I'm using Gigya's Java SDK for RaaS and it was working fine with one API key. Now, I changed it to a new API key with the same Partner ID and Secret Key, the service fails. Any ideas on what else needs to be changed?
I don't have enough points to leave a comment:
Can you post a portion of your code, where you are constructing the request? There are very few APIs that require a partner ID, so I am thinking that there is an issue in your parameters.
Assuming that the new API key is associated with the same secret, it should work, assuming you have RaaS activated for both API keys.
Related
I have a small webapp that calls several Lambda functions. I need to authenticate users based on a simple passphrase. No need for specific users etc.
I am thinking of implementing this using a Lambda that takes the passphrase, matches it and returns an API key which is accepted by the rest of the Lambdas. API keys are meant to be used for developers so I know this isn't the intended use.
Is there anything insecure about doing this? The only issue I can see is that if the API key gets compromised then it's permanent, e.g
it doesn't expire after 1 hour like a token. But in that case I just generate new keys.
Otherwise it seems secure to me. Am I wrong?
I have an app where I am trying to integrate stripe API. I'm using the keys I'm getting in my test account and it seems like it's not working at all. It's giving me the following error
This API call cannot be made with a publishable API key. Please use a secret API key.
Please help me out.
It sounds like you're using your Publishable API key to perform an action such as charging a customer. Publishable API keys are only used to create payment tokens.
https://stripe.com/docs/keys
There are also two types of API keys: publishable and secret.
Publishable API keys are meant solely to identify your account with Stripe, they aren’t secret. In other words, they can safely be published in places like your Stripe.js JavaScript code, or in an Android or iPhone app. Publishable keys only have the power to create tokens.
Secret API keys should be kept confidential and only stored on your own servers. Your account’s secret API key can perform any API request to Stripe without restriction.
Please use "Secret key" of stripe for use stripe in laravel.
I am developing an application with Google plus. Hence I need an API key. I have generated the key in API console. Now using that key I am going to access some data from Google+ using JavaScript in JSON. But in this method my API key will be publicly visible. Is it OK to share it?
Some information I got from here
https://developers.google.com/console/help/#UsingKeys
Having API Keys public for client-side applications can't be avoided. To make sure no other people can (ab)use your API Key you can limit your API Key in the API console, so that it can only be used from your own domain, by defining "allowed referers"
I am trying to use Google places api to search the location. But Unfortunately I am getting only 1 message in responce is REQUEST DENIED. I have created new API key, but the API ACCESS Menu shows some warning icons as shown in below image does it created any issues or any other issues belonging to API key ?
Please let me know how to overcome this issue.... thanks in advance!`
my request string is this
You should also never post your API Key on the Internet like in your request string above to prevent your key from being abused. Your API Key should be kept private like a password as any usage of your key will be logged against your account.
The request above works fine using my API Key, I would suggest generating another API Key on the API Access page of the APIs console. Also make sure that you have enabled the Places API under services, instructions are here.
The notification icons are there to notify you that you have not enabled billing on your account yet.
i have the same error. the error was resolved by append &sensor=false at the end of API
I've had this issue, turns out using the key for Android applications (the one used for the maps API) is wrong. I needed to create a key for browser applications. Once I used the browser key instead of the Android key everything worked fine.
Browsing though the Foursquare API documentation, I noticed that when obtaining an access token with ajax there is no need for a secret key (for obvious reasons). But this makes me wonder what is even the point of having to register apps with foursquare in the first place if you can just fake being any app by using their client key. Why do they allow this?
https://developer.foursquare.com/docs/oauth.html
Your answer is in the document you referred to
Since each credential is tied to a particular URL
The point is Foursquare is looking at the URL of the requesting script for security. If there is no registration there is no URL to tie the credentials to.