Fetching media by urls with Rest API - twitter

I would like to retrieve media inside statuses, but as I could read in the docs:
For media in direct messages, media_url_https must be accessed via an
authenticated twitter.com session or by signing a request with the
user’s access token using OAuth 1.0A. It is not possible to directly
embed these images in a web page
Now my question is, how to do that kind of request using Java API? or however what is the correct request with RestAPI, using App only auth?
another question: what is the difference for media in direct messages and media shared in Tweets? how can I see the difference inside json object representing a status?

what is the difference for media in direct messages and media shared in Tweets?
If an image is posted to a Twitter timeline, any Internet user can see it. For example on this Tweet the image is available to anyone, whether or not they're logged into Twitter. See https://pbs.twimg.com/media/CSGwFynWoAA2GGG.jpg
If an image is posted into a Direct Message, it is only possible for the sender and receiver to see the image. In order to enforce that, the user must either be signed in to their Twitter account, or send a signed request via an app.
For example, this image can only be seen by me & the person I sent it to https://ton.twitter.com/i/ton/data/dm/639737026624024579/639737026682691584/tg-4St-1.jpg
how can I see the difference inside json object representing a status?
The only difference (other than the API call you used to get the data) is the URl of the media. In a DM it starts with ton. e.g.
media_url": "https://ton.twitter.com/1.1/ton/data/dm/......
Whereas in a normal Tweet, it will look like e.g.
"media_url": "http://pbs.twimg.com/media/.......
Now my question is, how to do that kind of request using Java API? or however what is the correct request with RestAPI, using App only auth?
If the user is already logged in to Twitter, they will be able to download the image. For example, if you have written a web-app and the browser already contains the Twitter cookies etc.
If not - or you're using an app - you will need to sign the request on the user's behalf.
For REST - you need to send OAuth headers with the request. There's example code in the Twitter documentation
The extra header will look something like
Authorization:
OAuth oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog",
oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg",
oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1318622958",
oauth_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb",
oauth_version="1.0"
For Java, I'd suggest you take a look at how Twidere does it.

Related

How do I use the YouTube Data API to upload video to secondary channel on personal account

I have looked around Stack Overflow and seen a few posts about this but none of the solutions help.
I have a Google account which I use in YouTube. I have created a second channel on that YouTube account so that I can upload videos with a specific theme to separate them from the main videos.
Trying to use the Google API to upload the videos so that I can run it via a Python script, I keep hitting brick walls with Google who is looking for app verification, privacy policies and web page links - none of which I have.
This application is a Python script that's not available to the public and doesn't gather any public information. All I am trying to do is upload videos to my own personal YouTube account.
So I'm beginning to think it is something else I should be using rather than the API (the uploading web page isn't suitable for use in a script).
My two question are:
Can I use the YouTube API to upload a video directly to the second channel on my personal YouTube account?
Is there another simpler mechanism I should be using to upload videos via a script to my personal YouTube account? The reason I have to do it via script is that the device is unattended.
Thanks,
David
You have to acknowledge that each and every app (this to be understood in a broad sense that includes even a small script like this one from Google upload_video.py) must be verified and approved by Google prior to be able to make videos publicly available via the YouTube site.
Answer to question no. 1: yes, that is perfectly possible.
As part of the OAuth 2.0 authentication/authorization flow, you will be presented, within the browser, with the option of selecting to which account your app is to be given access rights.
You may well exercise this behavior, prior to making use of your script, with the help of Google Developers OAuth 2.0 Playground.
Upon a successful OAuth flow, you may verify (and also revoke) the permissions granted by your account on the account's permissions page.
Answer to question no. 2: no, there's no way to upload programmatically videos on YouTube that's in compliance with YouTube's DTOS, other than using the Videos.insert API endpoint.
Addendum
Since by now you have at least two credentials sets, it may be of need to know to which of your YouTube channels a given credentials object is associated.
If using the Google APIs Client Library for Python, you may easily obtain from the API the channel ID to which a given credentials object CREDENTIALS is associated by issuing a call to the Channels.list API endpoint, passing to it the parameter mine as mine=true:
from googleapiclient.discovery import build
youtube = build(
'youtube', 'v3',
credentials = CREDENTIALS)
response = youtube.channels().list(
mine = 'true',
part = 'id',
fields = 'items(id)',
maxResults = 1
).execute()
channel_id = response['items'][0]['id']
Note that the code above uses the fields request parameter for to obtain from the Channels.list endpoint only the channel's ID info (it is always good to ask from the API only the info that is of actual use).
A caveat using the above procedure is the following: if a given CREDENTIALS instance has its scopes containing only:
https://www.googleapis.com/auth/youtube.upload,
then the API will respond with an error of type insufficientPermissions and of message Request had insufficient authentication scopes.
For to invoke successfully the Channels.list it would be sufficient that the scopes attached to CREDENTIALS to include either of the one below:
https://www.googleapis.com/auth/youtube.readonly,
https://www.googleapis.com/auth/youtube.

Using Instagram Basic Display API to get user's metadata

I am currently working on an iOS-App where Instagram users can fetch their data, such as profile information and images and will be able to post. There are similar apps like Flume (https://flumeapp.com/) which are capable of accessing those features. I already managed to get the access token and fetch the basic user information.
As the Instagram Legacy API will be shut down soon, I am wondering how to fetch detailed user information, as the Basic Display API only lists fields for account type, id, username and media count (https://developers.facebook.com/docs/instagram-basic-display-api/reference/user#fields).
In both the Basic Display API as well as the Graph API it says that creating media is not supported.
Can anyone tell me how other apps (like Flume) are able to perform those actions? Are they perhaps still using the Instagram Legacy API?
Thanks!

YouTube Data API - How to specify the channel you're uploading to?

