I am working to develop an external application that will be used to update items in a Podio workspace via AJAX request. However, I'm having a bit of a hard time understanding how to properly generate an API key...
In the API key generator, it asks for the 'Application name (displayed in stream byline)' - what exactly is meant by this? Is 'Application' just an individual app in our workspace? If so, is it possible to generate one API key for the entire workspace? We will need to update items inside of many different apps (including apps that do not yet exist) from the same external application, and would probably prefer to not have to generate a unique key... it would be preferable for us to just have one API key with which we can update items in all of the apps in our workspace.
Application name is not Podio individual app in your workspace, but rather name of application that you develop. So, in sentence:
We will need to update items inside of many different apps (including
apps that do not yet exist) from the same external application ...
Apps - means Podio applications
External application - means application that you develop and you want to generate your API key for it, so it would be natural to name your API key in a way that you know which application is using it.
Related
it looks like if I'd like to enable key restrictions for Android and iOS app the only way is to use Application restrictions with 1 key being used on both platforms?
I'm having 1 Google Maps Key being used on Android and iOS, and what I can find in the GCP -> APIs and services -> Credentials, is the choice between one of those, I can't select both platforms.
Would it be correct? If yes, then it'd be better to create 2 separated keys rather than limiting on the Application restrictions level? My application is React Native with react-native-maps package for Google Maps and it's quite natural to use 1 codebase, also 1 API key.
It's technical also possible to use 2 keys*, but next time when releasing on Web and Desktop, I'll need to use yet another keys. Eventually, ending up with 4, instead of 1, which simplifies key management.
*I'll only need to change the reference to a different variable https://github.com/tamotam-com/tamotam-app/blob/master/ios/TamoTam/AppDelegate.m#L36 and/or https://github.com/tamotam-com/tamotam-app/blob/master/android/app/src/main/AndroidManifest.xml#L20
API security best practices
"API keys are required for apps and projects that use the Google Maps Platform APIs and SDKs. For maximum security and minimal effort, secure your API keys when you create them.
While it is possible to secure API keys after they're created and in use, there can be different constraints based on how the key is used. Updating or replacing keys in mobile apps (Android and iOS) are the most complicated, since the keys won't all be replaced until all customers update their apps. Updating or replacing keys in JavaScript or Web Service apps are much more straightforward, but updating or replacing these keys still may require careful planning and fast work."
It is considered as best practice when you Use seperate API keys for each app
The reason would be because:
"This limits the scope of each key. If an API key is compromised, you can delete or regenerate the impacted key without needing to update your other API keys."
Simplified key management could cost you security. So having 4 keys instead of 1, is still better most especially if your key was compromised.
Hope this helps.
I am quickly reaching quota limits while using YouTube Data API v3 for searches only using 1 API key.
I have applied for Quota increase but I hear it can take some time.
However I landed on the below article which states that a max of 300 APIs can be used for 1 project. Are my really allowed to use multiple YouTube Data API v3 keys and switch between them each time quota limit is reached??
https://cloud.google.com/docs/authentication/api-keys
I had been scrambling for solutions. I hope I read it well!
Keys and credentials within a project share their quota. Creating additional api keys within the same project on google developer console is not going to get you additional quota.
As seen below all the credentials her will share the same quota.
You would need to create additional projects and create a key within each project.
All of these projects have their own credentials with their own quotas.
You should wait for an extension These days it shouldn't take more then a couple of weeks to hear back about a quota increase.
The answer is yes and no (but probably more no than yes in your case).
YES, you are allowed to use multiple Youtube Data API v3 keys and switch between but NO, you can't switch between them because you reached the quota limitation.
By doing so, you violate Youtube's Developer Policies compliance and expose yourself to sanctions. The only reason you should switch between them is to separate your environments.
From the Youtube's Developer Policies :
Don’t create multiple Google Cloud projects for the same API service or use case in an attempt to deceptively acquire an API quota that is higher than the one your project was assigned.
It is acceptable to have a separate API Project for each different use case of your API service. Examples include:
One API project for your iOS app, a separate API Project for your Android app.
One API project for a production server, one for a development server.
One API project for your user-facing API service, one API project for internal system analytics
source : https://developers.google.com/youtube/terms/developer-policies-guide#don%E2%80%99t_spread_api_access_across_multiple_or_unknown_projects
I am Customizing the Azure APIM Developer portal. For the Non Production enviornment like Dev, QA etc I am using the same instance of APIM. But the API name is different. I would like to either group them by name so that I see all the API's related to Dev First and rest of the enviornments later. Is there a way i can achieve it? Also we have one template called API List which we can customize. Can we create multiple pages from this template so that I can create different versions of API List for each enviornment?
Your best bet is to use tags. You can assign them to APIs and group by Tags in APIs list. Look for this button next to search field:
if you don't have one, check your customized template, and compare it to default one.
I was looking at the Google Fonts Developer API, where you can programatically query the Google Fonts catalog and get some JSON results. You have to get a an API key through Google to use it.
I want to create an extension/plugin for a text editor where you can query the Google Fonts catalog using this API. I would plan on distributing this plugin for anyone to use.
However, in order for it work, I obviously have to sign up for an API key and include that in the code for the plugin so it gets distributed also.
I know that API keys like this as not secret passwords or anything like that, but should they be distributed like this? If one was to build something like this, this seems like the only way to do it.
What happens if someday my own Google account is compromised? What if I need to refresh the API key for some random reason, etc? Then all those users of the plugin would be out of luck since the plugin is using an old key.
What is the best approach to this type of problem? I was planning on having the API key to be "editable" in the plugin so that one could use their own key if they wished, but I don't want that to be a requirement because it just creates a higher barrier to entry.
I'm currently upgrading one of my websites from the old system to HTML5 and I have some problems with the Google Maps JavaScript API v3. To fetch data from their API, you must have an key - of course - but it's here I have the problem.
The problem is that even if I have an correct key that I have added on their Google APIs Console I'm getting "Permission Denied" all the time, followed by an alert window that say that I don't have an real API key or it's not approved to Google Maps JavaScript API v3.
I have turned on "Google Maps API v3" in "Services" on Google APIs Console and payed the "bill" but that didn't help at all as proved. I'm using this URL to their API: http://maps.googleapis.com/maps/api/js?key={MY_KEY}&sensor=false and I have readed their documentions very carefully and I'm currently out of ideas.
Do you know what's wrong here? Have I missed something or what?
In the absence of a link to check...
You can have more than one Project (dropdown, top left in the Console), and each key is tied to a project. Maps v3 must be enabled for the right project.
The seqence should be:
Choose project from the dropdown (or create one)
Choose the services required by that project
Choose collaborators if any
Set up the access keys for that project. You can have more than one key per project and specify the domains the keys can be used on.
Set up billing if you need it.
The menu on the left is set out in a logical order.