I am using the Goo.gl API to shorten some links.
The calls to the POST method are working good and the short URLs are working also, but I have a question regarding the short link history.
If I create a short url from the goo.gl page it will be stored there for me to see and see all the analytics associated to it, but if I generate it via the API POST using my API Key, the link will not be added to my history and I can't see any data related to it in the Goo.gl page. Is there anyway to access that information?
This is the difference between public and private.
The Url Shortener API is technically a public API. Which means that you don't need to be Authenticated in order to use it. This is why a public API key works. However when you are using a public api key the api doesn't know who you are personally.
Solution: What you need to do is to switch to Oauth2. Authenticate your application get an access token and instead of sending the API key send the access_token. Then when links are created they should be added to your account and you will get analytics for them.
Related
It seems that when I have a valid user's access token, I can call this api https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=xxx to retrieve the user info, without any API key.
I want to double check are there any limitation in getting user info via this API, instead of using the official Google API client? e.g. rate limit?
An API key is used to access public information. Holiday calendars for example or public videos on youtube. Files uploaded to Google drive set public could also be accessable with an api key.
Oauth2 is used to access private user data, you can access public data with it as well like the items listed above. But to access private user data like the data contained behind the user info end point you would need an a valid access token.
There shouldnt be any limitations to using the userinfo endpoint that i am aware of I would expect that to be out side of all quota limitations.
I had a "sign in with Google+" function in my web-app. Upon signing in I would show user's email and name on the page and save it to database. To fetch user's profile data after sign in I used Google+ API method people.me with access_token in GET params.
Google+ API is going to shut down on March 7. I have to migrate to Google People or some other api. How do I achieve the same goal with a different google API? I need to fetch email and name by known auth token.
We use this through Laravel's Socialite, and they're replacing it with:
https://www.googleapis.com/userinfo/v2/me
You may want the profile scope as part of the OAuth flow to make the profile data accessible through this methods. Otherwise it will return incomplete data.
For local account, strapi validates the local jwt successfully. However, when I sign in using Google provider, /connect/google/callback redirects to the homepage with access_token, raw[access_token], raw[id_token], etc... I have tried all of these tokens, and strapi returns all of them invalid.
Also, I don't see the account that I signed in with google in Users(content-type).
Am I missing something?
I'm one of Strapi's team member. I have coded a small example that fully explains how to setup Strapi to enable Google as a provider.
Here is the documentation and the associated documentation.
What you need to do when Google redirects your user to your app is to send another request with the code contained in the URL see the example.
I am developing an application with Google plus. Hence I need an API key. I have generated the key in API console. Now using that key I am going to access some data from Google+ using JavaScript in JSON. But in this method my API key will be publicly visible. Is it OK to share it?
Some information I got from here
https://developers.google.com/console/help/#UsingKeys
Having API Keys public for client-side applications can't be avoided. To make sure no other people can (ab)use your API Key you can limit your API Key in the API console, so that it can only be used from your own domain, by defining "allowed referers"
Browsing though the Foursquare API documentation, I noticed that when obtaining an access token with ajax there is no need for a secret key (for obvious reasons). But this makes me wonder what is even the point of having to register apps with foursquare in the first place if you can just fake being any app by using their client key. Why do they allow this?
https://developer.foursquare.com/docs/oauth.html
Your answer is in the document you referred to
Since each credential is tied to a particular URL
The point is Foursquare is looking at the URL of the requesting script for security. If there is no registration there is no URL to tie the credentials to.