I have searched in eBay manual and google but could not really find any informaton regarding the lifetime of eBayAuthToken. Is it possible to store the token in my DB instead of username and password? I think it is more secure but the concern is that it may become invalid after a week or so/
Thanks
According to the API docs, the lifespan is 18 months:
http://developer.ebay.com/DevZone/guides/ebayfeatures/Basics/Tokens-About.html#LifeSpanandUniqueness
Tokens are valid for 18 months across multiple sessions of the application. Seven (7) days before a token is due to expire, eBay returns the expiration date in the HardExpirationWarning field in the response of all calls the application makes on behalf of that user. When your application detects this field, it must redirect the user to the sign-in page on the eBay site by the date in this warning, or the token ceases to work as a means to authenticate that user.
Related
I have a web application that will authorize a user with eBay so that I can post items for them. But I want to cap the limit at 50 per account and eBay account. I can easily track how many item posts they performed in my application. But what prevents the user from opening another account with my application and re-authorize with the same eBay account.
So I tried it with my application and my eBay account and looking at the tokens from account1 and account 2 there's literally 5 characters difference at the beginning of the token String (around character 15). Rest of the token is the same.
Is there a way to tell from the token if it's the same account?
Ok to handle this you would need to get the eBay User and compare to see if they have already registered. Using the user authorized token make a call to get the user details via:
ApiContext.getApiCredential().seteBayToken(FetchTokenCall.fetchToken());
GetUserCall gu = new GetUserCall(ApiContext);
UserType user = gu.getUser();
Now compare and save relevant data.
Instagram changed the way it rate limits like, comment and relationship endpoints in its API recently...you can sign API POST requests with an HMAC hash of your client secret and app IP address. I am doing this successfully. I know this because I get a 403 error message if I don't include the a properly hashed X-Insta-Forwarded-For header; get a 200 success message if it is included).
Still, I'm being rate-limited to 30 "like" calls per hour (the limit for unsigned requests); 100 is the limit for signed requests. Anyone know why this might be?
Updated docs are here: http://instagram.com/developer/restrict-api-requests/
and
here: http://instagram.com/developer/limits/
Apparently my Instagram client credentials had been flagged by Instagram, and they were limiting me based on past behavior of my app. I registered a new client with Instagram here: http://instagram.com/developer/clients/manage/, re-authenticated with the new app, plugged the new secret into my code to sign my requests, and I was able to like 100 IG posts within an hour. Good to go!
I faced the same problem and I managed to solve it by simply revoking app token from user panel. No need to create new app.
According to the eBay docs: "With one-time setup complete, your application can respond to prospective users and get tokens for them." However, the article also mentions that the tokens expire after 48 hours. Does this mean that my users will have to re-login every 48 hours through my website to renew the token? If so, how is this a one-time setup?
Update 1: According to this article, tokens expire after 18 months.
Tokens expire after 18 months. The call returns a HardExpirationWarning element 7 days before the token expires, at which point the user has to go through the consent process again. The token is associated with the session ID for 48 hours, before which the developer has to fetch the user's token and save it for future API calls.
is it ever possible to authorize twitter app on the desktop without user input (of the seven digit number)?
I am trying to develop a realtime tweet fetching application between a list of friends/followers "suspects" communicating together. But the authorization code that needs to reset after 15 mins is an issue, so unless someone if manually present to handle re authorization after a couple of mins is a serious challenging. Is there a solution to my question.
Joe Mayo or any one, pls help here.
Thanks
There are two different issues at work here: authorization and 15 minute rate limit windows. For authorization, you receive OAuthToken and AccessToken, accessible via IAuthorizer.Credentials after the user authorizes. These tokens never expire. So, you save them when the user first authorizes and then load them into IAuthorizer.Credentials and you won't need to perform authorization again. Here's a more detailed description:
linqtotwitter - grab the saved credentials
Since you mentioned something about "reset after 15 mins", I assume you're referring to Rate Limits, which are set in 15 minute windows. Here's a recent discussion:
How to handle LinqtoTwitter Rate(v2.1) limit exceeded Error
It would be helpful to review the Twitter docs on Rate Limiting.
I've been building an app which allows the user to search through recent (i.e. 6-9 days worth) public tweets on Twitter using the Twitter Search API.
Currently, the site is entirely public - that is, users do not need to sign in to Twitter (or even be Twitter users at all) to use my app.
However, the upcoming changes to the Twitter API have left me confused, particularly the fact it would appear that every request to Twitter's API will need to be authenticated.
My limited understanding of how Twitter's API works is that I need to authenticate my app using OAUTH, which in turn means that, if I want to continue accessing the Twitter Search API, users will need to sign in to my site before they can use the functionality related to the Search API - hence, only Twitter users will be able to use that section of my app.
Am I understanding this correctly, or is the Twitter Search API exempt from the changes? If I authenticate my app, does this mean the rate at which users can search Twitter status updates through my app is increased (or any other advantages over having non-authenticated apps)? Note that I am currently implementing a caching feature to cache related searches.
Thanks!
The changes to the Twitter API would affect your application depending on how your application works. These are the changes that you should be aware of:
All requests used to be anonymous. Now, all requests must be authenticated via OAuth.
With the old rate limits, according to my tests, you where able to make about one request per second per IP address. Now you can make 180 requests per 15 minute block per authenticated user (1 request every 5 seconds on average).
Not related, but still worth mentioning, the data that the new API returns is more similar to the data that the Streaming API returns. It's much more complete.
So, according to these changes, if your application uses some kind of a bot which polls the Search API, stores the results into a database, and then your users search within these stored results; you will have to implement OAuth with your own access token, which you can get by creating an application at dev.twitter.com.
But, if your application connects to the Search API every time that your users interact with it, and you think that you will have to make more than one request every 5 seconds on average, then you will have to ask your users to authenticate in order to get their access tokens for your requests.