I need to list/change the Google API key restriction by Google API or CI.
I tried to add HTTP referrer restriction to Google API key by Node JS API or gcloud CI, but I only got to list the "service account keys, however I need to list and change the "API keys".
Currently, is possible add restriction by the Google Cloud Console, but like I need to change the API key restriction many times I need to automate this.
You cannot; there is no public API for managing API Keys (or OAuth client IDs).
Consider filing a feature request on Google's public issue tracker (link)
Related
I have added a non-renewable subscription for one of my projects. We also started implementing the Google play developer API to get the subscription latest status from the Play Store. For that we have done the below steps as per this blog:
Linked the developer account to a new Google Cloud Project.
Enabled the Google Play Developer API for the Google Cloud Project.
Created a service account and created a key for the service account.
I have below clarifications related to this implementation:
I tried to Grant Access for the following permissions: But the corresponding checkmark is not clickable.
View financial data, orders, and cancellation survey responses
Manage orders and subscriptions
The 3rd step as per the blog is to Authorize an API key, but I didn't get a clear idea of that.
We are going to implement this API on the back end side as a corn job, do we need to generate a JWT token for accessing this API? Is this possible to call without a Token? I found 2 types of implementations from this blog, which one is easy and secure?
"Your application can complete these tasks either by using the Google APIs client library for your language or by directly interacting with the OAuth 2.0 system using HTTP."
From where we get the get API path and other details. I found a similar get API from AppStore like this. Is the play store providing a similar kind of get API?
We need the latest purchase status API and for that what parameters do we need to pass?
I have a website that use Nuxt for server render and deployed using Cloud Run.
It pulls the YouTube videos of a channel using the YouTube Data API key and pre-rendered it before send to the browser. This is for SEO purpose.
Currently I using the API key restriction option HTTP referrers (web sites) to only allow access from my website.
But on the server when it pre-rendered the API is blocked.
Is there a good solution to add the referrer and allow for Cloud Run to use the API key?
I found a solution which is in my opinion is not the best yet.
I have 2 separate key Youtube API server and Youtube API web.
server key has no restriction
web key is restrict to HTTP referrers (web sites)
In my Nuxt app, when query for server side render, I use the server key. Then when it passed to client side. It use the web key.
This way I protect the "no restriction" key.
I'm not sure any better solution but I imagine in the future, server key without restrictions can be use for multiple services other than Youtube API and only server side have access to that key.
I can't figure out what public data means in Google Docs API guides.
Reading the Google Docs API guide authorizing section, we find that for public data the OAuth 2.0 is not necessary, then I tried using patchupdate to update a document which is shared to edit for anyone with the link, and I could not get it to work because the API returns an authentication error.
So the questions are, what is API key for and what does Google mean with public data?
I understand that you refer to the «If the request doesn't require authorization (such as a request for public data), then the application must provide either the API key or an OAuth 2.0 token, or both» part. It says that you should use either an API key or an OAuth 2.0 token (or both), whatever is more convenient for your project. In this guide you can learn more about how to communicate with Google APIs using OAuth 2.0. Meanwhile in this documentation you can see the approach used with API keys. Please don't hesitate to ask me to clarify myself.
I'm using the OpenTok .js API to build a web app.
The TokBox "Security Best Practices" doc (https://tokbox.com/developer/guides/security/#best-practices) says "Keep the API key and secret private and secure"
I can keep the API "secret" out of the browser app, but as far as I can tell, the API Key has to be available to the browser, in order to make calls to OT.initSession().
Am I missing something, or is the TokBox documentation just misleading?
Manik here from the OpenTok team.
You are correct, the API Key will be available on the client side (browser, mobile device, etc) as expected. This is not an issue because you need the API Key & API Secret combination to be able to create sessions, generate tokens, etc.
For security purposes, you should not expose the combination of API Key and API Secret.
If you own a page that has a circle, and you'd like to add people to that circle programmatically, how would you do so? Would it be something similar to:
curl `ruby file_that_outputs_new_people_to_add.rb` 'https://plus.google.com/{pageid}'
What other attributes would you need to include and where in this process would you add oAuth details?
You can't... yet. From the Google+ API documentation:
Note: The Google+ API currently provides read-only access to public data. All API calls require either an OAuth 2.0 token or an API key.
Read-write access with three-legged OAuth is planned, but until there's a documented API for that functionality, there really is no way to do what you're asking.
They offer it now in Google+ Domains API under Circles and addPeople. https://developers.google.com/+/domains/api/circles/addPeople
I recommend looking at Google's own "Google API Client". They have a method which discovers their own API: API Discovery