When I retrieve the token parameter from the response of the following call:
http://www.youtube.com/get_video_info?video_id=XXXXXXX
where XXXXXXX is the youtube video id, my understanding is that the token, used for requesting the download of the movie, is different for each video. However, does this token ever change, or can I retrieve the token once and then trust that it will never change as long as the video id never changes?
Related
https://developers.google.com/drive/api/v3/reference/files/watch
Seeing this documentation, I couldn't find any option to set up additional request headers and body to be sent to my webhook endpoint. So I can't set anything like auth tokens to these notifications, right?
You have multiple options:
Add the token in the URL
Validate with the headers X-Goog-Channel-Token (parameter token) and/or X-Goog-Channel-ID (parameter id)
The first one you simply make Google call a URL with the token backed in. The second one you use data that you know to make sure it's Google who's sending the message.
References
Push Notifications (Google Drive v3 reference)
Came from recaptcha v2 background with my own bot detection logic. I want to try out the new bot detection score feature of v3.
I want to protect my search page from being abused by bots trying to query the DB every 0.5 second.
Search result page accepts url query parameter to allow users to book mark the page. For example mydomain.com/findallcities?country=xxx&province=yyy&populationmin=5000
Based on my understanding v3 flow works like this
Client calls recaptcha JS function and get a token
Client append the token some where in the form so that server can validate the token later
Form submit and server receives the token
If server gets no token then reject. otherwise validate the token to get user score and act accordingly
So the question comes. How can I tell if its a bot that is hitting mydomain.com/findallcities?country=xxx&province=yyy&populationmin=5000 with a Get request or if its a legitimate user clicking on a bookmark? There is no token to verify and even if there is its probably an expired (used) one from before.
I have been using the OAuth approach to upload,update and delete videos on YouTube. That all has been working fine until about February 12th where all of those processes stopped working. Now when I go to delete a YouTube video I get the following error:
"code": 403,
"message": "The video that you are trying to delete cannot be deleted. The request might not be properly authorized."
I know that the OAuth process is working because I can get the token and refresh the token if it has expired. I'm using the latest PHP library that Google have provided (installed using composer). And I can get information about a valid YouTube video by making the following call:
$videoId = "xxxxxxx"; //id of video on YouTube
$youtube->videos->listVideos("snippet", array('id' => $videoId));
But then the delete call gives that error above.
$youtube->videos->delete($videoId);
Since the listVideos works, that confirms that the client_id, secret key and token is correct. I also am setting the scopes to be the following
$client->setScopes(array('https://www.googleapis.com/auth/youtube',
'https://www.googleapis.com/auth/youtube.upload',
'https://www.googleapis.com/auth/youtubepartner'));
I also checked that the credentials and quotas set in the Google APIs are ok. I thought that maybe the quota had been reached but that doesn't appear to be the case. I did see an email from YouTube in early february saying that they have a new terms of service and a developer policies. I reviewed all that but nothing in there appears to point to the issue I am having?
Not sure what else to try?
Try to check my answer here in this SO question that focus on how to Refresh Token with the Google API.
Your error usually caused by:
When the token expires
The token’s scope (this is important)
If the token is invalid
If the token is invalid you can troubleshoot like this:
Remove the access token from your datastore or database.
Use the refresh token to acquire a new access token (if you are using a refresh token)
Try to make the API call again. If it works, you’re good! If not …
Check the access token against the tokenInfo API
If it’s still invalid, do a full reauth
Hope this helps!
The people.getBatchGet call in the People API returns resources of type Person which have a photos field with a url.
Attempting to retrieve these photos with a GET request to the photo urls authorized with the same credentials used for the people.getBatchGet call results in a 403 error.
What am I missing here?
I have a bunch of real time IP camera images on the web server.
Is there a way to develop an API (RESTFUL) with token to let developers access those images and still prevent unauthorized user to access those image url?
such as
http://example.com/camera1?token=1234&cameraID=camera1
If the API returns an URL of
http://example.com/camera1.png
then everyone can access the camera1 image without token if he already knows the camera1 image URL.
It seems I have to use an dynamic URL
http://example.com/adfaofnhafa.png
instead of fixed name URL to prevent this from happening.
Or I can use image BASE64 encode to conver the image to binary string and return the long string in JSON format.
What's the best way to do this? Each of my image size is under 200KB and I have 150 IP cameras images update in real time and saved on the server hard disk with the fixed name.
How did facebook or youtube do it? If I have already know your facebook photo URL when call the API for the 1st time, after that I can access it anytime and anywhere without call the API again.