken and CompanyCode to 130001 in the header.
You can request the available codes using the list offices call
We're trying to move from the older WindowsLive API to the new Microsoft Graph API. In the process, we're running into difficulty with the required OAuth 2.0 redirect_uri parameter in the app.
According to the Oauth 2.0 RFC, the redirect_uri must be an absolute path but can contain a properly encoded query string.
In our Windows app, we've setup the absolute path - their application tool doesn't allow query strings to be added: https://example.com/index.php
The OAuth request we make uses a redirect_uri with URL Encoding, including query params. This is necessary, we use a CMS (Joomla) that needs to know what should handle the request:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
response_type=code&
client_id={string}&
redirect_uri=https%3A%2F%2Fexample.com%2Findex.php%3Foption%3Dcom_jfbconnect%26task%3Dauthenticate.callback%26provider%3Dwindowslive&
scope=user.read&
state={string}&
access_type=offline&
approval_prompt=auto
However, the Graph API rejects this with:
"The reply url specified in the request does not match the reply urls configured for the application"
Anyone else run into this or understand why the Graph API doesn't accept query parameters either in the app configuration or on the token requests?
Edit - 5/8 - However, the application setup area does not allow query strings in the redirect_uri setting, which is correct according to the RFC. However, the Graph API isn't respecting this note of the RFC:
The endpoint URI MAY include an "application/x-www-form-urlencoded" formatted (per Appendix B) query component ([RFC3986] Section 3.4), which MUST be retained when adding additional query parameters.
This isn't actually being rejected by Microsoft Graph. Microsoft Graph is simply an API and it doesn't generate or manage access tokens. That process is handled by Azure Active Directory.
The error you're getting is due to your redirect_uri not being configured in your app registration at https://apps.dev.microsoft.com. The URL must explicitly match the URL configured in the registration. From the documentation:
The redirect_uri of your app, where authentication responses can be sent and received by your app. It must exactly match one of the redirect URIs you registered in the portal, except it must be url encoded.
For scenarios where you need to pass data through, you should encode those values in your state parameter. This will be returned to your redirect URI along with the authorization code.
Also note that neither access_type=offline or approval_prompt=auto are valid query parameters:
To retrieve a refresh_token, you add offline to your list of scopes (user.read+offline).
To set the type of prompt the user receives you use the prompt parameter. Valid options are login, none, and consent.
I try to use example "Read multiple ranges":
https://sheets.googleapis.com/v4/spreadsheets/{SpreadsheetID}/values:batchGet?ranges=Sheet1!B:B&ranges=Sheet1!D:D&valueRenderOption=UNFORMATTED_VALUES?majorDimension=COLUMNS
from: Google Sheets API v4 example
I replaced "spreadsheetId" with my spreadsheet id.
But when I send GET request (by Postman) I receive:
{
"error": {
"code": 403,
"message": "The request is missing a valid API key.",
"status": "PERMISSION_DENIED"
}
}
Than I used https://developers.google.com/oauthplayground/
I made authorisation for Spreadsheet API v4 with my email and at the end I generated a long link with key and saw correct response with content of my data table.
My question is next:
Why it's imposible to use the example from Google API (https://developers.google.com/sheets/api/samples/reading) only replace the spreadsheet id.
P.s Link to my spreadsheet is public, My spreadsheet is public and available in JSON format and what is correct use of url for Google Spreadsheet API v4 in order to send batchGet with multiple requests?
P.s.s I use another approach and it works but why first approach (v4) doesn't work:
https://spreadsheets.google.com/feeds/list/{SpreadsheetID}/od6/public/values?alt=json
When I tried to combine 2 APIs in one request and received and error "Inconsistent repeating query parameter ranges":
https://spreadsheets.google.com/feeds/list/{SpreadsheetID}/od6/public/values:batchGet?ranges=Sheet1!B:B&ranges=Sheet1!D:D&valueRenderOption=UNFORMATTED_VALUES?majorDimension=COLUMNS
======================================
Edited:
SpreadSheetID: 1KBk1J7TJCwnayMnTbaysqvFk98kVDdxXWNw2JYc3bW0
Available in incognito mode: Spreadsheet
In JSON format: JSON
Reference: Google Sheets API v4: Read multiple ranges
The same example with SpreadSheetID: ERROR 403
I believe you are missing API in the url. This is from google spreadsheet api doc.
To acquire an API key:
Open the Credentials page in the API Console.
API keys: A request that does not provide an OAuth 2.0 token must send
an API key. The key identifies your project and provides API access,
quota, and reports.
The API supports several types of restrictions on API keys. If the API
key that you need doesn't already exist, then create an API key in the
Console by clicking Create credentials > API key. You can restrict the
key before using it in production by clicking Restrict key and
selecting one of the Restrictions. To keep your API keys secure,
follow the best practices for securely using API keys.
After you have an API key, your application can append the query
parameter key=yourAPIKey to all request URLs.
The API key is safe for embedding in URLs; it doesn't need any
encoding.
Google Spreadsheet Docs
You have to make sure to pass in the key=YOUR_API_KEY as the request parameter.
For example:
https://sheets.googleapis.com/v4/spreadsheets/{sheet_id}/values/Sheet1!A1:D5?key={YOUR_API_KEY}
In addition to #skamble89's answer, this 403 error is usually caused by incorrect or missed some configuration in Authorizing Requests. If you're authorizing requests with OAuth 2.0, make sure you use the proper scope with it.
