When creating chrome extensions that play with the youtube data api, the api key is used. But is there any other way to get data from google servers instead of exposing our personal api key in the xmlhttprequest, apart from the naive way of asking the user to create his/her own api in their account and input that to use it in the extension?
I would refer to Google for best practices.
https://support.google.com/cloud/answer/6310037?hl=en
You could use OAuth 2.0 credentials, obtain an access token through chrome.identity API, and then use that token in the XMLHttpRequests.
Related
I am trying to make test request from
big-query docs
It works correctly when I use oauth2, but if I use api-key response is
"code": 401, "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.".
Any ideas?
I'm not entirely sure why Google have added that option to the API explorer in BigQuery. My best guess it that it allows you to inspect the network request to the API, and then add your own API key for testing.
That said however, API keys won't work with BigQuery anyway. You need to use a service account instead.
https://support.google.com/cloud/answer/6158857?hl=en
Use an API key when your application is running on a server and
accessing one of the following kinds of data:
Data that the data owner has identified as public, such as a public
calendar or blog. Data that is owned by a Google service such as
Google Maps or Google Translate. (Access limitations might apply.)
I need a help. I have a project in google api, but i don't know how to open access in google spreadsheet for a project. So which gmail i need to open access?
Thanks!
You may refer with this documentation.
Every request your application sends to the Google Sheets API needs to identify your application to Google. There are two ways to identify your application: using an OAuth 2.0 token (which also authorizes the request) and/or using the application's API key. Here's how to determine which of those options to use:
If the request requires authorization (such as a request for an individual's private data), then the application must provide an [OAuth 2.0 token with the request. The application may also provide the API key, but it doesn't have to.
If the request doesn't require authorization (such as a request for public data), then the application must provide either the API key or an OAuth 2.0 token, or both—whatever option is most convenient for you.
Here are some examples and quickstart.
Is it necessary to have Google account to use google+ apis like google hangout etc ? Like with Google maps it is not required.
Yes, you do need a Google account to use the Google+ APIs. The reason differs based on the API you're interested in using, though.
REST APIs
You need an API key to use the Google+ REST APIs. You can acquired an API key from the Google API Console. You need a Google account to use the API console. This API key is used for many things including to manage your quota.
Hangouts API
The Hangouts API requires a Google account for two reasons. First, you must use the API console to create your project. Next, you must have a Google account to start a hangout.
Is basic/digest auth sufficient for a google chrome extension to authenticate into a web based API? Can someone hack into it? I thought that I dont need OAuth because the API is not a 3rd party API but part of my service (for which I plan to create an API and the Google Chrome extension which will use the API...)
I always wonder how can the Twitter and many social network application provides the API for developer via registered app key. How can it granted and track the using of those external application?
Can you answer me this question? because I alway wondering about this.
Twitter, Facebook, Google Apps, and others often use OAuth to provide this authentication and tracking. There is a lot of information to be found at http://oauth.net/ and you can play around with OAuth in general at Google's OAuth Playground.
Generally speaking the service would generate an API key for you when you sign up for developer access. This key is then associated to your account.
Whenever you make a call to an API, you would be required to pass that key as one of the parameters. That method would then verify that you passed a valid key and would know who was making the call based on the key -> account association created when you signed up.
For Ruby on Rails:
Easy Rails API Authentication Using restful-authentication
http://www.compulsivoco.com/2009/05/rails-api-authentication-using-restful-authentication/