API key for Upwork looks to be disabled - upwork-api

My API key (...e3d4) says its now disabled in the console at https://www.upwork.com/services/api/keys. I don't see how to get it working again.

The usual reasons for your API key to be disabled are the following:
Rate limits violation
Terms of Use violations
Using the API key for purposes different than the ones registered in
the request form.
There are more details here
You will need to contact support.upwork.com to get it enabled again.

Related

Google Address Validation API to Magento 2 Using Avalara Avatax

Has anyone else had a problem integrating Google's Address Validation API into Magento 2's Avalara Avatax? It's almost as if the API key is restricted. Although it's currently unrestricted. Our shipping and handling/tax amounts are all off. I think it's because the address isn't being validated by Google's new address validation system for Avalara Avatax (Using Ma agento 2 website platform).
Just looked at what I thought the API key was that the developers used and it appears to be unrestricted. Also, I checked the configuration panel on Magento admin and it appears to be correctly set up.
https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Addresses/ResolveAddress/
Google's Address Validation API can be used with API keys or OAuth 2.0 service accounts.
In either case, the API project must be set up with both billing and the Address Validation API itself enabled.
The Address Validation API only supports two types of API key restrictions: IP address and API restrictions. Other types of API key restrictions are not supported.
If all the above checks pass and the Address Validation API still does not accept your API key, I recommend you contact the support team for 1:1 assistance.

Debug redirect_url in oauth2 flow

We are using Go server side code to interact with Google Ads REST API.
Namely, we authenticate it with help of "golang.org/x/oauth2" and
"golang.org/x/oauth2"packages.
In May (and recently again) we've got a email from Google regarding deprecation
Out-of-band flow, essentially rewording of this
one.
But additionally to common information, Google email listed account, which we
are using to authenticate, as being used in OOB flow and going to be blocked.
We checked our sources and available sources of mentioned packages but was not
able to find redirect URIs which are said to be used for OOB flow as one of
those:
redirect_uri=urn:ietf:wg:oauth:2.0:oob
urn:ietf:wg:oauth:2.0:oob:auto
oob
We explicitly use http://localhost in our code and long-live refresh token
(which seems never expires).
We also tried to use tcpdump to monitor our API calls, but was not able to
learn much from it, because calls are made via https and, therefore, encrypted.
We considered to use man-in-the-middle kind of proxy like
https://www.charlesproxy.com/, but haven't tried it yet, because it become
non-free and because of complexity of setup.
We tried to log our requests to API endpoint with custom RoundTripper, but
have not spotted anything suspicious. It seems that we're using refresh token
only and exchange of code to refresh token just never happen in the code.
Because of this, we don't think that further logging or monitoring with
decrypting https packages may help (but we open to suggestions how to do it better).
Finally, we decided to create a new OAuth 2 Client in the Google console with
fresh set of client id, client secret and refresh token. We obtained a new
refresh token with oauth2l and replaced
credentials in our configuration. But still, we are not sure that new account
will not be blocked by Google due OOB deprication, because seemingly it looks
the same as old one.
Questions:
Why may Google mark our account as OOB?
How can we ensure that newly created account will not be blocked?
Same here.
I find out an answer, that says "Desktop" type of Credentials uses OOB by default. Probably you need to create new Credentials with type "Web"

