I am developing an application with Google plus. Hence I need an API key. I have generated the key in API console. Now using that key I am going to access some data from Google+ using JavaScript in JSON. But in this method my API key will be publicly visible. Is it OK to share it?
Some information I got from here
https://developers.google.com/console/help/#UsingKeys
Having API Keys public for client-side applications can't be avoided. To make sure no other people can (ab)use your API Key you can limit your API Key in the API console, so that it can only be used from your own domain, by defining "allowed referers"
Related
I have an app where I am trying to integrate stripe API. I'm using the keys I'm getting in my test account and it seems like it's not working at all. It's giving me the following error
This API call cannot be made with a publishable API key. Please use a secret API key.
Please help me out.
It sounds like you're using your Publishable API key to perform an action such as charging a customer. Publishable API keys are only used to create payment tokens.
https://stripe.com/docs/keys
There are also two types of API keys: publishable and secret.
Publishable API keys are meant solely to identify your account with Stripe, they aren’t secret. In other words, they can safely be published in places like your Stripe.js JavaScript code, or in an Android or iPhone app. Publishable keys only have the power to create tokens.
Secret API keys should be kept confidential and only stored on your own servers. Your account’s secret API key can perform any API request to Stripe without restriction.
Please use "Secret key" of stripe for use stripe in laravel.
I'm trining to create live stream on youtube using google API. Now it working only when I use oauth authorisation. When I use API key authorisation I get authorisation error (login required)
When I use oauth authorisation - it require to enter confirmation code each time I create new translation. Is it possible to use "liveStreams->insert" method of API with authorisation that does not require entering of confirmation code?
From what you are writing it appears to me that you haven't understood the concept of OAuth and when to use OAuth vs an API key.
Try to think about it this way: You, as a person, have a Google account. This Google account is not the same as your YouTube account (or, as it is more commonly refered to, your YouTube channel). But your Google account is associated with your YouTube channel (of which you can have multiple). Because you are logged in to your Google account and your channel and Google account are linked, the YouTube website knows who you are and gives you access to your channel.
Now you head over to the Google Cloud Console. Here you create a project, which is very similar to a YouTube account in the sense that it, too, is an independent account which in this case represents your app, but is linked to your Google account so the Cloud Console website knows to give you access to the project as long as you are logged-in to your Google account.
HOWEVER, your YouTube account is not linked to your Cloud Console project. When you make an API request with an API key, the API does not see you as in "your Google account", but rather your apps's Cloud Console Project. That's why with an API key, you can only access publicly available data (everything you could "see" when you browse YouTube while not being logged-in).
So, in order for an application to read private channel information or modify channel information, the API needs verification that whoever makes that request is actually allowed to do that. This is where OAuth comes into play.
When you say you have to provide the confirmation code for each request, I think you don't save the access token and refresh token. I highly recommend you read Using OAuth 2.0 to Access Google APIs and Obtaining authorization credentials over on Google Developers to help get you started.
I am using the Goo.gl API to shorten some links.
The calls to the POST method are working good and the short URLs are working also, but I have a question regarding the short link history.
If I create a short url from the goo.gl page it will be stored there for me to see and see all the analytics associated to it, but if I generate it via the API POST using my API Key, the link will not be added to my history and I can't see any data related to it in the Goo.gl page. Is there anyway to access that information?
This is the difference between public and private.
The Url Shortener API is technically a public API. Which means that you don't need to be Authenticated in order to use it. This is why a public API key works. However when you are using a public api key the api doesn't know who you are personally.
Solution: What you need to do is to switch to Oauth2. Authenticate your application get an access token and instead of sending the API key send the access_token. Then when links are created they should be added to your account and you will get analytics for them.
I am trying to use Google places api to search the location. But Unfortunately I am getting only 1 message in responce is REQUEST DENIED. I have created new API key, but the API ACCESS Menu shows some warning icons as shown in below image does it created any issues or any other issues belonging to API key ?
Please let me know how to overcome this issue.... thanks in advance!`
my request string is this
You should also never post your API Key on the Internet like in your request string above to prevent your key from being abused. Your API Key should be kept private like a password as any usage of your key will be logged against your account.
The request above works fine using my API Key, I would suggest generating another API Key on the API Access page of the APIs console. Also make sure that you have enabled the Places API under services, instructions are here.
The notification icons are there to notify you that you have not enabled billing on your account yet.
i have the same error. the error was resolved by append &sensor=false at the end of API
I've had this issue, turns out using the key for Android applications (the one used for the maps API) is wrong. I needed to create a key for browser applications. Once I used the browser key instead of the Android key everything worked fine.
Browsing though the Foursquare API documentation, I noticed that when obtaining an access token with ajax there is no need for a secret key (for obvious reasons). But this makes me wonder what is even the point of having to register apps with foursquare in the first place if you can just fake being any app by using their client key. Why do they allow this?
https://developer.foursquare.com/docs/oauth.html
Your answer is in the document you referred to
Since each credential is tied to a particular URL
The point is Foursquare is looking at the URL of the requesting script for security. If there is no registration there is no URL to tie the credentials to.