i facing an issue regarding the FaceBook Graph API.
actually a friend of me, have an FB App whitch can be used for the Graph API.
But in that case I activate a FB dev APP for myself, i'm not able to generate a valid security Token with the App-ID and App-Security.
At first the App is live and activated. For that I don't understand the error message at the end.
Second I don't want to have a User-Token with a validation for an hour.
These are the step's i following:
getting App Token
https://graph.facebook.com/oauth/access_token? client_id=20179479xxxxxx&client_secret=3048xxxxxxxxxxxxxxx&grant_type=client_credentials
The result i'm receving:
"access_token": "20179479xxxxxxx|Pqxxxxxxxxxxxxxxxxx",
Now if im trying to use the Graph API Explorer and trying these token as authentication, I'm facing an #200 OAuthexception
my request:
Get -> /v2.12/coca-cola
"(#200) Access to this data is temporarily disabled for non-active apps or apps that have not recently accessed this data due to changes we are making to the Facebook Platform. https://developers.facebook.com/status/issues/205942813488872/",
Have somebody any ideas how to solve or what i'm missing here?
With the Security Token from my friend he can use the example with coca-cola from the developer like in the documentation and example from FaceBook as well.
Thanks in advance
Facebook is changing the API due to a security issue. This means new apps have more restrictions and less access (for the minute) than apps that were already registered and using the API, probably why your friends key works. Seen as your app is either new or hasn't recently accessed the data you are requesting, you currently cannot fetch it.
Its not known what features will be removed from the API following this incident - as a result I wouldn't come to rely to heavily on any feature the API offers.
Im hearing that the ability to retrieve events could either be removed or the data you can access from an event is going to be severely limited, however thats not from any official facebook source. All apps will be subjected to a review according to this official facebook post, before they are granted access to the Events API, Groups API, and Pages API.
Related
I have created a Youtube API application to enable access to Youtube API for Integromat. All my Youtube API application does it gives access to my Youtube channel videos for Integromat. Integromat grabs the links to videos and uploads the links to my Airtable. So the only user for the Youtube API is going to be myself and my own Integromat workflow.
The Youtube API app is in development. I want to verify the app to get rid of the 1-hour deactivation of the authorization (Integromat connection to Youtube API breaks after 1 hour).
To get verified, I looked the steps here https://support.google.com/cloud/answer/7454865?hl=en. The first step it tells me to do is "Update the OAuth consent screen details" and I go to that screen and shows the publishing status. Do I click to "publish to production"?
When I click that, it tells me:
Your app will be available to any user with a Google Account.
Screenshot showing the step to publish my app
That's sounds scary. What does it mean?
I do not need (nor want) have other users logging to my Youtube API. I am the only user and Integromat is the only app that will access the Youtube API.
I am novice in this and don't have much idea about programming so I don't even know what questions I should be asking here.
Thanks.
Here are more details about what I am trying to do in Integromat:
Youtube API Integromat testing app - connection getting disabled
It means that you will be able to share your app via that link with anyone you please. The whole point of an API is that it's available publicly, at least on a technical level. Whether you're actively soliciting users is an entirely other matter, naturally.
Recently I received this Alert in the Google Play Console
Your app contains exposed Google Cloud Platform (GCP) API keys
I am using the YouTubeApi Player, and I believe the only why you can initialize it is using this line of code
youTubePlayer.initialize(DEVELOPER_KEY, this);
So beside added restrictions to my API key, is there any other way to remove the API Key from the code?
I tried using the GCP service accounts as suggested by Google, but I do not see how I can still use the YouTube Player without the initialize line of code.
I have same problem, and fixed this by using string R.string.google_api_key generated by google_services.json
change your code to:
youTubePlayer.initialize(getString(R.string.google_api_key), this);
how to get google_services.json:
create firebase project https://firebase.google.com/docs/android/setup?hl=id
get your google_services.json https://support.google.com/firebase/answer/7015592?hl=id
There are some tips on how to secure your API keys at Using API Keys documentation.
