I use Gmail API to get users emails from Google using scope(email) and It does work great.
However, As mentioned in this Google article Not only I have 1,000,000,000 Daily quota but also getProfile Method cost me only 1 quota.
So, Doing some math, I should be able to Sign In 1,000,000,000 Users to my Website daily.
But, That's not the case, Actually Google allow me for only 10,000 Requests daily.
What I need to know:
Why is that? (1,000,000,000 Quota => 10,000 Requests).
Is there another way to get Google Users email without using Google API Client?
How many Sign In requests can I send to google Daily?
Note: I have no interest in Google access token since I generate my
own access token for every user (I only need the email).
Thank you!
You are not using Gmail API. Gmail API is intended to interface with a Google user's Gmail mailbox (sent/received emails). OAUth scope email does not grant you any access to Gmail API. What it does allow is access to get the Google user's email address (may be #gmail.com or may be another domain).
See Google's list of OAuth scopes. email is listed under Google Sign-in.
To my knowledge, there are no quotas around usage of email scope and sign-in.
Related
Firebase phone number verification authentication is triggered by the user from the client-side SDKs on my website I am developing. Is there a way to write code such that the firebase api:
a. sends SMSs to only registered phone numbers (existing registered users) and
b. not send SMSs to unregistered phone numbers (anonymous users)?
This is to prevent data abuse by anonymous users to my website.
There is no way within the Firebase Authentication API to limit what users can authentication through SMS, or any other provider.
The logic here is that in order to know whether a user is authorized, you first have to know who that user us, which already requires them to authenticate.
This does indeed means that a malicious user can make calls through the API with your configuration data. You'd then typically prevent those users from accessing your application by a further check, for example by having the list of approved phone numbers you mention. The difference is that this check happens after the authentication step, and not as part of it.
Firebase has abuse prevention methods in place already, so there's usually nothing you need to do beyond calling the API and protecting your backend resources. If you suspect you're seeing abuse on your project, reach out to Firebase support for personalized help in troubleshooting.
I'm using Google plus API in my website to Sign In users and it does work great, However because I only need the user email since I create my own Auth Token I no longer need to use Google plus API because Gmail API provide all the information I need Also give more daily query Which is 1,000,000,000 compared to 20,000,000 for Google plus API.
The Problem is:
When I used Gmail API I got the same information that Google plus API provided, Which is great.
However, going to my dashboard inside Google Cloud Console >> OAuth consent screen Tap >> OAuth rate limits.
It says that Your token grant rate = Your current per day token grant rate limit is 10,000 grants per day. The per day token grant rate resets every day
So, Do I miss something?
Note: When I switched to Gmail API, I did change the client key, secret key, and Google Sign In URL.
There is a difference between the OAuth Rate Limits and the Gmail API Usage Limits. When designing your app you have two take into consideration these two factors:
1) OAuth
The OAuth Rate Limits refers to the number of tokens that your application can request to Google in order to be able to have permission to sensitive scopes from the users that are utilizing your app and in that way allow to access their data (how much data depends in the scopes) when calling the Gooogle's APIs.
2) Gmail API
The Gmail API Usage Limits refers to the number of requests that your app can do to the API, no matter the number of users(as long as it doesn't surpass the limit) because it was previously checked by the OAuth rate limit.
We want to send email to logged in users in our Drupal application. We are authenticating using AAD and our site is hosted in Azure app service.
we have a generic service account with a mailbox attached and we would like to notify the logged in users in case of any event using MS graph API and O365 connections.
Can we please get some guidance in this respect.
You can use the Graph API to send emails from your service account. Where you are going to have a problem is with identifying logged in users. An AAD token will be valid for your site even if the user originally signed in somewhere else, so logging signins isn't foolproof. Unless your users specifically sign out, the token will also be valid past when they stop using the site.
If you wanted to go down this road, then doing some logging of user actions and then sending the email to users that have been active within X amount of time might be an option.
If your goal is to notify users and you don't need an email specifically, then you might want to looking into using websockets or something similar to send notifications to the users within their browser.
I have created a button that allows users to sign in with Google.
After the users choose their google accounts, I can get the following parameters as response from Google.
access tokens
id_token
expires_in
token_type
created
How can I use these parameters to use services provide from Google?
For example, can I create buttons for user to go to the gmail boxes?
If it is not the way, what are the uses of those token?
Using Google's tokens id you can get User's Information like Name Email.
You cant provide direct option to open Gmail. It will prompt user to login
You can refer this doc for more info Gmail scopes
For accessing Google services, you need the access_token. When you are creating the authentication URL, you must specify all scopes - permissions (from this list) you want to use in your application. Then Google will ask the user for consent with delegating those permissions to your application. The access token you get will allow you to perform those actions.
You can go through those Google API scopes and get an idea what you can do and what not. For example you cannot use the GMail GUI, but you can read, send, delete, and manage user's emails, send new emails and so.
I've downloaded the PHP client library for Google Adwords API. I need to insert my login details in /src/Google/Api/Ads/AdWords/auth.ini. One of the variable is developerToken.
How can I get it?
Directly from the API...
Your assigned Developer Token will be activated once your application
for API access is approved. Your token will be available through your
AdWords API Center—accessible through the My Account menu for the MCC
account you applied with. You'll be able to access the API by
including it in your request headers when interacting with our system.
It is very important that you keep your Contact Email up to date—we
may send you important information regarding disruptions to service
and urgent changes via this channel.
https://developers.google.com/adwords/api/docs/signingup
I understand this might be old, but since Google updated their API, let me share my experience.
You need to create an MCC account (My Client Center), basically if you already have a Google Adwords account you cannot use it to generate developerToken however, you still can you use same Gmail account to create a new MCC account.
Follow below:
https://adwords.google.com/home/tools/manager-accounts/
Click on Start Now
Probably you are already logged in using your Gmail account, in all cases use your Gmail account in the email address field.
Choose name for your account let's say main-account
Do not click save and continue
Check below picture, you need to click, click here in the message below.
You will then redirect to the main dashboard, where you can click on Tools and then under SETUP tab you will find Adwords API Centre where you will be able to generate developerToken
you have to use the developer token from your live account. The token will work fine even if its status is pending