API authentification token - api

I have recently learnt about API and started using them for learning purpose.
I have tried the twitter API,but there is something I don't understand
Process of sending tweets with an API
Get your API token (need to tell a lot of informations and wait some time before it's validated)
Make http post request with the token to 'https://api.twitter.com/1.1/statuses/update
Tweet posted successfully
Process of sending tweets with your browser:
Create an account (don't need that much information, it's instant)
Login, write a tweet
When you click on submit, a http post request is sent (to the same url that above) and there is a Bearer token in the request header
Tweet posted successfully
So that leads to my question, why should I contact twitter to have an API token, if I can have one just by creating an account ?
How do twitter back-end know that the request is coming from a browser (normal use) or if it's coming from a third part app ?

The direct answer to your question is that the only approved way (inside of the Terms of Service) of sending Tweets programmatically is to use the official API.
There are a variety of ways in which websites and web services can detect browser automation or usage, and that's not really a question for a programming community like Stack Overflow.
What exactly are you trying to do, and why would you choose not to use the supported official API?

Related

Why can't I connect to my bot framework using the end point API

Hello I'm currently trying to set up the bot framework from Microsoft, so I can call this from my REST API.
I created the bot framework using the portal from Microsoft and integrated LUIS into it. This part is not the problem, but when I try to call the end API I get 401 unauthorized with the message "BotAuthenticator failed to authenticate incoming request!". I tried this in Postman and CURL and both give the same response.
I've been searching on the web and saw that you need to pass a bearer token in the header. For this I used the login services from Microsoft and successfully got a token from it.
Even with this token in the header I keep getting the same response. I also tried using the bot emulator from Microsoft with the same Microsoft ID and Password, but here it seems to work.
Am I forgetting something important or do I have to change some settings in order to make this work outside the bot emulator?
You usually talk to your bot through one of the available channels and not directly to the bot implementation. If you want to talk to your bot through a REST API, you would need to use the Direct Line API. Did you enable the Direct Line Channel? Please have a look at the samples here - https://learn.microsoft.com/en-us/azure/bot-service/rest-api/bot-framework-rest-direct-line-3-0-concepts

Browserless Authentication using the Web API

I am trying to authenticate a user inside a desktop application using the web api. I am not using a browser, I am using straight up GET and PUSH calls to the endpoints of the Spotify servers. Immediately I ran into some problems. It appears that upon the initial GET command to "accounts.spotify.com", the returned response includes HTML with a javascript function that runs and is responsible for dynamically generating HTML that you see on the initial login page. If you look at the Javascript function, it is clear that this is what is going on, however, you can also see this code is obfuscated and not meant to be used by us, the developers! (Link to Javascript code here for reference: Javascript function)
So my question is, while I can probably reverse engineer the code to get this working, would this be against the Spotify developer TOS?
Thanks!
Spotify's authentication happens through oauth, and a big part of user authentication as per the oauth rfc is where the user delegates permissions to your app to carry out API calls that affect their account, or return information about them. That's the web page you're seeing - it must be presented to your users so that they can delegate permissions so that Spotify can give your app an access token. It doesn't necessarily need to happen in a browser - it can happen in a web view inside your desktop application - but it does need to be loaded over https, and your application must not alter or reverse engineer the Spotify permissions delegations page.
As you correctly guessed, reverse engineering any Spotify APIs is against terms of service.
For more information on authorization on the Spotify platform, I'd recommend having a look at this guide.
Hope that helps! Please ping me if you have any more questions.
Hugh
Spotify Developer Support

What is callback url in instagram api and how to can I implement it

Hi I'm beginner programmer
I'm trying to use instagram's realtime Photo Updates api
My purpose is use this API CONSOLE's subscription method
https://apigee.com/console/instagram
But I can't understand and handle callback url
What is the callback url's function?
And How can I implement the callback url?
The "callback url" (also referred to as redirect_url), is the URL Instagram will send users to after they have logged into Instagram, and authorized your application to read their data.
This is part of the OAuth 2 Spec, which Instagram (and many others) use to control access to their API.
The short version of the OAuth 2 "flow" is this:
You send a user to Instagram's page with your application ID, and a redirect URL.
The user logs into Instagram on their page and authorizes your application.
Instagram will then send the user back to your application (using the redirect URL value), along with a token that you can use to access their data.
GitHub has an excellent guide to how OAuth works on their server, which you will find very similar to Instagram's.
So the "callback url" should be set to the URL of your application server. For example, http://myapp.com/auth. Or, if you are working locally, you would use http://localhost:3000/auth.
Note: With Instagram (as well as most other APIs), the callback URL is permanently set when you register your client. So you'll often have to create separate clients for your live server, and your local one.

Google+ interactive post - What mechanism are the they using?

I would like to post to Google+ throught their interactive post feature. How does the authentication works once you allowed the app to post to your timeline? They don't need an access token - are they setting a cookie instead?
I believe you might misunderstand how the interactive post publishes to the stream. The posting is entirely controlled by the user, it is not done programmatically via a REST API. The interactive post button does require a signed in user so you can also get an OAuth token back, but that is independent of the posting by the user.

Google Reader Feed Import

I'm working on a social RSS reader website, and with the news that Google Reader is shutting down, we'd like to capitalize on that by providing a feature for users to automatically import their Google Reader feeds in the same way that they might import contacts. I can't seem to find a good API for this.
The one solution I found, sending a request to http://www.google.com/reader/api/0/subscription/list, doesn't work, because we have to be authenticated to receive results. This means that either the user sends their google accounts password to us, obviously unacceptable, or we do the request client side. However, that API doesn't seem to support jsonp, and so we're unable to do a cross-site query.
Does anyone have any suggestions or links I've overlooked?
I am working on similar feature for my app, and i got the list of all the subscriptions (using the following URL) making a GET call with the access_token obtained via authenticating user using OAuth 2.0 for google reader API.
https://www.google.com/reader/api/0/subscription/list?output=json&access_token=USER_ACCESS_TOKEN
You can use OAuth so that users give you permission to execute that server side request on behalf of them.
If you are developing with Java you can use readr (a Google Reader client I have developed).