Does anyone know if it's legal to use Google suggestqueries in a commercial product ?
As I'm using the open stream of the ajax jsonp request https://suggestqueries.google.com/complete/search?callb.... in searchengine based product.
No - it can't be legally used and the search team changes the endpoint every now and then so apps can't abuse it , however there are wrapper services which emulate / Gather data from the endpoints through their own means - http://keywordtool.io/api is an example of that
Related
I've been digging through Microsoft's API pages (both the REST APIs and the Graph APIs) - but I'm having a hard time finding out if there is any way to access Microsoft Access through an API.
I'd like to be able to make an API call to get like the list of rows in a particular table or query for the list of tables altogether - or, on the flip side, add a row to an existing table. (Edit: I'd like to do this via REST calls and allow users to connect accounts so that many different people could access these things on their own). Does anyone know if this is possible? I'd super appreciate any links to any API docs or examples y'all have ^.^
For reference, I've been looking primarily at these two places:
https://learn.microsoft.com/en-us/graph/api/overview?view=graph-rest-1.0
https://learn.microsoft.com/en-us/office/client-developer/access/access-home
Access doesn't provide any functionality to directly access the data from a HTTP endpoint (REST API). It can only function as a database(backend) in this scenario and you would need to look into other solutions to get the data from the database and provide it from a HTTP endpoint (REST API).
If you're looking to use Microsoft technologies for this solution, then you can look into ASP.NET Core to provide the Web API functionality.
You'll need the Access Data Provider to be able to access data in a MS Access database, which as far as I know runs only on a Windows OS.
From the official tutorials on https://community.algolia.com/instantsearch.js/, Algolia requires you to code the key into your application and used with each api request. If someone were to dig this up, what's to prevent them from spamming search requests with your api key?
If someone were to dig this up, what's to prevent them from spamming search requests with your api key?
Do you want the cruel truth? Nothing...
Unfortunately in a web app does not exist anyway of securing secrets, be they api-keys, tokens or any other name convention that may be used.
In a web app all is needed is to use F12 or view the page source and search for them in the raw html and JavaScript.
You can try to use JavaScript obfuscation to make it hard to find but will still be easy to reverse engineer. Even in a mobile app that have their code obfuscated and released as a binary is easy to extract this secrets.
If you want to understand a little more about Mobile Api Security Techinques please read this series of articles to find how api-keys, access tokens, HMAC and other techniques can be used and bypassed. While the article was wrote in the context of a mobile API is still valid in a web app context for the security techniques used to protect the API.
Possible Solution
The best approach is to always delegate your web app access to third part API's to a backend you can control.
In this backend you can then use a User Behaviour Analytics(UBA) solution to monitor bad use of this third part access.
Once UBA can be complex and expensive to deploy you could start by using the new Google reCaptcha V3 across all pages of your web app. ReCaptcha V3 does not require direct user interaction once it works on the background to differentiate humans from bots.
So I would have the web app requesting the Agolia search to my backend that would use reCaptcha V3 protection to differentiate abuse in the search functionality by bots or attackers.
Remember that this approach has the huge benefit of never reveal your Agolia API Key, thus attackers can never directly use it.
I work for an ecommerce site and we are looking to expose much of our core functionality via a set of APIs. We plan on re-writing some of our own public facing applications (e.g. the main shop website and our mobile app) to call these new APIs also. We also want to offer some of these APIs out to third-parties who want to integrate with us.
My first question is - what is a suitable authentication method for these APIs? Everything I read is about OAuth, but am I right in saying that this doesn't fit in this case as we're not looking to use another log in system (e.g. Facebook, Google) but rather restrict access to our own API (so maybe an API key or JWT solution would be better?)
Secondly, our current website has it's own user accounts system. How do you offer /user endpoints (like GET user/1235/paymentmethods) in an API like this? Surely the actual user (website customer) needs to authenticate somehow in order for the given API consumer to access their data.
I've spent the last 2 days reading about this but I'm at a loss as to how to go about this! Any help much appreciated.
I am working on a commercial application on iPhone that is using google map. I have Google map api premier client id and cryptographic key to use google map for some limited services like "directions".I generated the signature key using this code:
http://code.google.com/p/gmaps-samples/source/browse/trunk/urlsigning/urlsigner.m?spec=svn2498&r=2498
But still the WS claims "too many connections".
Is there any problem for using Google Maps API Premier in iPhone?
Please Help.
Also, you can learn more on the quota on Maps API web services for Business users, here:
https://developers.google.com/maps/documentation/business/faq#usage_limits
Most likely not related to the use of the API from iPhones.
I would suggest that you open a case with Maps API for Business Support Team (new name for Maps API Premier). You can do it under:
http://support.google.com/enterprisehelp/bin/answer.py?hl=en&answer=142858&rd=1
If you don't yet have access you can also submit a request using a form:
http://support.google.com/enterprisehelp/bin/answer.py?hl=en&answer=142246#request
Putting the error messages aside , it seems alarming that you want to use server side geocoding from an iPhone. The problem with this is that you won't be able to scale as your user base grows since your limits are set.
Instead you should try reading on client side geocoding.
There is a really good article that explains how to make this decision:
https://developers.google.com/maps/articles/geocodestrat
"too many connections" does not sound like an error message you might be getting from Google Servers, but rather something to do with the platform. If you contact support they will be able to check that for you.
I hope that helps!
I've never used an API and was wondering how you use them... I would like to use facebook, twitter and vimeo's api,
Can someone explain the basics of using them, how do i access them and use them etc.
Please and thanks
Neil
How to use an API depends on the API. Usually the API creator has documentation on how to use their specific API.
Mostly, things work like the following:
You register to get a developer key. Then, you send requests to the service via HTTP (for example Twitter is using REST, which requires you to send XML or JSON to a specific http-URL providing your key). You get an answer from the service, which you must then parse and react to accordingly (for example filling a list with contacts, etc.).
Most of the time this all comes down to:
Create an XML or JSON document that describes the call parameters
Send the document to an URL using GET, POST or other request methods
Get the server's response
Parse and evaluate the response
The specific ways to use the API, especially performing authentication, can be found on the service's developer pages.
The best way to start if you want to use an API is to read it's documentation, find some tutorials and code examples. This is always/usually published by the one offering an API.
Good luck :)