It is stated that embedding API keys directly in the code should be avoided, which is the way you are having it right now, therefore you are getting the warning message.
Follow the tips on that page and you should properly secure your API key. As soon as you do so, the warning will go away.
UPDATE
To avoid having a long discussion in comments, allow me to elaborate further providing this update.
Google provides different ways of authentications to give you more options for securing your apps based on your needs. The warnings are helpful tips to make your apps more secure when going in production or exposing to public. So in your case, it would be better to use a different way of authentication.
API keys can be used in server side. e.g. If you are using an API key to authenticate a 3rd party service from an App Engine app, you can use this key as you already have it, since it is impossible for the key to get exposed. (Avoid using API keys in JavaScript since inspecting the page in the browser will expose the API key as well)
In your case, since you are developing an Android app and/or an iOS app, having the API key in the code is dangerous. Because, anyone can use the .apk or the .ipa file and find a way to access it. Therefore, for developing Android apps and iOS apps it is suggested going with different authentication method. The other authentication method supported in YouTube player API is using OAuth 2.0. For more information you can check the Registering your application documentation.
We have an existing Android and iOS application that consumes REST API from our servers. The API provides a token to the authenticated users after they log in using their credentials (username, password combo.) from the mobile applications.
Now, we're planning to create a Google Glass application for the same. In this case, we'd like to use the existing REST API along with Glass also. The Glass app will be built natively using the GDK.
My concern is, how would the users be able to input credentials? Because, users may have signed up for the service using non-google accounts?
Many thanks in advance.
At the moment, there is no supported way for apps made with GDK Early Access to authenticate the user or provide a way to connect the Glass account to your auth system. The Glass team has indicated such methods are coming, however - the Strava Cycling app, for example, does this, and it is expected that a similar feature will become widely available as the GDK matures.
Strava Cycling appears to get its credentials at the time you setup the app through MyGlass. When you turn it on it redirects you to a website to log into Strava's service before completing the install.
I just gave a talk on this exact topic at Wearables DevCon. The solution I proposed is purely done through GDK. All the user has to do is sign into their Google Account on a phone/tablet/computer and enter a code that is shown on Glass.
Check out the slides here:
https://docs.google.com/presentation/d/1NepYwlKdEvLV0QH9ix2I8l-JY1kHjBR9AXKBNpgTI6g/edit
And the code here:
https://github.com/victorkp/GlassWebNotes
The latest Glass release (XE16) publishes the remote authentication API for apps distributed through MyGlass:
https://developers.google.com/glass/develop/gdk/authentication
We are working on an idea of a FB app which let's us retrieve youtube watch histories of app users.
I know there's the possibility to retrieve watch histories through youtube's api, but in combination with a FB app I couldn't find examples.
Any input on this is much appreciated, thanks!
These two are orthogonal. Since you didn't specify a language, I'll assume you're using Python.
Write an FB app using Canvas to display output to users ... I assume you are using Canvas.
Use the YouTube API and Python client to make API calls. You'll need to use a database or some other storage engine to link a user's Facebook API auth token with their Google auth token. Both are using OAuth 2.0 (though they are different flavors), so once you learn one, the other should be easy.
Before I answer anymore questions, it's probably a good idea for you to work through the getting started guides for both Facebook's API and YouTube API first. After you have some understanding of both, pick a stack and you should more or less be ready to go.
The Graph API documentation says that the (invite only) message API endpoint is read-only.
The MyPad iPad app allows users to both read and compose messages.
Facebook has two APIs at present. The Graph API, which is what all developers should be using, and the REST API which they are in the process of depreciating. While they advise people to use the Graph API, it still lacks features found in the REST API. One of these would appear to be the ability to send messages. Details on the REST API can be found at their documentation page
Neither graph nor rest API can be used to send inbox messages to any user.
Mypad uses the other way around, which use m.facebook to compose and send(POST) messages directly.
of cos, it requires massive understanding of m. site of facebook. And problem is expected when facebook modify any structure on their m.site one day.