The YouTube documentation for the video feeds API is documented here:
https://developers.google.com/youtube/2.0/developers_guide_protocol_video_feeds#User_Uploaded_Videos
It states:
To request a feed of all videos uploaded by another user, send a GET request to the following URL. This request does not require authentication.
https://gdata.youtube.com/feeds/api/users/userId/uploads
I have found that the non-SSL format (http) of this API works as well.
I would prefer to use this version of the URL because I do not require SSL. However I am concerned that it is not documented (and thus might be dropped in the future). So, my question is, is the http form of this API officially supported?
I use HTTP too. The demo page from YouTube does not use HTTPS too: YouTube Data API
You should be perfectly fine by using HTTP.
Related
I am building a website which uses the YouTube Data API. I am new to using such APIs.
My need:-
I need to receive videos and show its thumbnails.
My problem:-
If I use JavaScript to receive videos (I mean, from the client side), then my API KEY will be exposed.
My solution:-
I will use my server for such requests (to the YouTube Data API) and my client side will receive the YouTube Data API response through AJAX to my server.
So, my solution worth the problem?
Can you embed a YouTube video using HTTP - so that all resources requested use HTTP requests instead of HTTPS requests?
I tried modifying the URL of the embed to start with http:// instead of https:// but both version result in HTTPS requests being made.
No way Google would allow it's sites to use HTTP only. HTTPS is the default setting for Google's domains as mentioned in Protecting data for the long term with forward secrecy
You should also use HTTPS, for your own security.
I am working on some app which as API call. while i add proxy in mobile and see response in web debugging tools. I can see my api call parameters and response too.
while in others app I cant see this things and it is secured.
how can i acheive this?
Pictures said your API is using non-secure HTTP protocol while others app using HTTPS. The Web API should be performed via HTTPS protocol. HTTPS using SSL/TLS as secure transport layer, it means all data are encrypted before they're online. So, we don't care about any kinds of proxy
I'm trying to make a GET request to the Asana API from the browser. Because this is a cross-domain request, the client first sends an OPTIONS request. I'm running into the same issue that was described in this Stack Overflow question a year ago, ASANA API and Access-Control-* headers, where the Asana API doesn't respond with the Access-Control parameters.
I'm wondering whether the new release of the Asana Connect and OAuth2 addresses this problem and I'm simply doing something wrong or if this is still unsupported.
(I work at Asana.) Sorry, looks like this slipped through the cracks.
We currently do not allow Cross-Origin requests. However, we do support JSONP if you use Oauth2 and authenticate with a bearer token. This allows you to make secure requests from a JS client.
Just append opt_jsonp=CALLBACK as a parameter to the request, where CALLBACK is the name of the javascript function you would like to be called back with the response data.
I'm creating a viewer app for Windows Phone 7. The app already handles the OAuth2 stuff and succesfully browses Google Doc's folder structure.
I use Google Documents List API 3. BTW browsing works perfectly without using request headers, instead I append the access_token to the request Uri.
Now the app needs to show files to the user, if possible without downloading them first. This means that I want to set the UI's Image.Source to the Uri of an image, the UI's MediaElement.Source to the Uri of a video and the BackgroundAudioPlayer.Track.Source to the Uri of an audio file. Obviously I can't use request headers in this scenario.
However it seems that simply appending the access_token to the download Uri doesn't work. The UI elements fail with generic error messages, and if I manually try with a web browser (which isn't logged in to Google) it shows an empty screen, a 401 error or it redirects to Google's login page.
Is it possible to download/stream a Google Data entry just by defining the Uri? If yes, what does the Uri need to look like?
Support for authorization using the access_token URL parameter has not been allowed on purpose for security reasons. Basically if a user would be to open a malicious file on a browser (e.g html containing some Javascript would suffice) the malicious code on the file could steal the access token in the URL and send it to a third party bad guy.
To access the file you need to authorize using "Authorization" HTTP header. Simply add an HTTP header to the request which is like:
Authorization: Bearer access_token_here