How to bulk update "Authorized JavaScript Origins" in Google API Console? - google-api

Currently, I have been tasked to utilize the Google People API to ask for a user's basic Google information along with their public phone numbers. So far the results have been positive.
The solution my team and I have incorporated the Google People API integration in has the capacity to be utilized across thousands of domains. As a result, my question is simply, How can my team members and I ensure that any our clients that utilize our solution with their own particular domain get our new functionality built with the Google People API?
Keep in mind, our clients have the flexibility to have http/https and any subdomain on their site. Entering each domain possibility for our client base one by one would not be an easy task. I'm seriously hoping there is a solution around the single, explicit origin entries.
Thank you for your time and help.

Warning:
You must remember that if this is source code you are giving your clients that you are not allowed to release your client id and client secret. This includes plugins and scripts.
On November 5th 2014 Google made some changes to the APIs terms of Service.
Asking developers to make reasonable efforts to keep their private
keys private and not embed them in open source projects.
So if your clients could view the code of your application and see your client id and secret you should not be giving it to them.
Read more about this issue Can I really not ship open source with Client ID?
Recommendation:
The best solution for you will be to instruct your users now to create there own project on Google Developer Console and create their own JS origins.

You may just have to provide your own wrapper around the target API where you authorize the client request yourself and then do the request from Google using your own credentials.

Related

How can I implement Google's "Indexing API for job posting URLs" if my job board only has a dashboard and no place to put the key?

We have a job board for the German market. The template/software we use is from a company called JBoard, whos programming language is PHP and Laravel. We are having difficulties being listed in Google for Jobs, so now we want to use one of Google's features (=instant indexing: https://developers.google.com/search/blog/2018/06/introducing-indexing-api-for-job?hl=en) for the jobs on our website. We have already generated a key but cannot connect it to the website. According to JBoard, they do not have any place in the backend where you can store the key. However, JBoard says that they have clients who have successfully implemented Google’s API outside of their platform. Apparently it is done with google sheets, google search console and an API token (which I am able to generate via our dashboard). We did find a developer, but he couldn't finish the implementation due to personal reasons. Does anyone know how to implement the instant indexing for jobs when your website is not based on wordpress, Squarespace etc., and with no access to the backend code? Thanks in advance.

How can I let others read and edit a google sheet (not shared with them) using googleapi, without them having to download credential?

I am a beginner trying out api for fun.
The problem is, lets say, I want to write a simple windows program with golang to let my friends read and edit one of the sheets saved on my google drive. How can I do this without having them download a credential file?
What I want it to do is simply redirect them to the Oauth Page right away, and if their email address is one recognized by the app it will grant them access to that google sheet.
What i think you need is to integrate your go app with Oauth protocol.
More specifically, with the Google provider.
This is mainly 3 steps:
add the oauth client to your application
something like this: https://github.com/golang/oauth2
See their docs on how to do it.
go to google dev documentation and see how to integrate google auth flow into the client: https://developers.google.com/identity/protocols/OAuth2
I'm not sure if google has something more specific for google drive integration and/or go-lang client in particular. Please do some searching.
make the glue code on your go app so that the user can interact with this (the login button (or command, if it is terminal based), error messages, logout, etc)
More questions will appear when you start to do this, however it is a great example to learn Oauth as well.
General guidelines:
https all the queries or oauth is basically useless
oatuh has many auth-flows and you must choose which one(s) you support. use whatever google documentation recommends for m2m scenario (machine 2 machine)
log errors so that your friends can send you a log file for you to debug issues
maybe set some feature flag so that you can simply disable this feature to run/test localhost ? maybe useful? you decide.

Extending YouTube API Quota with limited funds

With a simple java program, I send GET requests using YouTube Data API specifically videos.list, in order to get the public metadata of a video and store it as .json files.
For my universities research, we have to do this with all available YouTube video IDs provided in the Youtube-8M Database.
Therefore, I would like to know if there is a way to extend the available quota for requests (I already know about the billing option, but I am a student and my university is small).
I have read the YouTube API terms, which states that only one project per client may be used to send such requests with the necessary API Key.
If I understand it correctly, even my simple java code is such a client.
In some other Stack Overflow questions about extending ones daily quota with API Keys, some suggested creating multiple accounts or projects.
Is this a legal option or not? Or is there another possibility to get a higher quota for simple requests used in research like I do right now?
If you go to the Google Developer console where you enabled the YouTube API. the second tab is called quota
Click the pencil next to which ever quota it is that you are blowing out. A new window will pop up with a link called apply for higher quota.
Fill out the form to apply. To my knowledge you do not have to pay for additional YouTube quota but it can take time to get approved. Make sure you comply with everything on the form.
I have never heard of the one project per client term. Technically you can run your application using different API Keys it should work fine. Technically there is nothing wrong with creating additional projects on Google Developer console. You don't need to go as far as creating another Google account.

Should I create separate console projects for each API

I have created a web application which connects with Google APIs. In the past it only connected with the Google Analytics API. Now I am making it link with Google Webmaster Tools (GWT). Some of my existing users may want to opt in to GWT. And moving forward new users may want to link with just one or both APIs.
Is it best practice to create a separate console project for each API?
During experimentation I modified my original Google Analytics project to support GWT. But in doing this I found there is no way a user could revoke access to just one API; they would need to revoke BOTH APIs.
I then created a separate project to manage just GWT. This works fine and all. But from the user's perspective it makes another entry into their "Connected Apps" (see screen shot).
What is the best practice for a situation such as this?

Is Parse the right choice if your app does not need Facebook integration?

I want to build something similar to a poll service for mobile but it doesn't need Facebook.
After Facebook's acqusition, is Parse.com still a viable option if your web app does not need Facebook integration? Could app developers (customers) log in to my backend without a Facebook account?
Is it possible to build premium features with Parse and then charge for them?
Do you own your data when using Parse.com? I.e., can you export it in case you decide to move to another service in the future?
I am hoping someone with experience can shed some light on this. Thank you!
After Facebook's acqusition, is Parse.com still a viable option if
your web app does not need Facebook integration? Could app developers
(customers) log in to my backend without a Facebook account?
yes,for now.
Is it possible to build premium features with Parse and then charge
for them?
yes
Do you own your data when using Parse.com? I.e., can you export it in
case you decide to move to another service in the future?
yes
I'd suggest you always have a backup plan,when using a BAAS.I pity Stackmob users that didnt.You dont know if parse will still be there in 3 years or their features and pricing will change.Never rely on a BAAS on the long run.
Yes parse has standalone login features with username, and password, in addition to twitter, and facebook. They even handle lost password reset's via email as long as the user has the email field entered. You can check if the user's email has been verified via the emailVerified field.
I'm using stripe.com's payment system via parse's cloud code. I will admit this is not a complete drop in feature for parse yet, but maybe in the future. stripe is made for developers, and I find it to be a very powerful payment system. I can answer some basic stripe/parse questions as I have written myself basically a semi-complete API for handling customers, card, and charges.

Resources