How long can a developer store permission-based user Instagram data (username, friends, photos)? I'm unable to find specific documentation on this.
The API Terms of Use are a little ambiguous on this. Section 1.2
You shall not:
Cache or store any User Content other than for reasonable periods in order to provide the service you are providing to Instagram users.
Your guess is as good as mine really
Related
Sorry if my question to too naive. But i wish to find audience level information for a particular twitter handle. Lets consider #BarackObama, i wish to find his followers by gender, age, language, location etc. I used python scripts in this link https://github.com/GnipDz/Python-Insights to achieve it.
I do have access to twitter ADS API but it still shows your application ID is not authorized when i try to run the scripts. Is there a special API or addition over Ads API to achieve this? can someone guide me as to how i can do this?
Those scripts use Twitter's enterprise (commercial) Audience API. This API does not enable you to access audiences for individual users, only aggregated data for large numbers of Twitter handles. Additionally, this is not a free-to-access API so you need to have an active enterprise subscription for this to work.
I'm not aware of any programmatic way to access this data, and particularly not for any organic account - the Engagement API enables access to Tweet engagements for the authenticated account, but you're not able to access that data for other users.
Specifically our app needs to obtain and refresh users' follower and following (count only) figures on an hourly basis. Does anyone know, or is there any official resource which explains precisely what data can be obtained with Instagram's Basic Permissions access? Respective rate limits is a bonus!
Thanks,
with basic permission, you can get just your Instagram profile info and posts. (i.e. the authenticated user's profile and posts)
https://api.instagram.com/v1/users/self/?access_token=ACCESS-TOKEN
https://api.instagram.com/v1/users/self/media/recent/?access_token=ACCESS-TOKEN
API limit for these APIs is 5000/hour
You cannot get just anyone's profile info or posts. For this you need public_content permission.
in my iPhone app, I implemented the Facebook API, to piggy back on their user identification.
Now, rather than polling Facebook every once in a while to see if the information of a logged in user has changed, I would like to use the 'User object subscriptions'. From this document I learned, that I have to create a Callback URL (done, and tested), and that my app needs to be Whitelisted.
On developers.facebook.com/apps/ I can't find a way to apply for being whitelisted, and Google doesn't seem to be my friend anymore.
I hope you are.
The docs are stating
...some of these objects may require your app to be whitelisted by Facebook for access.
Basic Realtime Updates should work without any whitelisting involved, at least they do so for myself.
Whitelisting your app is not always easy to do, as certain APIs are meant to be quite restricted at a developer level. You can find further information about whitelisting here if you have not already done so.
As far as whitelisting, in your case I believe it just a matter of your app settings and IP whitelisting, which you can find more information about here .
This is a very high level question, to a high level answer too, so I'm just looking for some pointers on the right direction.
Let's say I want to build a web application to manage a user's Google Contacts. I understand this is done by allowing the user to log in with his Google Account while asking for permissions to manage his Google Contacts. So far so good.
Now I want to expose my own API layer for external browser extensions, Android clients, etc. But while I want the API clients to authenticate against Google, I don't want the applications to have full access to the user's Calendar, as the Secret Token is stored on the server.
So, how is this typically handled? I would like to do it by the book as much as possible, without having to implement a lot of security code.
Btw, while the question is too high level, feel free to point me to technical docs.
Thanks
Limited access to the user's resources can only be guaranteed by limited OAuth scopes:
https://developers.google.com/gdata/docs/auth/oauth#Scope
Some APIs, for instance the Contacts API, only provide a single scope which gives you access to all the data. In cases like this, the user can only choose between giving you access to all his contacts or none of them.
Other APIs expose different OAuth scopes, allowing the developers to only request access to a subset of the user's data. A good example of this is the Google Drive API, which has 5 different scopes for the developer to choose from:
https://developers.google.com/drive/scopes
Let's say I am making a sign up form in which I asked user's twitter ID. How do I verify if the ID entered by user belongs to him/her? In case of verifying email we simply send a verification link which user has to click so how do I verify twitter ID? I have never used twitter before.
The only reliable and practical way to verify that twitter account X belongs to user Y this to do full on “3 legged” OAuth authentication. That being said, you may want to consider if you might be OK with just taking the user at their word on it.
Getting OAuth to work and securely storing the resulting tokens is much easier nowadays than it once was, but is still non-trivial.
Reasons to verify the twitter account, in increasing reasonableness:
You will be making enough server side requests, on behalf of multiple users, that you run up against Twitter’s API Rate Limiting. (Having multiple auth-tokens will allow for a higher API rate)
You need to automagically send tweets and/or follow accounts on the user’s behalf
N.B. do this as opt-in and be ultra clear about when/why you will be doing this, or you will face the justified fury of scorned users
Don’t verify the account if you’re looking to do these things:
You need to send tweets and/or follow accounts on the user’s behalf, and the user will be able to perform a browser based confirmation workflow for each of those actions; use Twitter’s Web Intents for this.
If you just want to pull in real time data for user’s avatar, bio, or recent Tweets Twitter supplies some prefab widgets for you.
All of the authenticated Twitter API Calls can be done client side with JavaScript. Twitter has a js framework, which does not require you to handle and store tokens on your server, to help you with that.
An alternate contact method for password resets, notifications, etc.
Private communication between users on twitter requires mutual following, many users probably never check their Direct Messages (or even know what a DM is), and any messages would be limited to 140 characters. Just use email for all that kind of nonsense.
If you’re just gathering this info to display it on a user’s profile page, in an “other places on the web” kind of way, integrating and maintaining all the server side OAuth pieces is likely too much bother. Just make sure you have a reasonable and clear TOS and an obvious way for 3rd parties to report any of your users who may be claiming a twitter account that is not their own.
If you’re still interested in OAuth, Twitter's Dev page has plenty of resources, including a nice overview of a generic “Sign In with Twitter” “3 legged” OAuth work flow.