I am creating an application which will be deployed on various sites and will upload videos from each site to YouTube periodically. I have already got videos uploading but ideally each site would have its own channel.
I had a search to see if anyone has encountered this issue (Don't reinvent the wheel, right?) but the only thing that I found was a couple of threads referencing the onBehalfOfContentOwner parameter detailed in the api here.
This isn't relevant to me as I'm not a content partner; at least I don't think I am. The Google API help documents then sent me here, so here I am.
I have created a YouTube brand account with, for the moment, two channels. Obviously, each one has their own channel id. So far I have tried the following:
Specifying the ChannelId when creating a Video Snippet, I couldn't see anywhere else to set it or an appropriate object to use. I tried with two different channel ids using the same OAuth credentials.
Creating two separate api projects with two unique OAuth credentials and then loading these credentials at runtime. I was only using one set of credentials throughout the lifetime of the app and then changed to the second credential set once I had tested that the upload was still working. The first credential set that I used prompted me to login and
subsequently select an account. The second set didn't prompt me at
all but the video was uploaded on the same account that I had
selected previously. I was logged out of YouTube and my browser was
closed in both instances; the browser does not store any details once it is closed.
I guess really my question is this. What is the best practice for specifying which channel you want to upload to? The application I'm using will be running automatically at set times, so I cannot have user interaction during the upload process. (Selecting an account during initial setup would be fine though!)
Any help is greatly appreciated. Thanks in advance.
EDIT:
I found that the API automatically uses an access token on the local machine if one is present in C:\Users{USERNAME}\AppData\Roaming\Google.Apis.Auth ; even if I am using a different OAuth credential in my application. Deleting the access token file will cause a login prompt to appear the next time you use the api from this machine.
For my application, this will be acceptable as when I deploy there is only the need for a one-time login and gain the access token which will then refresh every hour. It will also mean that I can choose which account/channel I am uploading to for each of our sites. Whilst I acknowledge the answer given by MαπμQμαπkγVπ.0, I do not believe that this is applicable here given that I am not a content partner as previously mentioned.
If someone can tell me how to do this through code instead of deleting the access token, that would of course be a preferred solution. (Or let me know that I am a content partner so I can try the onBehalf parameter)
I found that removing the OAuth token on the PC that my application is running on allows me to reselect the account/channel that I'm uploading to.
It appears that the authorised channel is determined using this token and once present it will automatically refresh every hour. Seeing as one PC will only ever upload to one channel for a given site, I think it is acceptable that I will have to go through a one time setup for each site to gain a token.
When you want to specify the channel you need to upload the video, i think you may need this parameter in your code:
onBehalfOfContentOwnerChannel- This parameter can only be used in a
properly authorized request. This parameter can only be used in a
properly authorized request. Note: This parameter is intended
exclusively for YouTube content partners.
The onBehalfOfContentOwnerChannel parameter specifies the YouTube
channel ID of the channel to which a video is being added. This
parameter is required when a request specifies a value for the
onBehalfOfContentOwner parameter, and it can only be used in conjunction with that parameter. In addition, the request must be
authorized using a CMS account that is linked to the content owner
that the onBehalfOfContentOwner parameter specifies. Finally, the
channel that the onBehalfOfContentOwnerChannel parameter value
specifies must be linked to the content owner that the
onBehalfOfContentOwner parameter specifies.
This parameter is intended for YouTube content partners that own and
manage many different YouTube channels. It allows content owners to
authenticate once and perform actions on behalf of the channel
specified in the parameter value, without having to provide
authentication credentials for each separate channel.

Get facebook Page Access Token using SLRequest

How do I get Facebook Page Access Token using SLRequest (with a graph api call) on iOS.
I have an app that posts photos to a particular Facebook page. I've got it working through php so I know there is no issue with obtaining such permissions. But I need to do it completely in native iOS now.
In iOS, I've got post permission to said page owners feed, but that's not what I want. when I use the app token to post to a page (this is a photo album on a public facing page) it gives me 'permission denied errors'
I have this working through php using
$request = new FacebookRequest($session, 'GET',
'/me/accounts?fields=name,access_token,perms');
Just need to get the same for iOS using SLRequest as I'm using iOS Social framework
Thanks for the help
You should not make call to the Graph API using an App Access Token from a device. That is because the App Access Token should be considered like a password; storing it on a device is insecure because the token can be extracted using special software.
You can read more about this here: https://developers.facebook.com/docs/facebook-login/access-tokens#apptokens
...Again, for security, app access token should never be hard-coded into client-side code...
You can handle your situation in two ways:
Just make the call using the User Access Token. If you have the correct permissions from the user, you can post as that page to the photo album.
Send the data to your own servers and make a call, using App Access Token, from there to the Graph API.
I would suggest you use method 1. Its also for your rate limiting better to use User tokens instead of App tokens.

PHP server-side YouTube V3 OAuth API video upload for different users

Currently I am using a modified script to upload videos. I have taken the following example as a basis:
https://github.com/youtube/api-samples/blob/master/php/resumable_upload.php
This script uses browser based oauth flow.
Could you please tell me if it is possible to allow other users to upload videos to my channel without making them the channel managers? So that they could use my auth token.
If yes - how can it be inplemented?
Yes, that is definitely possible. You need to design an application that is capable of the following:
Authenticate the channel the videos shall be uploaded to via OAuth. As DalmTo said, you need to save the tokens. Whoever has the tokens has access to the channel.
Since your application has access to the channel by now, it (and therefore you) can decide what to upload. That means that you are responsible for granting or denying a specific user the right to upload something.
In order to do so, you could again use OAuth or any other method you like (e.g. you can use your backend accounts).
In other words, a user has to identify towards your application. Your application can then decide to take the user's content and upload it to the channel.

Resources