I have an app where I am trying to integrate stripe API. I'm using the keys I'm getting in my test account and it seems like it's not working at all. It's giving me the following error
This API call cannot be made with a publishable API key. Please use a secret API key.
Please help me out.
It sounds like you're using your Publishable API key to perform an action such as charging a customer. Publishable API keys are only used to create payment tokens.
https://stripe.com/docs/keys
There are also two types of API keys: publishable and secret.
Publishable API keys are meant solely to identify your account with Stripe, they aren’t secret. In other words, they can safely be published in places like your Stripe.js JavaScript code, or in an Android or iPhone app. Publishable keys only have the power to create tokens.
Secret API keys should be kept confidential and only stored on your own servers. Your account’s secret API key can perform any API request to Stripe without restriction.
Please use "Secret key" of stripe for use stripe in laravel.
Related
I'm trining to create live stream on youtube using google API. Now it working only when I use oauth authorisation. When I use API key authorisation I get authorisation error (login required)
When I use oauth authorisation - it require to enter confirmation code each time I create new translation. Is it possible to use "liveStreams->insert" method of API with authorisation that does not require entering of confirmation code?
From what you are writing it appears to me that you haven't understood the concept of OAuth and when to use OAuth vs an API key.
Try to think about it this way: You, as a person, have a Google account. This Google account is not the same as your YouTube account (or, as it is more commonly refered to, your YouTube channel). But your Google account is associated with your YouTube channel (of which you can have multiple). Because you are logged in to your Google account and your channel and Google account are linked, the YouTube website knows who you are and gives you access to your channel.
Now you head over to the Google Cloud Console. Here you create a project, which is very similar to a YouTube account in the sense that it, too, is an independent account which in this case represents your app, but is linked to your Google account so the Cloud Console website knows to give you access to the project as long as you are logged-in to your Google account.
HOWEVER, your YouTube account is not linked to your Cloud Console project. When you make an API request with an API key, the API does not see you as in "your Google account", but rather your apps's Cloud Console Project. That's why with an API key, you can only access publicly available data (everything you could "see" when you browse YouTube while not being logged-in).
So, in order for an application to read private channel information or modify channel information, the API needs verification that whoever makes that request is actually allowed to do that. This is where OAuth comes into play.
When you say you have to provide the confirmation code for each request, I think you don't save the access token and refresh token. I highly recommend you read Using OAuth 2.0 to Access Google APIs and Obtaining authorization credentials over on Google Developers to help get you started.
I had a "sign in with Google+" function in my web-app. Upon signing in I would show user's email and name on the page and save it to database. To fetch user's profile data after sign in I used Google+ API method people.me with access_token in GET params.
Google+ API is going to shut down on March 7. I have to migrate to Google People or some other api. How do I achieve the same goal with a different google API? I need to fetch email and name by known auth token.
We use this through Laravel's Socialite, and they're replacing it with:
https://www.googleapis.com/userinfo/v2/me
You may want the profile scope as part of the OAuth flow to make the profile data accessible through this methods. Otherwise it will return incomplete data.
I'm using the Alexa for Business (A4B) API successfully with an Access Key ID and Secret Access Key with the AlexaForBusinessFullAccess IAM policy. However, I'm interested in building an app that other A4B users can use without embedding their Key ID and Key into my app directly.
Is there any way to create an Alexa for Business app that is authorized using an OAuth flow, like a standard Alexa skill?
I'm specifically looking to sync contacts using various A4B contacts APIs including the following:
CreateContact
DeleteContact
Information on the API is here but I didn't see anything for OAuth here.
https://docs.aws.amazon.com/a4b/latest/APIReference/
https://docs.aws.amazon.com/sdk-for-go/api/
Some information on auth is here:
https://docs.aws.amazon.com/sdk-for-go/api/aws/session/
I'm using Go but appreciate any info.
Just heard from an Amazon rep that OAuth is not available for the Alexa for Business API due to several reasons. The API must be accessed using IAM credentials or delegate IAM permissions.
Currently, a way to do this is to build a configuration page where users can supply their Access Key ID and Secret Access Key in the app configuration from the IAM console with the requisite AlexaForBusinessFullAccess policy.
It may also be possible to have the app enabled using the A4B console and create an IAM role from "Settings" > "AVS permissions" where the user needs to input the "AVS device maker's AWS account ID" and "Amazon ID".
I'm using Gigya's Java SDK for RaaS and it was working fine with one API key. Now, I changed it to a new API key with the same Partner ID and Secret Key, the service fails. Any ideas on what else needs to be changed?
I don't have enough points to leave a comment:
Can you post a portion of your code, where you are constructing the request? There are very few APIs that require a partner ID, so I am thinking that there is an issue in your parameters.
Assuming that the new API key is associated with the same secret, it should work, assuming you have RaaS activated for both API keys.
I am developing an application with Google plus. Hence I need an API key. I have generated the key in API console. Now using that key I am going to access some data from Google+ using JavaScript in JSON. But in this method my API key will be publicly visible. Is it OK to share it?
Some information I got from here
https://developers.google.com/console/help/#UsingKeys
Having API Keys public for client-side applications can't be avoided. To make sure no other people can (ab)use your API Key you can limit your API Key in the API console, so that it can only be used from your own domain, by defining "allowed referers"