I need to update a spreadsheet cell but via API Key instead of OAUTH but even using the Google API explorer, the result is 401 - "Request is missing required authentication credential..." It's possible to assign access right to the spreadsheet so that I can keep using API KEY? Or it's definitively impossible to update via API KEY?
Related
I've been trying to use the google sheets api key to get data from a spreadsheet I created. But the thing is that I've failed many tries.
I know a way to do this, and it's using the credentials.json and the OAuth2, but with this method, when I run my program, it redirects me to the browser for an authentication. And that's something I donĀ“t need.
My development is back-end and of course I don't need any authentication in any browser.
So I don't know what else I can do because when I try to use the URL "https://sheets.googleapis.com/v4/spreadsheets/{spreadsheetId}" after getting the API KEY, I receive errors like "the caller does not have permission".
I read that to be able to use the api key with google sheets I must make my spreadsheet public but that's something I don't want to, I can't make my spreadsheet public because it contains sensitive information.
If anyone can help me I'd really thank you..
I'm working on an API where a user of my API can sign up for my API to get an API key. When I generate this API key, I'm using asymmetric encryption to create a hash that I store in my database.
My question I have is this, once the user generates an API key and then signs out, the next time they sign in, I don't have the API key anymore to display in my app's dashboard. Is this normal / acceptable?
Do other APIs do it differently? i.e. do they offer the API key to the user? and if so, are they storing the unhashed API key in the DB? Is this a balance between user experience and security?
In OAuth2, it's pretty common for systems to show the OAuth2 client id at all times, but the OAuth2 secret exactly once.
If you want to make the user experience good, focus on making it easy to roll a fresh API key without expiring old ones. You can show a list of API keys (not the secret), and when they are last used so it's also easy to let the user disable keys that are likely out of use.
API Keys are not usually considered secure. Typically API Keys are visible to the clients. API keys should not be used to perform secure authorization. However, you can design any system as you want and in your current design if a third-party or attacker can make successful invocations to your API by obtaining the so called "API Key", it's better to hide it and let the user take the responsibility to securely store the key in somewhere else. Also you should make sure in your API, there must be a way to
Revoke an existing API key.
Generate a new API key with an expiry date.
Hi I looked https://developers.google.com/places/web-service/get-api-key
For an agency, is it possible to set up an API without having the client's login?
How can we create one?
Regards,
Jeff
Api keys are for accessing public data there will be no need for logging in when you use this.
Use the follow these steps to get an API key:
Go to the Google API Console.
Create or select a project.
Click Continue to enable the API.
On the Credentials page, get an API key (and set the API key restrictions).
Note: If you have an existing unrestricted API key, or a key with server restrictions, you may use that key.
To prevent quota theft, secure your API key following these best practices.
(Optional) Enable billing. See Usage Limits and Billing for more information.
There is no other way to get an API key you will need to create a project on google developer console.
I am new to using Google API and I am struggling to understand how it works. I want to be able to access a calendar and add events to it. I don't want the user to login every time because it will be a universal calendar that holds invoice due dates so from what I understand I want to use a service account. I created a calendar api project and a service account. I set the calendar share permissions to the project email. I have an API key and a service account key. However, I get confused with understanding how it needs to be authenticated. Unfortunately I am using Filemaker so I don't have any helper libraries to help me. I basically just have a POST option.
The google api documentation states that the insert event call requires authorization:
"This request requires authorization with the following scope (read more about authentication and authorization)" https://www.googleapis.com/auth/calendar"
https://developers.google.com/google-apps/calendar/v3/reference/events/insert
So if I was just using basic POST requests how would I authorize this and which keys do I need? Do I need the API key and Service Account Key? Do i have to use a client key even if I want all users to access the same calendar?
If I need to clarify anything just let me know.
Thanks!
You will need to include a valid access_token in the HTTP headers of your POST request, e.g. Authorization: Bearer ya29.xxxxxxxxxxxxxxxxxx
In order to get a valid access_token, you will need to go through the OAuth2 Authorization process as described at https://developers.google.com/identity/protocols/OAuth2ServiceAccount#authorizingrequests
Note: Please click on "HTTP/REST" to see the details of doing that without using any specific client libraries.
I am trying to gain access to my BigQuery enabled Google API project using the .net Google APIs.
Using a console application, I am trying to authenicate first by supplying my simple API key in the URI, then just trying to get the list of projects.
The error I am receiving when I call Fetch() on the project list is: Login Required [401]
var bigqueryService = new BigqueryService{ Key = "MY-API_KEY" };
var projectList = bigqueryService.Projects.List().Fetch();
I am purposefully not using OAuth2 as we don't need any user data.
The API key simply identifies your app to the API console for quota purposes and other housekeeping. It's not authoritative for accessing BigQuery, as we do consider the BigQuery data as "user data."
If you're just trying to get an OAuth 2 access token for playing around quickly, you can use the OAuth 2 playground:
https://code.google.com/oauthplayground/
This token will be valid for one hour and can be copied/pasted as the access_token query parameter
Here's the scope for BigQuery to use in the playground:
https://www.googleapis.com/auth/bigquery
In the end, you'll either want to use the native client (out of band) flow:
https://developers.google.com/accounts/docs/OAuth2InstalledApp
Or the server-to-server (service accounts) flow:
https://developers.google.com/accounts/docs/OAuth2ServiceAccount
I don't have quick samples handy for those in .NET, but post another question on SO if you can't find them-- I'm sure someone will chip in!
You won't be able to use a simple API key - all authorization to the BigQuery API must happen via user interaction, or alternatively through a service account.