This IP, site or mobile application is not authorized to use this API key

I am using https://maps.googleapis.com/maps/api/geocode/json? link with server key and user IP to find the latitude and longitude of any address, when I'm trying I find the error as
I have a server access key from google and I have put my server's IP address in the their white list.
The URL that I am trying to access via PHP CURL is:
https://maps.googleapis.com/maps/api/geocode/json?address=1600+Amphitheatre+Parkway,+Mountain+View,+CA&sensor=true&key=XXXXXXXXXXXX
The result that I am getting:
Array ([error_message] => This IP, site or mobile application is not authorized to use this API key. [results] => Array ( ) [status] => REQUEST_DENIED)
Is there anything that I need to configure.The geocoding API is also switched on.
I had the same issue and I found this.
On the url, it requires the server key in the end and not the api key for the app.
So Basically, you just add the server key in the end of the URL like this:
https://maps.googleapis.com/maps/api/place/nearbysearch/json?location=yourlatitude,yourlongitude&radius=5000&sensor=true&key=SERVERKEY
Now, to obtain the server key, just follow these steps:
1) Go to Developer Console https://code.google.com/apis/console/
2) In the Credentials, under Public API Access, Create New key
3) Select the server key from the option.
4) Enter your IP Address on the field and if you have more ip addresses, you can just add on every single line.NOTE: Enter the IP Address only when you want to use it for your testing purpose. Else leave the IP Address section blank.
5) Once you are done, click create and your new Server Key will be generated and you can then add that server key to your URL.
Last thing is that, instead of putting the sensor=true in the middle of the URL, you can add it in the end like this:
https://maps.googleapis.com/maps/api/place/nearbysearch/json?location=yourlatitude,yourlongitude&radius=5000&key=SERVERKEY&sensor=true
This will definitely solve the issue and just remember to use the server key for Places API.
EDIT
I believe the web URL has changed in the past years. You can access developers console from here now - https://console.developers.google.com/apis/dashboard
Navigate to developers console - https://console.developers.google.com/ or use the link from details to navigate directly to API dashboard.
Under developer console, find Label from the left navigation panel
Select project
Choose Credentials from the left Navigation panel
You could create credentials type from the Top nav bar as required.
Hope this answer will help you and other viewers. Good Luck .. :)
Choose key
API Restriction tab
Choose API key
Save
Choose Application Restriction -> None
Save
In addition to the API key that is assigned to you, Google also verifies the source of the incoming request by looking at either the REFERRER or the IP address. To run an example in curl, create a new Server Key in Google APIs console. While creating it, you must provide the IP address of the server. In this case, it will be your local IP address. Once you have created a Server Key and whitelisted your IP address, you should be able to use the new API key in curl.
My guess is you probably created your API key as a Browser Key which does not require you to whitelist your IP address, but instead uses the REFERRER HTTP header tag for validation. curl doesn't send this tag by default, so Google was failing to validate your request.
The Google Places API does not currently support Android or iOS keys generated from the Google APIs Console. Only Server and Browser keys are currently supported.
You're trying to use an API KEY which you restricted in a way that won't allow this action.
According to Google:
Note: If you need to call web, web service, and/or mobile APIs from the same (client-side) app, create and restrict multiple keys.
So the right thing to do is to create another API KEY, and choose the correct restrictions for this matter. In your case, choose "IP addresses" (under "Application restrictions"), and use "ADD AN ITEM" to add your server ip.
Notice that leaving a blank list won't work, and will result in google changing your restrictions to "None".
Also, don't forget to add the relevant APIs under "API restrictions" (in your case "Geocoding API").
One last thing - Google is blocking the use of this API until you link your app to Google Cloud Billing Account. So if you didn't do it yet, once you successfully get a response, it will say you have to do it first (it has a free starting package).
Google Place API requires the referer HTTP header to be included when making the API call.
Include HTTP header "Referer:yourdomain.com" and this should fix the response issues.
You create an key with out referer
dont enter the referer address
For the latest version of the API the exact opposite seems to be true for me.
When calling the url https://maps.googleapis.com/maps/api/geocode/json?address=<address>&key=<key> I was getting the following error
You must use an API key to authenticate each request to Google Maps Platform APIs. For additional information, please refer to http://g.co/dev/maps-no-account
Once I switched the order to https://maps.googleapis.com/maps/api/geocode/json?key=<key>&address=<address> it worked fine.
Note that the error message received above was the message I got when going directly to the URL in the browser. When I called the API from a software program I received an HTML response with basically the following message:
We're sorry... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now.
Also, the corresponding API should be enabled for the given project
https://console.developers.google.com/apis/library?project=projectnamehere
For iOS or Android apps, the key needs an extra privilege granted.
Go to the Google Console -> APIs and Services -> Library. Tap the Places library for your platform and then tap Enable.
See https://developers.google.com/maps/gmp-get-started#enable-api-sdk
The reason this error is occurring because of the restrictions you have added when you create add the sha1 fingerprint on google cloud console , remove the fingerprints from android or ios then save .(the ip of that mobile phone will no longer be restricted)
Authentication, quotas, pricing, and policies
Authentication
To use the Directions API, you must first enable the API and obtain the proper authentication credentials. For more information, see Get Started with Google Maps Platform.
Quotas and pricing
Review the usage and billing page for details on the quotas and pricing set for the Directions API.
Policies
Use of the Directions API must be in accordance with the API policies.
more know : visit:--- https://developers.google.com/maps/documentation/directions/start?hl=en_US
url = https://maps.googleapis.com/maps/api/directions/json?origin=19.0176147,72.8561644&destination=28.65381,77.22897&mode=driving&key=AIzaSyATaUNPUjc5rs0lVp2Z_spnJle-AvhKLHY
add only in AppDelegate like
GMSServices.provideAPIKey("AIzaSyATaUNPUjc5rs0lVp2Z_spnJle-AvhKLHY")
and remove the key in this url.
now url is
https://maps.googleapis.com/maps/api/directions/json?origin=19.0176147,72.8561644&destination=28.65381,77.22897&mode=driving
Disable both direction api and geocoding api and re-enable.
it works for only 5-10 seconds and than automatically disabled itself.
it means you have only 5-10 sec to test you assignment.

