The spotify client lets you see friends or people you follow are playing. Is it possible to do that with the API? I looked through the whole API Reference but couldn't find anything.
In the spotify client this is under "recent activity".
No, it is not currently available with the Spotify Web API. There is already an existing feature request about this issue on Spotify Web API Issue Tracker Github page. Feel free to +1 there :)
No public API to do this, but...
If you MITM your Spotify app you can observe the requests to https://spclient.wg.spotify.com/presence-view/v1/buddylist as well as your authentication token. From there you can just hit this automatically. If you use Charles you can just click "copy request as cURL" and it's super easy.
Of course you need the app's auth token, so this only works for you and not for a 3rd party app that other people authorize too. (at least, not without a lot more work)
Related
Just need to know if login falls under the basic feature of the api which instagram has decided to deprecate on 2020, or it will be deprecated well before that.Also need to know if user endpoint always fall under basic?.Is there any instagram login api in the facebook graph api endpoint?
I have answered similar type of this question (you can read it here Importing user photos vs. Instagram platform API depreciation).
or it will be deprecated well before that?
The answer is, nobody knows. Instagram own all of it's own data and have rights to deprecate the API anytime they wanted to.
Also need to know if user endpoint always fall under basic?
I think so, yes. This is because one of the reason Instagram API is now restricted to your own user is some developers misused API endpoints.
Is there any instagram login api in the facebook graph api endpoint?
Yes, there is. But you will need to link your facebook account, enable business profile in your Instagram. Yeah, you will still access the endpoint like you used to, but you will need extra work to make it happen.
I have a simple use case for the instagram api: I want to display media related to a specific tag. E.g. GET/tags/tbt/media/recent. I do not need users to authenticate with Instagram to do this, I merely wish to use my own account and access_token to make the api requests.
Unfortunately, I've run into two problems:
I cannot test this API in sandbox due to the fact that the public_content scope is only available to approved applications.
My app submission was denied because I did not provide a screencast showcasing my usage of an instagram authentication flow (my use case does not have one, and I explained that I did not need users to authenticate).
Currently, the API seems geared towards larger, richer integrations, and doesn't leave a lot of space for applications like my own.
Is there a way to accomplish what I want given the new access_token only flow?
I'm working on a project to connect Google Apps (Contacts, Gmail, etc.) to our own private software.
I'd like to use Hapi.js in order to achieve this, but since I have no expertise in the matter (OAuth, Google, etc) I found it to be quite challenging.
I wonder if it's posible to use Hapijs and Bell to handle the "ask permission" flow, and once authorized save the credentials to long-term uses.
Also, is it possible to use Bell to handle token refresh and consume api? (like requesting http://www.google.com/m8/feeds/contacts/default/full)
In the documentation for Bell, there's an example for twitter, basically you need to change the provider to Google: https://www.npmjs.com/package/bell
When you request access, you can add the parameter access_type with a value of offline. The server will response also with a refresh token that you can use in further requests to the API's without asking for the user credentials again.
You won't be able to store the actual user's credentials since it wouldn't be secure.
You can use the Google OAuth playground to learn more about the authentication process, here is the link https://developers.google.com/oauthplayground/
Here you can find more information and examples of using node.js and the Google API's
I'm creating a REST API server with Node.js and Express + MongoDB.
This API will have different mobile clients (iOS, Android) and possibly a web app later on.
I need users to login in order to perform some API requests. There are no 3rd party apps I want to connect with (no Facebook, Google etc). I also don't want to force the users to visit a webpage or anything like that in order for them to login.
From what I've seen on my many searches on SO, the best approach would be to let users login with full credentials once, send them a token in return, and use that token to verify future requests until it expires.
However, I'm not sure how to implement this.
I'm very confused with all of the different strategies. Is this done with basic authentication over HTTPS, with OAuth, OAuth 2.0, ... ? I just don't know what to use.
Also, I really don't want to reinvent the wheel here, not because I'm lazy, but mainly because of security concerns. Is there a library I could use to implement this? I've heard of Passport, but I couldn't understand if this is doable or not. This sounds like such a generic thing I'm sure there's a simple solution out there.
Thanks!
Now you can use Passport.js with JWT (JSON Web Tokens) with Passport-JWT. It's pretty easy to use.
Once a user is logged in, you send a token to the user. The token contains data about the user, like an id (encoded, of course). On the subsequent requests (at least where authentication is required) you make sure, that the client sends the token. On the server, you can see who sent the request (and e.g. check the user's authorization), just by looking at the token. For more info on how JWT work check this out.
There are different ways to send the token. Just have a look at the docs and it'll be clear. If not, this also helped me.
I feel you need to setup a Token Based Authentication process in your server, so you can make requests from different types of clients (Android, iOS, Web, etc.). Unfortunately, Passport documentation (and Passport-based tutorials) seems to be aimed for "web applications" only, so I do not think you should be using it for those purposes.
I did something similar following this great tutorial: http://code.tutsplus.com/tutorials/token-based-authentication-with-angularjs-nodejs--cms-22543
The client part in this tutorial is based on AngularJS, but can easily apply the same principles in a mobile client (it is just a matter of making HTTP requests including a token retrieved when you post in "/signin" or "/authenticate").
Good luck!
There is an example of RESTful service with oauth2 authentication: https://github.com/vedi/restifizer-example. I hope it will help.
I wanted to start a thread to understand practices people currently use to serialize user data in a Facebook (canvas) application running on .NET with the Facebook C# SDK.
Security: Has anyone exposed data endpoints that can be accessed in an AJAX-mechanism from a FB app? If so, how did you protect them? Seems like it would be simpler to access the data when doing a full postback in terms of security, but even there I'm not entirely sure about the security implications. I'm used to doing things with forms authentication so I'm pretty unsure of how to secure data in the FB context. Obviously not having passwords is nice but I still thought this was a worthwhile topic.
Thanks...
-Ben
If you are relying on Facebook authentication, the best thing you can do is make sure the signed_request is valid, the Facebook C# SDK does this for you. (By valid, I mean that it originally came from Facebook) However, you cannot ensure it came from the person that the cookie says is the user. The signed_request could be intercepted since it is frequently sent over non SSL connections. This question contains two answers that are worth reading and should answer your question. Facebook JS SDK: access_token in plain text and security
Regarding exposing the ajax endpoint. Just make sure you pass the signed_request to the endpoint and use the FacebookApp class to read the session. This will ensure that it is valid. Here is more information on that topic: Facebook C# SDK, AJAX in iFrame app