I'm working on an web based image search platform that uses Instagram. I've looked over the API and I noticed that there's are no ways to call any of the endpoints without the OAuth authentication. I don't want to make people sign in every time they want to search for something. I would like to make it function as a normal search box would.
I'm wondering if anyone has any suggestions on how to circumvent this problem? I was thinking of automating the authentication of my own account and storing the token... allowing users to search without needing to login. I'm not to sure how to accomplish this.
Any feedback would be greatly appreciated.
Thanks!!
According to the Authentication API documentation you could just use your own token for each request but there are rate limits for a token and you will have to handle token expiration.
The BIG downside, and major security concern, to using your own account for access is that you are essentially giving access to your account when requests are submitted.
For a media call you just use your token
https://api.instagram.com/v1/media/{media-id}?access_token=<YOUR-ACCESS-TOKEN-HERE>
Related
I need to integrate Google Fit data on a project in PHP.
The idea is that every user, if he wants, can authorize the download of his Google Fit data.
Now, I was wondering if there are bees to handle this situation. Also if they are free.
Have you ever come across something like this? Thanks
Google Fit's REST API only supports requests from a single user.
The only way you can access multiple users' data is for each of those users to have given you an OAuth token which grants access to their data; you then need to make separate requests for each user's data using that user's OAuth token.
My php app is integrated with Facebook's Graph API. I recently conducted load testing and found out that I hit the 600 requests per 600 seconds limit rather easily with a low number of users(1 large single batch request per user). In order to make my app work I feel that I would need to rely on user tokens(client side) instead of my single app token(server side).
My question is: Is what I want to do even possible and does my proposed solution make sense and how could I implement it?
1) Use JS sdk to login the user to FB and obtain a user token
2) Pass the user token to the php side
3) Make the graph api call using the user token
I am reading http://developers.facebook.com/blog/post/534/.
It says "this allows you to connect the user to your site or app using the JavaScript SDK (FB.login or the Login Button) and then call Platform APIs from server-side PHP without doing additional work". Does this mean using the user token or app token?
I am not looking to be spoon fed code, but could someone please point me in the right direction and give their opinion on my proposed solution?
Thanks
I have a protected twitter account but I want to be able to show a list of my most recent tweets on my website.
I'm prepared to dive in to the twitter docs but I just wanted a heads up to know if its possible?
Would my script have to autenticate with my account or is there a way to allow access to my twitter account from a particular IP?
Thanks
Yes, definitely possible. I don't know if there is a simpler solution, but one way would be to create a new app on Twitter which your account authorizes. In the authorization process, Twitter will give you access tokens for your specific account. Store your access tokens in a database. Read your tweets from a PHP widget say, which uses the Twitter PHP API, and uses your access tokens to display it.
When you are retrieving your tweets, it doesn't matter if it is protected or not as long as you have authorized that specific application.
Simply put, the widget that displays your tweets is a Twitter application that you have authorized. (one-time authentication)
Well I don't think so you can read anything from Protected account.
I was reading few articles about the same issue and here is the alternative solution if you would like to give a try. (I personally didn't tried it so leaving up to you to give shot)
http://www.ehow.com/how_6474863_protected-twitter-updates.html
I am trying to get a list of all Google Apps users of a domain onto a public PHP website (without visitors of the site needing to login or do anything). I have a basic understanding of what needs to happen but can't quite piece it all together. It can't be as hard as it seems to me... could it?
Authentication and Authorization:
I'm pretty sure it needs to use OAuth 2.0 ... but am unsure whether it needs 2 legged or 3 legged. I got another section of the site working with ClientLogin but that won't pull in Google Apps profiles, only user's first and last names (I need the other profile fields). I have set up the API access within the account and have that side of things all set (I believe).
I have found this page, which shows how to construct a URL request to get all Profiles (in every language except PHP of course) but don't understand how to implement this.
http://code.google.com/googleapps/domain/profiles/developers_guide.html
I also tried this example but it just gives me a 401 after I enter the credentials. http://gdatatips.blogspot.com/2008/11/2-legged-oauth-in-php.html
I don't know which frameworks or includes are needed to accomplish this either. I have tried zend, OAuth.php and a whole bunch of other bootstraps... but keep getting lost as to what each is doing.
If someone could help me by outlining:
Which files/framework I need to upload and include as a bootstrap
What variables within those files I need to update with the Google credentials
How I integrate the Google Profiles "Retrieve all Profiles" request with PHP
An ELI5 (explain it like i'm 5) overview would be very much appreciated... I'm sorry for my apparent incompetence, but I have been reading articles for nearly a week and have not gotten anywhere.
Thank you in advance for any help provided.
Good question.
You'll need to implement the Google OAuth 2.0 process as it's described here (experimental?), because someone (you) will need to give your app the initial permissions to access Google Apps API. Steps are:
Register your domain with google (don't remember the link)
Redirect/send browser to an authentication url: https://accounts.google.com/o/oauth2/auth, with the appropriate request params (see the first link). You'll need access_type=offline, your scope would be https://apps-apis.google.com/a/feeds/user/
Get a code back, then exchange for a refresh_token, an access_token, and a value specifying when the access_token will expire. Store these in a database
Whenever you need to make an API call, check if your access_token has expired or not, and refresh when necessary, which is what the refresh_token is for. The refresh_token is valid as long as you don't revoke the access you gave to the app.
OAuth Playground helps a lot. Good luck.
user signs up for a key and secret from my site, then they can send/receive from my REST server.
Where I need help is when a user interacts with the REST, how can I determine if they are authenticated using THEIR key and secret? Basicly this will be for a social network site app area. I have seen that many social networks have an app area and use REST and OAuth and sometimes OpenSocial but I have looked at those and they are a bit complex for my needs I think. As for authenticating with OAuth, I guess I do not really understand exactly how it works, maybe it is what I am looking for though? I don't need to authenticate the user who views the page that is running the API, I need the owner of the app's server to authenticate to send back and forth with my REST?
Any advice on how to do this the best way? I would like to do it the best method for future growth, so if I could do it like the big boys do (Facebook, myspcae, hi5, bebo) that would be the way to go I think.
when a request is sent it should pass the key in the URL to my server but they should have there Secret somewhere in there script, I am not clear how to make that work with each other?
OAuth is almost certainly the best way to go here. Using OAuth, you can provide authorization to almost any kind of web-based API that you would like (REST is fine, but so is plain ol' XML over HTTP).
There are some Stackoverflow articles on how to get started with OAuth.
I also find Google's implementation worth studying, as it's both well documented, and a very good implementation from which to take inspiration. They also have a very helpful "OAuth Playground" that will walk you through an OAuth request step by step.