I'm working on a social hub page which aggregates info from all social networks. Currently I'm trying to fetch infos from one specific foursquare venue.
To get the information I want, I have to use an access token and therefore authenticate my user. In my case this would always be the same (my own) user.
Is there a way to get an access token with my username/password without having to redirect to the authentication page?
I couldn't find any answers here so far, thanks for your help!
Update:
I just discovered exactly what I want to implement on http://de.puma.com/creativefactory - if you scroll down you can see foursquare information on the bottom right corner, that's exactly what I want: Display how many users checked into my venue and the last persons who checked in. How did they do that, there is no auth dialog required? Thanks again!
Unfortunately, this is explicitly not allowed for security reasons. Although it may seem safe in your case, we don't generally want to support 3rd-party applications handling our users' passwords when OAuth makes it unnecessary. This is the same policy that many other large social networks have.
If you're just looking for venue information (e.g. just information about a venue and NOT any user information) then you don't need to have an authorized user. The venues API can be accessed with only your client ID and client secret. See the Foursquare API documentation..
Some of our endpoints that don’t pertain to specific user information,
such as venues search are enabled for userless access (meaning you
don’t need to have a user auth your app for access). To make a
userless request, specify your consumer key's Client ID and Secret
instead of an auth token in the request URL.
You should be able to get the required information without user authorisation.
Just create an app and you will be provided with a client id and client secret, you can then use these to access the API.
Here is the required venue API string format:
https://api.foursquare.com/v2/venues/[VENUE_ID]?client_id=[CLIENT_ID]&client_secret=[CLIENT_SECRET]&v=20120101
In the returned json you should find:
"hereNow":{"count":x,"summary":"x people here","groups":[]}
Related
I am integrating Google's login Apis on a website, and I need to place the user's details in our databases to use it the next time they login.
Googles developer documents clearly out lines that developers should never store user IDs in a database, instead you should use Token IDs generated by google to auth the legitimacy of the user.
I completely agree with this, but a token's live cycle is only a short period of time. If we insert the token in our databases, the next time the user logs in, they token will be different to that in our database. So how do we auth users via token id with google sign in?
I've read all of googles developer docs https://developers.google.com/identity/sign-in/web/backend-auth and theres nothing specifically explaining this, other than their process of authentication.
Could someone please help who may have had experience in this ?
Thanks alot
This is googles warning
Warning: Do not accept plain user IDs, such as those you can get with
the GoogleSignInAccount.getId() method, on your backend server. A
modified client application can send arbitrary user IDs to your server
to impersonate users, so you must instead use verifiable ID tokens to
securely get the user IDs of signed-in users on the server side.
Googles developer documents clearly out lines that developers should never store user IDs in a database
No, they don’t.
They are telling you that your server should not trust user ids send to it directly by the client - because anyone could easily fake those.
Instead, you are supposed to send the token, that you acquired on the client side, to the server (those tokens can’t be “guessed”, therefor you can not simply fake them) - and then you make a server-side API call using that token, to get the user id.
I'm developing an application that uses the LinkedIn API (and other social networks') to retrieve the messages you receive in yout timeline and get other user's information.
I know that I can't get that information over a user since the last API update thay made, but I'd like to know if that's possible from a company page. I can get the updates I've made on the page and my user profile but what I want is to get the user's profile from a person that makes a like in one of my publications (to put and example).
Is that possible like with the Facebook API and Twitter API or I can only access to information from the user that is authenticated in the application?
Thank you.
In general, only You can get that information with authenticated users in the application.
As for LinkedIn, I don't know if you know that from May 12 (if I remember correctly) LinkedIn API is changed.
Changes in Linkedin API
Two questions:
Question 1.
We need to manage 4 playlists of a Spotify user from our back-end (PHP) (without user login).
Visitors of our website can submit multiple of their favorite songs to our websites. Based on that, we create and manage 4 playlists which contain the ‘top most submitted songs’. We want to automate this process from our PHP back-end without the need of manually managing the playlist day to day for a period of multiple months.
We would like to use the Spotify API for this, but a user access token is needed to access and manage user playlists. We created a proof of concept, which “simulates a browser with PHP”. We log in, retrieve an authentication token, request an access token with the authentication token and then perform the necessary API calls – all without user intervention.
This method works, but we suspect and know this isn’t 100% the way to go :). We’re not after abuse of the API or whatsoever, but how can we periodically automated manage these 4 user playlists if this isn’t the right way?
Please note our back-end is Apache – PHP based. We could also use NodeJS, but then again, this isn’t the way to go either.
Question 2.
Users submit songs to our website. When the user types in the search field (song title / artist name), after one second we perform an ajax call to the Spotify API and show the search results based on the input. Taking into account the amount of visitors expected on the website, this might cause a lot of traffic to the API.
The docs (https://developer.spotify.com/web-api/user-guide/#rate-limiting) aren’t very clear on the applied rate limits. Is it possible to give us a better indication of these rate limits since we want to prevent this from crippling our website?
Thanks in advance.
Question 1
If you want to create playlists in a certain user's library you need to that user to grant those permissions to your app.
In your case, you would implement the Authorization Code flow to obtain both refresh and access tokens.
Store the obtained access token and refresh token, use the access token to perform the requests, and renew the access token whenever it expires using the refresh token.
If you are going to manage those playlists in a user you own, then there is no need to show any login form to users. Log in once, and use the fetched tokens in a script that will periodically make changes in your user's playlists.
Question 2
The limits are not specified on the Spotify Developer site at the moment, but they API should be able to handle your search requests. If you want to be extra-safe, authenticate your requests so they are limited by client_id basis. To obtain a token like this, that doesn't contain any user's information, you can use Client Credentials flow.
http://followgram.me/search/ is a search engine where you can search user's recent media from Instagram and it displays the photos to you without ever being logged in.
How is this possible? When I checked the API you seem to have to be logged in to get query results or else it's a bad request. I have read around but can't find anything. Am I missing something super obvious?
Thanks.
The following explains it (taken directly from http://instagram.com/developer/authentication/ )
For the most part, Instagram’s API only requires the use of a
client_id. A client_id simply associates your server, script, or
program with a specific application. However, some requests require
authentication - specifically requests made on behalf of a user.
Authenticated requests require an access_token. These tokens are
unique to a user and should be stored securely. Access tokens may
expire at any time in the future.
Note that in many situations, you may not need to authenticate users
at all. For instance, you may request popular photos without
authenticating (i.e. you do not need to provide an access_token; just
use your client ID with your request). We only require authentication
in cases where your application is making requests on behalf of a user
(commenting, liking, browsing a user’s feed, etc.).
is it possible to store the id of a user who grants permission to accept the app and then post a "share" when the user completes an action but they are not logged into linkedin? i have done this with facebook but currently struggling to get my head around the oauth/linked in libraries.
Yes, once the user has authorized your application, you can store the user's oauth tokens and use those to update LinkedIn via the API when a user trigers a share/update, etc.
The only trick is to cover yourself in the case that the user rejects your application's access rights; filter all responses from the LinkedIn API looking for an error indicating that the access token is no longer valid (you should be doing this filtering anyways for throttling issues).
LINKEDIN API has no proper documentation..as to how i can use it..sample code which is provided SKuS