Does Instagram API policy allows to use
https://instagram.com/{user-id}/media/
endpoint to fetch latests media from iOS app. We tried to use documented
api.instagram.com/v1/users/{user-id}/media/recent
but it requires access token. By investigating Instagram web app I discovered that it is using endpoint from first link for fetching user's data.
The Instagram web app is not using the link you provided, it is using:
GET https://instagram.com/{username}/
And in the response inside a script tag it sets Window._sharedData with all the data including the user's media:
window._sharedData.entry_data.UserProfile[0].userMedia
I am not sure about the policies, but you may fetch and extract this data without calling the API.
But, using the API would be easier and the preferred way. As you are going to fetch some public media, you can use a fixed client_id instead of an access_token to avoid authentication:
Some API only require the use of a client_id. A client_id simply
associates your server, script, or program with a specific
application. However, other requests require authentication -
specifically requests made on behalf of a user. Authenticated requests
require an access_token. These tokens are unique to a user and should
be stored securely. Access tokens may expire at any time in the
future.
The API call:
api.instagram.com/v1/users/{user-id}/media/recent/?client_id={client_id}
Instagram username is not a user-id. you can find user-id by link : http://jelled.com/instagram/lookup-user-id
Related
I have already used google sheets API before, but it seems now they have new policy, so I can't add the required scope that allows you to write data (in my case - metadata) to a spreadsheet (https://www.googleapis.com/auth/spreadsheets) without verification. (I get 403: "Request had insufficient authentication scopes.")
Is there any way to write data to a spreadsheet, even just for developing (maybe write only to a sheet that I have created as the owner of the project) without verification, or maybe I'm doing something wrong?
According to the Google Sheets API documentation:
When your application requests private data, the request must be authorized by an authenticated user who has access to that data.
Every request your application sends to the Google Sheets API needs to identify your application to Google. There are two ways to identify your application: using an OAuth 2.0 token (which also authorizes the request) and/or using the application's API key.
Therefore, the scope you are using, the https://www.googleapis.com/auth/spreadsheets is the one which allows reading and/or writing acces to the user's sheets and their properties and it requires authorization.
So what you can do to solve your issue, is to use a service account.
You should create one for your project in the API console and then your application will make authorized requests by using the account's credentials to request the access token from the OAuth 2.0 server. Hence, the authentication procedure won't be necessary every time since the application will be calling the API on behalf of the service account.
Furthermore, I suggest you take a look at these links, since they might be of help:
Authorize Request with Google Sheets API v4;
Using OAuth 2.0 for Server to Server Applications;
Using OAuth 2.0 to Acces Google's APIs.
I want to use Dropbox for my file share application, using Core Dropbox APIs. I am using OAuth 2.0 APIs for authentication (Implicit Grant Method).
The issue is, In order to obtain the access token, I need to be logged-in to dropbox account or it redirects me to Dropbox login page. I don't want my users to enter the login crediantials.
Is there any way to avoid login process, and directly get access token??
Or Alternatively can I do login using some login api in backend, without user iteraction??
here I am considering a single Dropbox account, whose all necessary crediantials are with me.
Thanks.
Yes you can do this.
Do the following:
Go to https://www.dropbox.com/developers
Click on "App Console"
Click on "Create App"
Select "Dropbox API app"
Select "Files and Datastores" for the type of data.
Answer the rest of the questions with your own preference for access
Here's the bit that you need. Once the app is setup, in the App Console, click on the app. On the main page for the app, in the OAUTH2 section, there's a button that says "Generate Access Token".
Click on this button, and it will generate a non-expiring access token that you can copy/paste and use in your app to give you access without having to do the Oauth2 authentication dance.
Here's an example of using the access token with curl to list files in a folder (and get other meta data).
curl https://api.dropbox.com/1/metadata/dropbox/YourFolder -H "Authorization:Bearer XYZ123"
Where XYZ123 is your access token you generated from the app console of the app.
As long as you include the Authorization: Bearer in the header of your request, you can use all the API calls in the Core API withouth having to supply an app ID, secret, or do the oauth2 authentication dance.
Since you want to use your Dropbox account to store the files, there's no reason to bother other/your users with a login: just obtain an access_token for your client in the regular way (which requires you to login to Dropbox) store it in your application and use that access_token in your calls to the Dropbox APIs. Dropbox' access token never expires according to Dropbox Access Token Expiry so that should be all you need.
As you have probably seen in the core api documentation, Dropbox does not offer this feature.
You can automate the process by simulating the user interaction with the website, though. This can be done with the requests module. I developed a solution for my project:
https://github.com/joe42/CloudFusion/blob/master/cloudfusion/store/dropbox/dropbox_store.py#L214
Maybe this can be done more easily using a solution like PhantomJS, though I did not know about it at that time.
Putting probable solution to my own question here:
The main issue here was about re-generation of the Access Token at some intervals, that too without any user interaction, a backend stuff.
After going through Dropbox APIs, I concluded there is no API exposed for re-generation of Access Token automatedly.
But Google Drive do offer Service Account, which do not require user interaction.
Is it possible to retrieve Facebook page posts in an iOS application without having to use Facebook Login?
I am currently using the Tumblr API which works perfectly fine and delivers pictures and texts from everything that has been posted.
Any help would be much appreciated.
Thanks.
Facebook SDK says, that you need any valid access token if the post is public. So just use your app access token.
Read how to request app access token here.
Yes, this is possible. There are two options from my point of view:
If your Page is only posting in public, you could use an App Access Token
If your Page also contains non-public Posts, you should use a Page Access Token
See https://developers.facebook.com/docs/graph-api/reference/v2.0/page/feed/#readperms
An access token is required to view publicly shared posts.
A user access token is required to retrieve posts visible to that person.
