I'm trying to access public information from API's without actually having users grant access to the API in my mobile Application. Is this actually possible, or are the Oauth permissions for any sort of access to an API?
For example, I want my application to be able to pull a list of nearby restaurants for my application without asking the user if Yelp can access the application. Since the user just wants nearby food information, the request for restaurants isn't user specific, and the user shouldn't actually have to login.
Another example is if I want Eventbrite to simply give me a list of upcoming events. Is there a way to get this list without having a user authenticate Eventbrite within my application itsself?
You can call an API endpoint with your own token (between your Eventbrite account and your application key), and if the data is public (even if it's 'owned' by a different Eventbrite account) we'll return the data.
For example, if you want a list of events across our Event Directory (Event Search endpoint: http://developer.eventbrite.com/docs/event-search/) you can call this method with your own OAuth token (you can grab your OAuth token here: http://eventbrite.com/myaccount/apps).
Hope that helps!
Related
I wrote this same question to #Linkedin support service and I was redirected to this link where they indicate to ask questions in Stackoverflow.
We are developing a mobile App for the Polytechnic University of Madrid and we plan to expand to other Universities in the future. This aplication will need in a first instance OAuth via Linkedin. It will also need to allow the authenticated user to send connection invitations to other users contained in a list. For creating that list of users, it will be useful if the admin of the system could search in a bar similar to the one which Linkedin has, write a user name and select it, retrieving its user ID or what is needed to identify the invitation destination.
Summing up, the App needs:
OAuth API
Connection request API
User search API
I have read on the web that some of Linkedin's APIs suffered some modifications in which most of them where limited to allowed users or apps. So the aim of this post is knowing:
Do the APIs my mobile application needs exist?
What do I need to do to obtain the access to those APIs in case they exist?
User search API
For this feature you could use something like Algolia Instant Search
LinkedIn has changed many things related to user data. If you need access to its data then you must follow the given guidelines.
Basically you have to create a LinkedIn App and then the users have to grant permissions to your app by installing it in their device(s) and then only you can collect their data.
I'm having trouble deciding on / understanding which method of authentication would be best in the following situation:
I have 3 separate "clients". A website, mobile app and browser extension.
Users information and data is stored in a database.
The 3 clients will access the data via an API.
What I am trying to get my head around is how users of the system would login via one of the three clients and authenticate with the API so they can then proceed to get and post data to the API.
I do not require 3rd party applications to access the API. Users can only access it by logging into the clients I provide. For this reason am I right in thinking that OAuth1/2 would be over kill?
I have attached an image which details how I envision the system.
An additional question:
Where is it in the system the authentication comes in? Would I authenticate within the API? So the user uses a form on one of the three clients to send a password. The API then returns a "what" if they provide valid credentials?
I am trying to create a site where you can login with Google+, but I am having some problems understanding the Google+ API.
Can anyone explain to me how to fetch information, such as e-mail, name, id, etc. or give me a good link for a site where I can find some documentation about this.
Before you suggest me to this site I have already read it but not finding out how to fetch info.
Google+ Sign-In provides users the ability to authorize your application to retrieve data from the Google APIs based on the scopes that you set for your button. When a user authorizes your app, the sign-in callback returns you an OAuth 2.0 access token. This token gives you the ability to queries any of the APIs that your scope granted access to, this is not limited to Google+ APIs. You pass your access tokens to the API when you make requests.
Basically, you read the prereqs and didn't continue reading the API docs for the lower level details specific to the API that you are interested in. In this case, it sounds like you want to retrieve a person's profile (A "Person resource") by using the people.get method. At the bottom of that page are code examples for a variety of languages.
In my app I want to show the Google+ profile picture for a user.
The only function, I found, in the API to get the profile picture needs a userId.
However, I only have their email adress and not their Google+ userID.
Moreover the person, whose image I want to get, should not be forced to log in and authorize my app, as this person is mostly not identical to the user of the app.
So I think I need to get their userId by email. I read through the Google+ API documentation but can't find a way to do this, but I can't believe that this is not possible.
So my question is:
How can I get the Google+ userID with only an email address?
Is there maybe an other Google API to get a profile picture?
There is an API provided by https://www.avatarapi.com/ which returns the user's name and profile pic from an email address based on Google's public info.
It can be called via SOAP or HTTP at this API endpoint:
https://www.avatarapi.com/avatar.asmx
One of the benefits of this API is that it does not require the user to be authenticated with Google via OAUTH, so this could be exactly what you are looking for.
You can't do this using just their email address, however, if they paste their Google+ url, you could parse the id from the URL string and then get their profile image (and cover image!) using the public data API. The url: https://plus.google.com/me will bring you to their profile.
I highly doubt this is possible. Any kind of querying against the Google Plus API requires OAUTH. What's more, I'm not aware of way to query for a user ID by email address in the first place.
This thread would seem to confirm that this is currently not possible.
You can use the people.search API to search by email address and without requesting the user to authenticate. However, that will only search the public profile fields, which email is not a public field by default.
The only API methods that require OAuth are those that access private data. For public data, you can use the more simple API key method.
To reliably achieve what you are describing, you'll want to use Oauth and the plus.me scope to get the information that you want. This does require authorizing your app however.
I am new to linkedin api. I have a doubt regarding the api.
I am integrating the api in my application, so different user have to register in the linkedin to get the data using that api? Can it be pre registered and the user can get the data whatever he wants.
Suppose user wants to search about company. He will type the company name and will get the names of the company related to search. He should not log in in linked in before searching.
Is it possible?
If you are using the JavaScript API, then yes, you may need to have the user log in each time as the JavaScript API's authorization is cleared every time the user closes their browser.
If you are using the REST API, you can store the user's OAuth token and use that to make the calls on behalf of the user, saving them having to sign-in each time.