Make sure you have a permission to call this spreadsheet and you enable the Sheets API in your developer console.
The Sheet must have a Public link for the API KEY to be used.
You have to share the spreadsheet, select "Get Link", and "Anyone with the Link".
That gives a link like this: https://docs.google.com/spreadsheets/d/1ShTP408LPzLOGjqXQTRcmXXXXXXXXXXXXXPUteQmY7o/edit?usp=sharing.
So there, the Sheet ID is after: /d/, is: 1ShTP408LPzLOGjqXQTRcmXXXXXXXXXXXXXPUteQmY7o.
curl "https://sheets.googleapis.com/v4/spreadsheets/1ShTP408LPzLOGjqXQTRcmXXXXXXXXXXXXXPUteQmY7o/values/A1%3AD3?key={YourApy"
I want to fetch places from google place api, I just download SPGooglePlacesAutocomplete & created new API Key enable place, direction & map api's from Google API Console still i am getting error alert.
Any help very much appreciated.
I assume you are using key which is made for iOS apps.But SPGooglePlacesAutocomplete might be using Google's public API to fetch the places list. So in that case you should use key for your browser apps. You can refer following link for more elaborated ans
REQUEST_DENIED when using the Google Places API
The Google Places API Web Service enforces a default limit of 1,000 free requests per 24 hour period.
The "status": "REQUEST_DENIED" is returned by the Google Places API Web Service when:
You have not activated the Google Places API Web Service in the Google API Console.
The key parameter is missing from your request. EX.
https://maps.googleapis.com/maps/api/place/add/json?key=YOUR_API_KEY
The key parameter does not match the your API key in the Google API Console.
Your API key has not been correctly set up in the Google API Console:
If you are using a browser-restricted API key, check that your
allowed referer(s) are correct.
If you are using a server-restricted API key, check that your allowed
IP(s) are correct.
API keys with Android or iOS restrictions are not supported. Please
use a generic (unrestricted) API key, or a key with browser or server
restrictions.
The request was not sent as an HTTPS request, HTTPS is required for all Google Places API Web Service requests.
The incorrect HTTP method was used to send the request:
All requests must be sent as a GET request except for Place Add.
All Place Add requests must be sent as a POST request.
You have to Create API Key from this link & from google console make sure you have enabled Google Place API.
The Eventbrite documentation on the ticket object indicates that it can contain a quantity_available or quantity_sold field, but that to see either of these fields "requires authentication". It doesn't give any more detail than that, though, and when I make calls to the event_search method using my app key, the tickets objects in the returned events do not contain quantity_available or quantity_sold keys.
What authentication is required to see these fields? Are they only visible to the owners of the event, or is it possible in some way for me to have the API return the number of tickets available for somebody else's event?
If this is not possible through the API, is the number of tickets remaining for an event publicly visible anywhere else on Eventbrite where I could get to it with a web scraper?
This needs to be called as an expansion. There are some more details here:
https://groups.google.com/forum/#!msg/eventbrite-api/sjMO-gV8-Go/uzw7GHq2_SEJ
Basically, calling it like so will populate the proper fields using your Apps OAuth token in python3:
import requests
eventbrite_response = requests.get(
"https://www.eventbriteapi.com/v3/events/<YOUR EVENT ID HERE>/?expand=ticket_classes",
headers = {
"Authorization": "Bearer <YOUR APP OAUTH TOKEN>",
},
verify = True, # Verify SSL certificate
)
print(eventbrite_response.json()['ticket_classes'][0]['quantity_sold'])
You can tailor the print function at the end to include more of the json data if you wish.
In order to read or write private data using the Eventbrite API, you will need to supply additional user-authentication tokens. This extra information lets Eventbrite know who should be authorized to access private data (including quantity_available and quantity_sold values) during the request.
Whenever you provide additional user access tokens, both public and private data will be available.
Authentication parameters include:
app_key: An application key (also referred to as an API key), identifies the application that is contacting the API. All API requests must include some form of application identification. If this is the only authentication token provided, the API request will be limited to publicly available data. Application keys have a default rate-limit of 1000 requests per day. You can get and manage your API keys here: https://www.eventbrite.com/api/key/
access_token: Recommended. OAuth2 access tokens are tied to a user account and an application key. Since the user-authorized application can also be identified via this token, it is the only authentication parameter that does not require an application key to be provided as well. Be careful not to expose these tokens to other users! Additional request headers are required when using access_tokens to contact our API: “Authorization: Bearer YOUR_ACCESS_TOKEN_HERE“. You can learn more about how to configure your application for OAuth2.0 here: http://developer.eventbrite.com/doc/authentication/oauth2/
user_key: Each Eventbrite account has an associated user_key. This token provides access to the related user’s account data, in addition to our publicly available data. This authentication method is preferred for use-cases that require private data-access where OAuth2.0 workflows are not possible. This token unlocks sensitive information, so be very careful not to expose this token to other users!
Here is an example of an API call that is using both the app_key and user_key parameters to return private data (remember to substitute in your own app_key and user_key):
https://www.eventbrite.com/json/user_list_events -G -d app_key=APPKEY -d user_key=USERKEY
You can also see the authentication documentation here: http://developer.eventbrite.com/doc/authentication/