A page access token is required to retrieve any other posts.
An App Access Token will not expire unless you change your App secret, a Page Access Token will expire the latest 60 days after issuing.
You should consider to wrap this in an own webservice, so that you don't have to hard-code an Access Token into your App. With an own webservice, you could encapsulate the Access Token validity issues.
I recommend their graph api for such tasks
Using it I have successfully retrieved page level data using Facebook graph api(REST)
using an app token(public posts)
user token(posts visible to that user) or
page token(all posts in page)
App token is obtained by default on creation of your Facebook app(easiest way)
User token is obtained on a user oauth login(needs oauth,can be done with oauth libraries)
Page token is obtained with a second call to Facebook, after obtaining the user token if you have manage_pages permission from the page admin (needs oauth and a second call to Facebook)
Try Facebook graph explorer and hit the page URL to get a json response of your page information.
Play with the graph explorer
https://developers.facebook.com/tools/explorer/
Page data reference
https://developers.facebook.com/docs/graph-api/reference/v2.0/page/
Access token reference
https://developers.facebook.com/docs/facebook-login/access-tokens
I'm building an iOS app that will use instagram photos in a slide show as the background of the app.
What I want to do is just set up a specific account that I can upload pictures to, and then the app will pull in the most recent photos from this account.
So far, I've set up the account and have been able to generate an access token manually by inserting my client id and redirect URI into this URL
https://instagram.com/oauth/authorize/?client_id=[CLIENT_ID]&redirect_uri=[REDIRECT_URI]&response_type=code
However, I've read that the access token generated from following this procedure is not permanent. I do not want the users of my app to ever see the authentication going on in the background. They themselves will never actually login into Instagram.
What would be the best way of making sure my app is always authenticated at launch and that the access token is always valid?
Thanks
A typical OAuth flow has the resource owner (a user) approve or deny requests from a client application. When you first got an access token, you had to complete a form approving access to Intsagram by your app.
Since you want to hide the auth_server/resource_owner interaction from your end users, you'll have to automate the role of the resource owner. The access token should tell you when it expires. Since it's your redirection endpoint that has the access token, that's where you'll need code to detect the token will soon expire and request a new one. Your code will need to
Simulate a request from the client app by going to https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=code
Respond to the HTML page that is returned. Approve the request.
The server will respond with an authorization code that you can exchange for
a new access token.
There are some hoops to jump through because OAuth is designed for the resource owner to approve or deny each request.
I don't think you would want to do this by logging into the target account because having your app's user log in to Instagram as the account you are talking about may be unnecessary.
While I am not an expert on the Instagram API, it looks like you can avoid using an access token for getting the feed of a particular user.
Here is some support for this:
Do you need to authenticate?
For the most part, Instagram’s API only requires the use of a client_id. A client_id simply associates your server, script, or program with a specific application. However, some requests require authentication - specifically requests made on behalf of a user. Authenticated requests require an access_token. These tokens are unique to a user and should be stored securely. Access tokens may expire at any time in the future.
http://instagram.com/developer/authentication/
If a client ID is only associated with your application and does not require the user to authenticate, it appears that this endpoint should work:
GET /users/user-id/media/recent
https://api.instagram.com/v1/users/3/media/recent/?client_id=YOUR-CLIENT_ID
The functionality is the same with the previous one, but use client_id
instead of access_token
PARAMETERS
COUNT Count of media to return.
MAX_TIMESTAMP Return media before this UNIX timestamp.
MIN_TIMESTAMP Return media after this UNIX timestamp.
MIN_ID Return media later than this min_id. CLIENT_ID A valid client id.
MAX_ID Return media earlier than this max_id.
http://instagram.com/developer/endpoints/users/#get_users_media_recent_with_client_id
I have a webapp which does a lot of ajax requests with the php server and database server. I have also created an iPhone app and an Android app, which have been working as offline apps till now.
Now I want to create an API which will be used to sync data between web server and smartphone apps. Should I be using OAuth for this? What I have read about OAuth - it seems like it is used if I want to open my API to be used by third party apps. But here I just want to ensure secure transfer of data between API and my own apps.
Can somebody shed some light on this?
The main usage of OAuth is to make third-party apps authorized to access private resources of a user on a website without giving user credentials to the third-party app. For example, suppose that Twitter wants to get the list of contacts from your Yahoo account. The traditional way is to give your username and password to Twitter. But with OAuth, you give them a temporary token (called Access Token) which authorizes Twitter to access your contacts on Yahoo for a limited amount of time (until either this token expires or you, as the owner of private resource, explicitly revoke it).
That said, OAuth is not about securely transmitting data on the web. That's another story which is usually achieved using SSL. Even when you use OAuth, you have to use SSL alongside to make sure data is sent and received securely.
So in your case, you have to see what the API is used for. If it's public API which doesn't give any private data to the callers, there is no need to use OAuth. If the API is for accessing private resources of individual users however, You may consider using OAuth. If you opt to implement OAuth, you may allow other third-party apps to access your API in future without any concern.
Well a lot depends on how you are securing your API. Is your API open to public specially the post urls? If your data is not something which every user should see, then how are you checking the authentication of the user credentials?
Most the important thing is that we should avoid sharing the username and password over the wire to check for authentication all the time. This means, your API should not require username and password to validate if the user is valid. Which you can do by sending the username and password from mobile or device id or some other thing.
In such situation, the OAuth server comes to the rescue. Basically, on one URL a user will send his username and password to get his access token. Once that is acquired, we can use the access token to validate each request and take necessary actions.
You can refer the videos where I have implemented OAuth server in Laravel 5 using bshaffer which is one of the best OAuth library for any PHP framework to user. https://www.youtube.com/watch?v=0vGXbWdtjls