I have made a php script for tweeting via API. Right now I added an app(say "MyTweets") in my twitter account and got secret and oAuth key. Now I want others to use it. Right now I have put hard coded Key and secret, how can I automate it so that use can 'Add' their twitter account in my application or atleast I can store their oAuth/Secret for automated use. I just don't want to add new apps every other twitter account.
go to the link below: https://dev.twitter.com/apps/new
Fill up the form then submit.
now you will get your oAuth user and Secret Key
See the API docs at Twitter. You're going to need to implement OAuth in your application so that the user can authenticate with Twitter and you get back the authentication token you use in your application.
Related
We are using the Oauth 1.0 authentication Flow with the Twitter API. This basically come down to this spec: http://oauth.net/core/1.0/#anchor9.
We created the app and started to get users. Later we implemented Signup with Twitter where now we require the users email address from the API. We asked Twitter and therequest was granted. It works, great.
Now we have an issue with existing users because those authorized the App before we had that Email permission and with their existing Access Token, Twitter doesn't give us that.
Twitter writes in their documentation (https://dev.twitter.com/rest/reference/get/account/verify_credentials)
Note
Your app will need to regenerate the user access tokens for previously authenticated users to access their email address.
How can this be done?
When we delete the corresponding data (token and secret) on our side and ask for new Auth it doesn't have any effect. Twitter always gives us the same token and secret again.. and with that in the account/verify_credentials call no email address.
The only way which we found works is when we log into Twitter and revoke access to the App. Then we get a new token and secret which gives us access to what we want.
But we don't want to tell that to our users but rather do this programatically utilizing the API. How?
Try to request a new/different permission from the users:
What if I want to request a different level of access for my
application instead of the one my application is registered with? You
can do this now by using the x_auth_access_type parameter during the
request_token phase. Using this parameter you can request a read or a
read/write token even if your application is registered for read/
write/direct messages.
More information on this method is in our developer documentation:
http://dev.twitter.com/oauth/reference/post/oauth/request_token
I am implementing an api in laravel.
what I want is my api should not be accessible from anywhere except from android/ios app.I googled and came to know that I can make use of API KEY.
But I am not sure is it correct way or not.
Currently using OAuth2 for user authentication.
Please help.
What you want to do is to create a token for each user, save it in the client's device , verify it in each request that the client makes.
So basically you want to:
Make a column for the token in the users table
generate the token when the user registers
make a login route so that the user would login with his email,password and he will getback the token to store in the device
make a middleware that would check for the token in each request ( except for the login )
I wrote an article of the exact same thing you want
https://medium.com/#alhasaniq/how-to-add-token-based-authentication-to-laravel-app-s-to-use-in-api-s-1a0e45f9106#.15e3f9quu
Im currently creating a PHP application that searched various Social Media and analyses the results. Now im stuck at calling the LinkedIn API.
I need to call these API's without user authentication (I need a sort of app authentication). Facebook offers a way to retrieve an access token, based on app key and secret. With Twitter I simply used my own accestoken en access secret.
I searched all day for a way to call the LinkedIn API in a similar way, but havent succeeded in finding one. I also couldn't find my own access token en secret on the LinkedIn developer's site.
Do you know how I can access the LinkedIn API from my PHP application, without the user having to login himself?
Hope you guys can help me out!
The LinkedIn API doesn't support non-user-authenticated requests - that is, there are no calls for which you can just use the consumer key and secret - they all require a user token and secret as well.
The LinkedIn API is designed to be used from the member's perspective, acting on behalf of a specific member - it's not designed to support general application search use cases.
Terms of use: https://developer.linkedin.com/documents/linkedin-apis-terms-use
Like Twitter, you could use your own access token, but per the LinkedIn guidelines, you can't show anyone the information that you pull unless you use a token obtained on their behalf.
So I want people to be able to login to the site via Twitter. For facebook I store the facebook id and the access token. In twitter from what I gather I need to store the twitter id, access token and secret token? Is that correct if I want to do things such as post to a twitter feed? Im using the twitter php sdk
I believe you only need the access token and the secret token (the twitter id is not required).
Actually, now that I think about it, since you are using Twitter for login, the Twitter id would be required too (for login purposes, not posting to Twitter).
See: Twitter API - Making a resource request on a user's behalf
We are building an enterprise application, and we are trying to integrate linkedIn API for authentication, but as I see in the linkedIn API developer, the authentication can be possible only from the client side ... that is after I load the page, I can check whether there is a linkedIn session by making necessary calls as given in the linkedIn API.
But how do I do that same from the server itself, so that I can directly take the user to the home page?
Regards
Using the REST API, you can use LinkedIn for authentication, there are just a couple more steps you need to take.
Essentially, you need to get the user to initiate 'connecting' with LinkedIn from your application, have them authorize the application, and when they have, you can then store the returned user token locally if need be.
Once the user has authorized your application, and assuming you are using the LinkedIn 'authenticate' endpoint, returning users will see the following behavior on clicking the 'connect/sign-in' button: for users that currently have a valid session with LinkedIn, they will be returned immediately back to your site with their OAuth token. For those that have singed out of LinkedIn, they will need to sign-in first, then will be returned to your site with their token.
You can see this basic userflow on the Simple-LinkedIn demo page:
http://simplelinkedin.fiftymission.net/