access shared Google Calendar without entering userid/password

I have a google calendar that I have marked as shared. it stores all appointments for the day.
I have a webpage. from the webpage, the user enters a date and I use the google api (javascript) to pull back all info from my shared calendar for that date and present it to the user.
I also want the user to be able to make appointments during free times on any given day.
problem is, I must be signed in to my google account. if I am NOT signed in, I get a little popup asking for my userid/password.
how do I get rid of that? I had hoped that making the calendar shared and specifying the client ID and api key (assigned via Google's API Console) would have been enough.
I've run across this: http://cornempire.net/2012/01/08/part-2-oauth2-and-configuring-your-application-with-google/ which explains doing this via Oath and refresh tokens in PHP.
unfortunately, I'm doing this in javascript and MUST do it from the client side. is that possible?
I think you should look into using a service acccount for this.
http://code.google.com/p/google-api-php-client/wiki/OAuth2#Service_Accounts
By using a service account you wont have to worry about people loging in. They will have access to the calender for the service account.
Update: I have searched for examples of how to do this in Javascript and have been unable to find any. After considering this issue for a while now i have come to the conculsiton that even if you could use a service account via javascript for security reasons its probably not a good idea.
Unfortuantly this leaves me to beleave that the anwser to your question is No. You cant do this client sided. If you use normal OAuth2 its still going to prompt you for the autentication. You need to try and reconsider a server sidded option. PHP for example

Google place API request denied issues

I am trying to use Google places api to search the location. But Unfortunately I am getting only 1 message in responce is REQUEST DENIED. I have created new API key, but the API ACCESS Menu shows some warning icons as shown in below image does it created any issues or any other issues belonging to API key ?
Please let me know how to overcome this issue.... thanks in advance!`
my request string is this
You should also never post your API Key on the Internet like in your request string above to prevent your key from being abused. Your API Key should be kept private like a password as any usage of your key will be logged against your account.
The request above works fine using my API Key, I would suggest generating another API Key on the API Access page of the APIs console. Also make sure that you have enabled the Places API under services, instructions are here.
The notification icons are there to notify you that you have not enabled billing on your account yet.
i have the same error. the error was resolved by append &sensor=false at the end of API
I've had this issue, turns out using the key for Android applications (the one used for the maps API) is wrong. I needed to create a key for browser applications. Once I used the browser key instead of the Android key everything worked fine.

Resources