Oauth 2.0 | Google Documentation for operations - google-api

I am not able to find google documentation where all valid possible operation url per scope are mentioned?
I am consuming google API, using oauth 2.0 by Httpclient ie without using google api client jar or dependency.
To fetch Users profile I set emailId profile in scope and made a get request to https://www.googleapis.com/oauth2/v1/userinfo?access_token=XXX using HttpClient,this is working.
There is a page where all scopes are mentioned but unable to find list of possible operations for particular scope.Please help me into this.Thanks!

On the page describing scopes, if you click on the title of a scope section, say the Calendar API, you are brought to that API's home page. From here you can got to the guides tab and follow the quick start for the language of your choice (which Google encourages since their client libraries tend to do a lot of the work for you), or go to the reference tab and view the available endpoints. From here you can send your access token as described here
As far as which scope applies to which endpoint, I assume view and read only scopes will probably only work for GET requests, while other manage scopes will probably encapsulate the other endpoints. Apart from that assumption, I don't know if Google has the scope exactly lined up with the endpoints they are valid for.

Related

Youtube API: Download and upload playlists

I'd like to manage the playlists on my account automatically with a program I'm going to write. To this end, I took a look at the youtube API. However, it seems to me that the only sensible way to do that is to have a Google G Suite account in order to get access to the OAuth 2.0 API. At the same time, it confuses me that I need to pay a monthly fee just to be able to manage my own playlists. Am I missing something or is this indeed the only way?
You actually don't have to pay anything for normal operations (e.g. if you're able to function within the boundaries of the default quota allocated to your app). To manage (ie. list/create/modify/delete) your channel's playlists you'll have to use the following API endpoints:
Playlists.list, Playlists.insert, Playlists.update and Playlists.delete;
PlaylistItems.list, PlaylistItems.insert, PlaylistItems.update and PlaylistItems.delete.
For read-only operations on public data it suffices to have an application key.
For write operations you'll have to familiarize yourself with OAuth 2.0 authorization in the context of this API. See a brief top level description given by one of my recent answers. Then you'll have to go through the official docs referred to therein.

Is it possible to hide API operations in swagger when the viewer is not authenticated

i am working on a spring-boot project where we use swagger for documentation of our API. So far so good. But it is requested to hide API operations for not authenticated viewers.
I tried several things to get this done. Including the steps in Chapter 7 of the Baeldung tutorial (https://www.baeldung.com/swagger-2-documentation-for-spring-rest-api)
But this gives me only the possibility to not try out the API operations as long as the viewer is not authenticated. The operations are visible in both cases (authenticated/not authenticated).
As said earlier this is not what i need. I need it to be hidden when not authenticated.
Is there any possibility to do so?
Thank you in advance.

How to bulk update "Authorized JavaScript Origins" in Google API Console?

Currently, I have been tasked to utilize the Google People API to ask for a user's basic Google information along with their public phone numbers. So far the results have been positive.
The solution my team and I have incorporated the Google People API integration in has the capacity to be utilized across thousands of domains. As a result, my question is simply, How can my team members and I ensure that any our clients that utilize our solution with their own particular domain get our new functionality built with the Google People API?
Keep in mind, our clients have the flexibility to have http/https and any subdomain on their site. Entering each domain possibility for our client base one by one would not be an easy task. I'm seriously hoping there is a solution around the single, explicit origin entries.
Thank you for your time and help.
Warning:
You must remember that if this is source code you are giving your clients that you are not allowed to release your client id and client secret. This includes plugins and scripts.
On November 5th 2014 Google made some changes to the APIs terms of Service.
Asking developers to make reasonable efforts to keep their private
keys private and not embed them in open source projects.
So if your clients could view the code of your application and see your client id and secret you should not be giving it to them.
Read more about this issue Can I really not ship open source with Client ID?
Recommendation:
The best solution for you will be to instruct your users now to create there own project on Google Developer Console and create their own JS origins.
You may just have to provide your own wrapper around the target API where you authorize the client request yourself and then do the request from Google using your own credentials.

Web Api 2 Help Pages & OAuth Endpoint

I'm using ASP.net Web API 2 via VS2013 to create a private API for a project. This is all working well, including the automatic Help functionality, with the exception of one thing:
The API is secured using OAuth 2.0 Resource Owner Flow and I want to include the "/Token" endpoint in the Help as without it there is a very important part of the API that is completely undocumented.
I can't see any way of doing this as it stands because the OAuth functionality is handled via the OAuthAuthorizationServerProvider class rather than a ApiController derived one, and hence it will never be included in the standard documentation.
Does anyone know anyway that I can add my own documentation to the standard Help functionality?
I've actually managed to find a workaround, albeit a nasty one: Because the OAuth functionality is handled further up the stack you can basically make a normal Action within a Controller which takes a "custom" object that conforms to the input expected by the actual OAuth endpoint. It will never be called because the OAuth endpoint handles the URI first, but it still shows up in the API Help.

Google Campaigns tracking with Spring Web flow

I am using Spring Web Flow for one of my clients and by default the Post-Redirect-Get (PRG) configuration is switched on for the website. The client now wants to enable Google Campaigns to allow them to track the campaigns they launching. But, due to the PRG configuration, the information is lost during the redirect. We have already tried to switch-off the PRG configuration but it results in issues in other flow. Is there is any solution which has been suggested for Spring Web flow to track the Google Campaigns.
Thanks in advance.
P.S: We are currently using spring-webflow-2.0.9 and spring MVC 2.5.6
We have been able to solve the problem by doing a workaround.The steps are given below.
To add a check in the application filter to look for all the Google Campaigns related data like utm_source / utm_medium / utm_campaign.
Once found them in filter, then store it in Application Cookie, on the server side.
In the page where the tracking needs to be added, add the JavaScript to check if these Cookies have been set.
If the cookies are set then we called _setCampValue() method, using the Javascript mentioned in the link extga.js
This JS sets the __utmz cookie, which Google Analytic uses for identifying the campaigns.
Please find the link of blog from which we have taken the javascript to modify the __utmz cookie used by Google Campaigns.
Thanks.

Resources