I am making the following request trying to get the thumbnail images for a specific video.
https://api.vimeo.com/videos/447593888/pictures?access_token=XXXXXXXXXX
I generated the access token in my account however I get the following error.
"No user credentials were provided."
Any idea why this wouldn't work? I wish there was a simple send and return the Title, Duration, Thumbnail when I sent the ID value.
Access tokens should be passed in the request header, not as a query parameter (this is also insecure as a malicious actor could intercept the request url and get your access token, which is why only tokens with "public" scope can be provided this way): https://developer.vimeo.com/api/authentication#presenting-the-access-token
I wish there was a simple send and return the Title, Duration, Thumbnail when I sent the ID value.
Have you tried oEmbed? The oEmbed API doesn't require authentication, and can be used to get the metadata (name, description, thumbnails) for any embeddable video: https://developer.vimeo.com/api/oembed/videos
Vimeo oEmbed works perfectly and you can send in the height/width of the thumbnail you want and it pulls that, duration, title, desc, created date, etc. Awesome!
Related
Currently I am developing a Chrome-GMAIL extension which requires me to get the logged in user's first and last names. For experimentation, I have used the following goggle API (userinfo) and have successfully obtained the names I wanted:
https://www.googleapis.com/auth/userinfo.profile
However, using the userinfo APIs will cause a change in the OAuth2 scopes in my manifest. This change will in turn cause a permission-prompt to my existing users (if a domain wide delegation is not setup in place). Point being the idea of having more prompts in front of my user, or additional oauth scope is not really something I desire.
Currently our extensions use the following OAuth scopes and API :
Chrome's Identity API
Chrome's Storage API
GMAIL.modify
GMAIL.send
My question is, is it possible to get the first and last names using an API that is defined/allowed/provided for by any of the above scopes/permissions I listed? or is userinfo the only way to go?
Thank you very much.
Profile data like first name and last name is private data. You are corect that some Google apis give you access to some data that would normally require an extra scope. For email normally you would need to to request the email scope to get this back however the Gmail api does have an endpoint getprofile which will return the current users email address without you requesting the email scope.
However i am not aware of any apis that will give you access to the users first and last name without you requesting the profile or user.profile scope.
If you do decide to add the scope, I do recommend going though the people api rather then the userinfo endpoint as the data returned by the user info endpoint is not guaranteed to always return the name.
I'm trying to use the reddit api in a practice app to practice parsing JSON in Swift, and I've registered to get an access token, but now I'm confused as to where to put it. In other APIs I've used, I'd just put the access token string (?) somewhere in the endpoint url and that would be it, but I can't see anything pertaining to that in the documentation. For example if I'm trying to access https://api.reddit.com/api/v1/top/, where would I add my access token?
In the OAuth documentation is says to use the url https://www.reddit.com/api/v1/authorize?client_id=CLIENT_ID&response_type=TYPE&
state=RANDOM_STRING&redirect_uri=URI&duration=DURATION&scope=SCOPE_STRING but that seems to need:
CLIENT_ID
RANDOM_STRING
URI
DURATION
SCOPE_STRING
I plugged in all the necessary values according to the documentation, and it redirected me to the front page of reddit (I gave https://www.reddit.com/ as my redirect uri)
In previous practice apps with other APIs, I would simply have a single url (that included my auth token) and I'd plug that url into my function that parses the data. Now that I've followed the OAuth directions, I still can't seem to find an endpoint url that I can use in my app.
I tried https://api.reddit.com/api/v1/top in my browser and it says {"message": "Unauthorized", "error": 401}, and I tried https://www.reddit.com/api/v1/myAccessToken where myAccessToken is the string they gave me when I registered. This leads me to a "page not found" on Reddit.
What do I need to do here to get a basic endpoint url that gives me the JSON data for, just for example, recent posts?
I'm coding a app which needs to get a list of subscribed channels of the user.
So the user gets navigated to this page so I can get the authorization key:
Get Access key for my App "AboReminder"
Now I get the access key which I need for some api requests. But I am stuck on the issue that I dont have any glue how to get the subscription list.
I'm not able to understand the information on the google page: Google APi documentation
So my question how is a possible request for getting all subscriped channels of the user?
send an ajax request to the following URL after replacing the {{OAUTHKEY}} with the appropriate user authorization key
https://content.googleapis.com/youtube/v3/subscriptions?part=id,contentDetails,snippet&maxResults=10&mine=true&key={{OAUTHKEY}}
This should be a GET request and no request body required to set.
You can navigate to the next set of results using 'nextPageToken' in the response.
By default api can generate only 5 results. You can get upto 50 results by providing 'maxResults' query parameter.
As far as I know, there is no way to get all the list.
I'm trying to use the Graph API to get the feed of multiple public groups then that of multiple users.
When it comes to the feed of groups, it works flawlessly, all I have to do is fetch the following :
graph.facebook.com/$group_id/feed?limit={feedLimit}&access_token={access_token}
My access token being comprised of: AppID|AppSecret
However when it comes to fetching the feed of a user (Whose confidentiality settings are set to public of course) all I get is an empty answer. I would've thought it impossible to get such info and stopped there but then I stumbled upon ApiGee. All I have to do then is authenticate as a user (facebook-Authenticated-user) and it works.
Here's an image of it: http://s9.postimg.org/ynq5tar9r/feed.jpg
My question is : "How is that possible? I've read all I could in the docs and I still can't understand how it works. And how can I remedy that?"
Thank you.
The token you are using is an App token (AppId|AppSecret). With the app token you can't really get users personal feeds. With ApiGee you authenticated to get a user token, which can be used to fetch posts on the authenticated user's feed.
Read more about Facebook's access tokens
I'm building an files upload API.
Basically, the user will have to POST the files with his/her api_key + signature to my web service. Then my web service replies back with a JSON response. I'm wondering how can this process work asynchronously?
Assuming that the user POST the request in a form setting the target to an iframe. The JSON response will be sent back to the user on his/her iframe with content type set as "text/html". It is set as "text/html" instead of "application/json" because I want to avoid having a "pre" tag injected by the browser around the JSON response. Anyway, how does the user read that JSON response if the iframe and the parent window have different domain? There is going to be a cross domain policy issue.
Dynamically create "script" tag plus JSONP won't work in this case because I need to POST in order to upload. JSONP only works with GET requests.
Take a look at the 'Upload' example here. It uses Cross Domain messaging to pass the message back to the uploading page, and uses easyXDM to support all browsers.
This post explains how it all works!
Because of Same Origin Policy, browsers wont allow JavaScript in the main frame reading/accessing whatever content in iframe from another domain. In this case, the users will have to use easyXDM or create their own proxy -- by proxy here i mean users will have to write some code on their backend that can communicate with your API such that a post request will go directly to your server, and a get response will get from their own proxy.