I have created, on my computer, a Chrome extension which calls the YouTube API and shows extra information about video search results. In the extension I use an API token provided.
The extension works, but I am wondering how to prevent future users of the extension to retrieve my API token by decompiling the extension (which is only JavaScript and config files) and use this token outside of the scope the extension ? If it happened the API usage quota could be exhausted quite quickly and then the extension would be unusable for the other users of the extension.
Related
I do not have any previous knowledge of calling APIs, so I am using API explorer to download PDFs of existing templates on my DocuSign developer account. However, I need to download about 500 of my templates so that I could change them, but I do not know how to exactly call and generate the PDF without the API Explorer. Would anyone be kind enough to explain to me the process of how to use API without the Explorer? I am trying to use TemplateDocuments:get
API Explorer Link
You can download Postman and then use DocuSign Postman Collection to call the APIs or you can use DocuSign Code Launchers to be able to create scripts in any language you prefer that does that for you
I am developing an app with the use of the youtube data api. Everything worked well for more than two months until today. I have got a quota limit exceeded error today and after I opened the google cloud console, I noticed that I somehow got over 70 million requests from the chrome app oauth client which is definitely unnormal. Looks like someone is abusing my extension and sending requests.
I do use the chrome.identity.getAuthToken and request https://www.googleapis.com/youtube/v3/channels?part=id,snippet&mine=true&access_token=${token} when a token is updated so that I could display the user's authorized account name (and other details) in the extension control panel.
I assume that someone programmatically revokes the access and reloads the extension thousands times a minute so that the extension keeps sending the requests to get the user's channel info.
How do I have to handle such situations correctly? Is there a way to find that user an ban him from using the extension?
in my extension while authneticating users using facebook its quite simple process
<a target="_blank" href="https://www.facebook.com/dialog/oauth?client_id=id&response_type=token&scope=email&redirect_uri=https://www.facebook.com/connect/login_success.html"></a>
if you look at the authentication mechanism using facebook its quite simple it gets the data through that url and sends the data to particular html where we can grab the acces token and do what ever we want
but the mechanism is different for google
but is there anything similar to this where i can authneticate using google
i have refereed a lot of sites
but its of no use
It seems that Instagram has two means of scraping public data. There is the official API for which you need to get an API key and permissions, as described in the guide https://www.instagram.com/developer/ For a tag-specific search, the official API uses the endpoint:
https://api.instagram.com/v1/tags/{tag-name}?access_token=ACCESS-TOKEN
But it also seems that many people are scraping Instagram by using a different public API (which I think is the one accessed by the front-end of the website). This "unofficial" API uses the endpoint:
https://www.instagram.com/explore/tags/{tag-name}/?__a=1
I cannot find any information regarding support for the "unofficial" version. Does anybody know what limitations may exist on this API? If this method of retrieving data satisfies the requirements of our application, is there any reason we should still engage the rigorous API token review process to get our application approved for "official" API public_content permissions?
As far as I know
Does anybody know what limitations may exist on this API?
It is a direct violation of Instagram terms of use as in here
10.We prohibit crawling, scraping, caching or otherwise accessing any content on the Service via automated means, including but not
limited
to, user profiles and photos (except as may be the result of standard
search engine protocols or technologies used by a search engine with
Instagram's express consent).
And as a developer there is no grantee that these API remain
unchanged. so you probably experiencing system fail and be forced to
re develop parts of your code times to time.
Also it worth mentioning that users won't easily give you username
and passwords of their account, as the public API just requires
confirmation to access limited account resources.
is there any reason we should still engage the rigorous API token
review process to get our application approved for "official" API
public_content permissions?
Same as a bow
I have a chrome extension that i am building that I would like to accept payment for.
I am following the instructions laid out by Google in the Chrome Web Store docs.
I have followed them up to the point where I am supposed to be able to get the Oauth token. I do not have a button anywhere in my developer dashboard for the extension.
I made this much more complicated than it actually was. I followed these directions for the One-Time-Payment.