I used YouTube Data API a bit. My page does display users input from Google's servers eg video title. Would you be able to get an XSS by putting to code on Youtube and calling in back on my domain.
YouTube does not allow tags to be created so XSS over an API is no worry.
Sorry don't uses YouTube upload that much
Related
We're working on an integration with youtube channels (using Youtube Data Api v3). We need to access the videos (private also) on our user's channels.
The flow is the following:
User authorizes his/her youtube account on our site using OAuth.
We show user the list of videos on user's youtube channel.
User selects some of them (they can be private) and sends us for processing.
We need to somehow access the actual video files which the user asks us to process.
The issue is that youtube does not give any streaming URLs or download links.
Looks like, the API provides only iframe embedded code, which works ONLY for the browser, where the user is actually logged into youtube.
How can we access(can we?!) the private video, if we have the OAuth access-token of the video owner?
The YouTube Data API lets you incorporate functions normally executed on the YouTube website into your own website or application. The lists below identify the different types of resources that you can retrieve using the API. The API also supports methods to insert, update, or delete many of these resources. This in a sense means that you can see most of what you can see on the YouTube website including uploading new videos.
Downloading Youtube videos is against their Terms of Service, so the API does not support that.
Page linked above refers to Youtube ToS that states:
You shall not download any Content unless you see a “download” or similar link displayed by YouTube on the Service for that Content.
YouTube partners may have access to this feature in their API (no idea i have never seen the api), if you have access to this i suggest you contact your manager directly they should be able to instruct you on how to access it assuming the feature exists.
I want to retrieve videos about my website posted in YouTube, so I want them to display on my website. I want to write code using the YouTube API that are posted using hashtags. I want to know how to use the YouTube API for hash tags to get the videos.
I have a C# program I wrote using the Youtube API V3 that manages my channel's videos.
I already have all the OAuth 2.0 stuff sorted out and I'm looking for a way to tell Youtube that the authenticated account watched the video.
The reason being that I use the "watched" feature to determine which of the videos in my feed is the last one I actually watched.
Is there a way to do that?
Or is it purposefully not in the API because it messes with the view count?
Of course I checked Google and Google's API reference first, didn't find anything.
I have searched the web for tutorials and instructions but could not find any on this... So I was hoping maybe someone here can point me in the right direction or just link some good tutorials. (By the way I am willing to make a basic YouTube client app which lets the user search for videos and than watch them...nothing too fancy).
Thanks in advance!
Oh buddy.... welcome welcome to the world of parsing JSON files and putting up with BADLY documented APIs :)
Well I was looking into this a few months ago and I managed to get it working. Here are the things you have to do:
Step 1 - OAuth 2.0 Integration
Will your app allow the user to login to YouTube so that they can comment/like/etc... videos? If so, then you will need to get the user to login to the YouTube API via your app first before they can do these kind of things. In order to do that, your app will need to use OAuth 2.0 to communicate with the YouTube API. Here is a superb library which you can use to authenticate with the YouTube API via OAuth 2.0: https://github.com/BHughes3388/BAHYouTubeOAuth
Step 2 - Keychain - Access Token storage
If you are new to OAuth authentication, then it can be daunting at first, but once you play around with it and familiarize yourself with it, you will realize that it is very easy to work with.
So overall, the way it works, is that your app contacts the API (in this case YouTube V3 API) and requests a webpage. The webpage allows the user to login to the APi and grant your app access. Once this has been done, the API will send your app an "access token". This token will need to be used in all (or most) of your API requests (it depends on the type of request).
Once you have obtained the "access token" you will then need to store it securely. Its basically a password, so you need to keep it safe. Do not do what some people do, which is to use NSUserDefaults, that is not secure at all. Instead you will need to use Keychain. This is Apple's secure encryption/storage library which can easily be used to save secure strings such as passwords.
In order to use Keychain to securely store and retrieve the "access token" when you need it, take a look at this SO post, its great: How to use Keychain for saving password like GenericKeychain sample code
Step 3 - YouTube API V3 - https://developers.google.com/youtube/v3/
Right so now, the harder bit. You need to read through the Google YouTube API V3 and go through the API reference documents to find the specific URLs which will return the data you are looking for. For example: if you want to get a list of videos from the home feed of a user or from a simple search, then take a look at this API reference page: https://developers.google.com/youtube/v3/docs/videos/list
Step 4 - Extract the video URL
Before I talk further about this step, I should mention that Google says you should present videos in a simple webview with YouTube HTML code which simply embeds the video view in your app. But in my opinion (and many other devs), this looks and works horribly....
So if you want to display YouTube video in your app via the native MPMovieplayerController, then you will need to extract the video URL first before you can do this.
When you make a request to the YouTube API for a set of video(s), you will get a JSON file back, this file contains a list of videos (videoIDs, titles, dates, etc....).
You will need to parse the JSON file for the video IDs. Once you or the app user has selected the video that they want, you will need to use then pass the video ID for that particular video to a "YouTube video link extractor" library. This library will then return a set of video file links for that video. These links can be used in conjunction with MPMovieplayerController to display the video natively.
Here is a great YouTube video file url extracter - https://github.com/runmad/RMYouTubeExtractor
Good luck :)
I would like to display a list of videos from a YouTube playlist in an intranet application.
Is it possible to get the list of videos from a YouTube playlist using the Data api (or any other way) without requiring the user to login?
Everything that I have read so far in the YouTube data api requires the user to be signed in to authenticate.
unfortunately, you can't access youtube data API with anonymously user.
Your application must have authorization credentials to be able to use the YouTube Data API.
The Developers Console associates your credentials with the APIs that you indicate that your application will use. Note that the Developers Console does not allow you to select the YouTube Data API (v2). However, authorization credentials for the v3 API will also work for the v2 API.
If possible, you should actually use YouTube Data API (v3) rather than the v2 API in your application. The YouTube API blog explains some of the benefits that the newer API offers, and we have added a year's worth of additional functionality to the API since that blog post!
related link : https://developers.google.com/youtube/2.0/developers_guide_protocol_oauth2#OAuth2_Client_Side_Web_Applications_Flow