Their documentation is not clear at all
There is nothing at all anywhere on the site labeled as the "API Key" but there is
consumer_key:
consumer_secret:
token:
token_secret:
You can get the consumer_key and consumer_secret after registering a new app at Tumblr here (it is called OAuth Consumer Key and there is a link below to get the Secret key of the app).
The token and token_secret keys are generated after allowing access of an app to a Tumblr account. They will be returned as parameters after returning to the callback script.
If you have already registered your app and are looking for your keys you can find it at - https://www.tumblr.com/oauth/apps , it will be a list of your apps with their consumer keys and a toggle to reveal their secret keys.
Related
Is there a way to request a new secret key for Facebook via the facebook API? Essentially I would be using my own secret key to request a NEW secret key, for key rotation purposes.
I looked through the Facebook API documentation but could not find anything about this operation. I suspect they won't support it, but I would just like to confirm that there isn't an automatable way to rotate your API keys? Thanks!
I assume you mean "Access Token" when you say "Key", and you are talking about "User Access Tokens"? That´s not possible, you can only get a new User Token on user interaction. More information:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
Not sure what you mean with key rotation, but the User Token is the only "Key" that can´t be valid forever, so i guess that´s what you are talking about...
Edit: Seems that you are indeed talking about the "App Secret", which can not be changed with the API but you can change it in your App settings. A rotation only makes sense if someone got your App Secret by accident or if some security issue happened. Better read this and only allow API calls server side: https://developers.facebook.com/docs/graph-api/securing-requests#appsecret_proof
this might seem like a repeat of a question that has been answered elsewhere, but I have ran into those answers and they're not helping...
so I keep getting this response (from https://graph.facebook.com/oauth/access_token) on my final part of the oauth login process (I've acquired the "code" received after approving the app via the facebook authorization dialog):
{"error":{"message":"Error validating login secret. Since your application has a login secret in addition to a secret key, you must use the login secret and not the secret key with OAuth.","type":"OAuthException"}}
other answers to this question are mentioning disabling the 'Forces use of login secret for OAuth call and for auth.login' option in the app settings. however that option is not in my settings (settings->advanced). the same issue is mentioned here not able to get the access token
"login secret" as a concept is not being mentioned anywhere in the facebook api docs.
anyone have any ideas? I would really appreciate it...
thank you
addition:
Im not using any library but instead directly communicating with the FB api via python
I guess you are using old api, try downloading latest version form here.
Now fb do not have secret key concept.
well I'm just wondering where the facebook api key went, now all I see is the secret and the app id. But nowhere can I find the api key
The app ID and API key are the same thing. If you go to the Developer app and click on one of your applications, you'll see the label is "App ID/API Key".
I'm developing an mobile app on the iPhone.
After creating an app on Facebook/Twitter, I received 2 keys:
Facebook call them as app ID and app Secret
Twitter call them as consumer Key and consumer Secret
When I use OAuth authorization as some tutorials on Google, my app must provide both keys to proceed. I'm confused as to why it needs 2 keys. As their names (id and secret), I guess that their roles is equal to public/private keys pair in Linux. But I must provide both 2 keys so that my app proceeds.
I want to place the secret key in my own Apache/PHP server, the secret place, not in my app's code. My app is only responsible for authorization, then my server proceed with other tasks, as posting,...
The app id and consumer key are identifiers of your app. The secret is what you share with the service provider in order to authenticate requests and such. Like a username (identifier) and password (secret).
The secret must not be shared - this is in the developer policies. Doing so would allow other to access the data of your app users which would obviously be a serious privacy breach. So you are right to plan on keeping it out of sight. Your app id is publicly available to anyone, so you can put that where you want/need.
AppID is used for authentication, appSecrect is used for other tasks.
Consider these two documents of Facebook and Twitter about authentication for web app for more detail:
http://developers.facebook.com/docs/guides/web/#login
https://dev.twitter.com/docs/auth/oauth
Consider this flow for an implementation Facebook/Twitter app on mobile if you have an own server for the secret:
OAuth Twitter with only Consumer Key (not use Consumer Secret) on iPhone and android
I've setup an application for my site via facebook & unlike other screenshots I have seen on the web where it shows an API key, I DO NOT have one.... all I have shown is "Application ID", followed by "Application Secret"..... so was wondering if the App ID is the same as the API key? As I am using the App ID with another WP plugin?
APP ID, APP KEY and APP Secret are three different things.
APP ID is a unique number(integer) for each application on facebook.
The following URL link should land you on your application dashboard page, where you can see all the application which you have created on facebook. After that, click on the application name which you have created recently and you should be see your application id, key, secret and other settings.
:)
UPDATED, PLEASE READ BELOW:
As of 2011 APP ID and API KEY is now the same value, and is listed as such under the label App ID/API Key on the app details and settings page.
App ID and API Key were different before. But since the introduction of the new Developer dashboard. They are now the same.
You now can use App ID where your code requires API Key.
You can in fact still get an API key via public FQL query:
https://api.facebook.com/method/fql.query?query=select+app_id,api_key,+canvas_name,+display_name+from+application+where+app_id+%3D+'enterYourAppIdHere'
You can still get the API Key.
Go to http://facebook.com/developers/apps.php
You can find API key, API ID and APP secret of your facebook apps.
Go to https://developers.facebook.com/apps/.
You can see App ID and App Key is same and it is numeric and App Secret is associated with app key.