I just need to retrieve a public user feed, but some aspects of Twitter's documentation are terrible (unless someone else knows of a "What you can do with the API" page). Do I need to use OAuth for something as simple as that? Does registering an application with Twitter make it public in any way? (I would expect not, but the "Application Name" must be unique, which makes me worry.)
Using Twitter API v1 you do not need OAuth to retrieve public user_timelines. OAuth could be useful for an increased rate limit however.
In Twitter API v1.1 authentication with OAuth is required for all API requests.
Related
I'm trying to recover list of review from google to displayed them on a customer's website.
I discovered this API and i thought I could use it but I'm having some issue doing so.
Customer asked access to this API and then gave me oauth2 credentials.
Before calling this API from code I wanted to try it from Insomnia, I used OAuth2 method as specified in doc, there are my parameters :
Without redirect url I have is error :
But with I have a popup to login to google account, I don't understand why as I have provided client id and secret, shouldn't be enough for authentification ?
I don't know if I'm missing something or have configuration issue somewhere ?
Client id and secret relate to your general access to the GMB API and the GCP project.
The pop-up authentication is for GBP API data access scope - so you need to use a Google account that actually owns GBP locations that have the reviews you want to retrieve.
We've successfully integrated Log In with PayPal (formerly PayPal Access) however we would like to make REST API requests on behalf of the authenticated user (with their permission).
The scopes available for the Log In with Paypal OAuth service make no mention of Rest API. Basically what we would like to do is import transactions and payment information from our authenticated users paypal account, into our system.
The documentation for the Rest API seems to imply that if we wanted to this, we would have to require our users to create an application themselves and provide us with the consumer key and consumer token.
I'm hoping someone on SO has done something similar and can point me in a more realistic direction. The Classic API seems like it could be a possiblilty, but we can't find any documentation regarding support for OAuth.
Unfortunately this is not available "yet". It's something in the works but unfortunately no date on the release yet.
I have had a search around stackoverflow, but was unable to find an answer to my question, so I thought I'd ask.
I'm currently working on an iOS app where I would like to get a feed of a public timeline without the user of the app being required to have a twitter account.
I am successfully able to do this using twitters v1.0 of the API and all works perfectly. Simply making a request to http://api.twitter.com/1/statuses/user_timeline.json?screen_name=username retrieves all the information that I require.
However, since v1.0 has been deprecated and V1.1 requires authentication for each request, I get a bad authorization error using this API. Having looked at the Twitter documentation and how to generate OAuth request headers, I don't fully understand the "Getting a signing key" section of the documentation in the link below. (this is my first time working with Twitter's API and OAuth, I'm trying to gain a good understanding, before I start the implementation)
https://dev.twitter.com/docs/auth/creating-signature
As I understand it, the consumer secret can be found when logging into twitter.com/apps but I'm not sure where I would get the "OAuth Token Secret" in order to generate a valid signing key.
Since this is an iOS app, I know I could use the TWRequest class, but to my understanding, this would require the user to have twitter setup on their device.
I hope the above makes sense and any help would be appreciated.
Thanks
If you go to the Twitter application you have set up https://dev.twitter.com/apps
You should see your Access token secret under the heading Your access token. If you don't see this then you probably haven't generated an access token yet.
I have a webapp which does a lot of ajax requests with the php server and database server. I have also created an iPhone app and an Android app, which have been working as offline apps till now.
Now I want to create an API which will be used to sync data between web server and smartphone apps. Should I be using OAuth for this? What I have read about OAuth - it seems like it is used if I want to open my API to be used by third party apps. But here I just want to ensure secure transfer of data between API and my own apps.
Can somebody shed some light on this?
The main usage of OAuth is to make third-party apps authorized to access private resources of a user on a website without giving user credentials to the third-party app. For example, suppose that Twitter wants to get the list of contacts from your Yahoo account. The traditional way is to give your username and password to Twitter. But with OAuth, you give them a temporary token (called Access Token) which authorizes Twitter to access your contacts on Yahoo for a limited amount of time (until either this token expires or you, as the owner of private resource, explicitly revoke it).
That said, OAuth is not about securely transmitting data on the web. That's another story which is usually achieved using SSL. Even when you use OAuth, you have to use SSL alongside to make sure data is sent and received securely.
So in your case, you have to see what the API is used for. If it's public API which doesn't give any private data to the callers, there is no need to use OAuth. If the API is for accessing private resources of individual users however, You may consider using OAuth. If you opt to implement OAuth, you may allow other third-party apps to access your API in future without any concern.
Well a lot depends on how you are securing your API. Is your API open to public specially the post urls? If your data is not something which every user should see, then how are you checking the authentication of the user credentials?
Most the important thing is that we should avoid sharing the username and password over the wire to check for authentication all the time. This means, your API should not require username and password to validate if the user is valid. Which you can do by sending the username and password from mobile or device id or some other thing.
In such situation, the OAuth server comes to the rescue. Basically, on one URL a user will send his username and password to get his access token. Once that is acquired, we can use the access token to validate each request and take necessary actions.
You can refer the videos where I have implemented OAuth server in Laravel 5 using bshaffer which is one of the best OAuth library for any PHP framework to user. https://www.youtube.com/watch?v=0vGXbWdtjls
I'm really new to this oauth stuff. I want to access a user's google reader liked items feed.
This blog says that oauth doesn't work (yet) with google reader. The working way seems to be to get the user's google credentials (email, password) directly, and login directly to google. This also gives me access to the rest of their services.
Is there a better way? I sure hope so, because ClientLogin is captchad. Not to mention I don't want the user to have to trust me with their google credentials.
Yes, there is a way ... but you still need the user's Google credentials to access the API. On the server-side, you can GET a secure token and authentication key ... these are then passed along with GET and POST requests to the Google Reader API to do whatever you want.
Here's a fairly robust C# tutorial (read the comments to make sure you're doing authentication right).
Here's an open-source PHP library that partially implements the Google Reader API without oAuth.
Authentication to Google Reader with Oauth is now available.