One would need to be careful in LibApps (LibGuides, LibCal, etc) when setting the scope for the "application" that gives you the client id and secret. You could easily set it to have write access, in which case that id/secret pair will let anyone change your data.
I just finished (to beta at least) a project using the LibCal API, and decided to keep my id and secret in a PHP file that returns an OAuth token. Here's a Stack Overflow answer showing the basic PHP code that can be used to make the request:
https://stackoverflow.com/questions/2138527/php-curl-http-post-sample-code#2138534
Joel Marchesoni
-----Original Message-----
From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of Tom Keays
Sent: Friday, December 15, 2017 14:28
To: [log in to unmask]
Subject: Re: [CODE4LIB] `APIs for Librarians` -- A thing I've been doing that I'd like to share with you all
If I'm building an app using an API that allows the full range of CRUD operators to be performed, there's going to be some authentication needed to allow that. I'd enclose all that in, say, a PHP wrapper so the calls and authentication details are safely hidden.
If the API is just read-only, like the LibApps APIs, then there is less concern about exposing the keys. With LibApps, the "keys" are just identifiers so you know what library, what service, etc.
On Fri, Dec 15, 2017 at 9:50 AM, Cynthia Harper <[log in to unmask]> wrote:
> Would I be correct in my understanding that if you require hiding the
> data in POSTs, you cannot do that in straight browser Javascript, but
> would require some server-side coding?
>
> Cindy
>
> -----Original Message-----
> From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of
> Brad Coffield
> Sent: Friday, December 15, 2017 9:33 AM
> To: [log in to unmask]
> Subject: Re: [CODE4LIB] `APIs for Librarians` -- A thing I've been
> doing that I'd like to share with you all
>
> Hi Randy,
>
> Good question. In this case, it does seem to be acceptable to use it
> in such a public way. They do seem to be rolling out changes to
> authentication for certain portions of their APIs. For instance, in
> LibGuides, if you want to work with AZ resources (typically your
> database list) you need to use oauth. "The LibApps v1.2 API uses oAuth
> 2.0 for authentication and supports the Client Credentials grant
> type." It supports GET and POST. Their other endpoints are all GET,
> and working with them in the above way is acceptable. My guess is because they are all GET, but I don't know.
>
> Have a good one!
>
> Brad
>
> On Fri, Dec 15, 2017 at 9:12 AM, Stern, Randy
> <[log in to unmask]>
> wrote:
>
> > Hi Brad,
> >
> > This looks like a useful resource. I do have a question. Not knowing
> > much about Springshare APIs, I see that your example includes a line
> > of code
> >
> > $.getJSON('https://lgapi-us.libapps.com/1.1/guides?site_
> > id=foo1&key=foo2&status=1', function (result) {
> >
> > that seems to expose a key (foo2) to public viewing. Is that key
> > supposed to be a secret key that is not made public? Or is it OK to
> > have it publicly exposed?
> >
> > - Randy
> >
> >
> >
> > Date: Thu, 14 Dec 2017 08:46:40 -0500
> > From: Brad Coffield <[log in to unmask]<mailto:
> > [log in to unmask]>>
> > Subject: Re: `APIs for Librarians` -- A thing I've been doing that
> > I'd like to share with you all
> >
> > Happy to hear it! If I can help at all, feel free to email me directly.
> >
> > Brad
> >
> > On Thu, Dec 14, 2017 at 2:03 AM, Patricia Farnan <
> > [log in to unmask]<mailto:[log in to unmask]>>
> > wrote:
> >
> > Hi,
> >
> > This looks like a great resource for someone like me who isn't a
> > developer but wants to learn more about making use of APIs. Thanks
> > for
> sharing!
> >
> > Patricia Farnan | Application Administrator, Discovery Services
> > University Library | St Teresa’s Library
> >
> > Telephone: +61 8 9433 0707 | Email: [log in to unmask]<mailto:
> > [log in to unmask]>
> >
> > -----Original Message-----
> > From: Code for Libraries [mailto:[log in to unmask]] On Behalf
> > Of Brad Coffield
> > Sent: Tuesday, 12 December 2017 3:53 AM
> > To: [log in to unmask]<mailto:[log in to unmask]>
> > Subject: [CODE4LIB] `APIs for Librarians` -- A thing I've been doing
> > that I'd like to share with you all
> >
> > Hi everyone,
> >
> > I want to help people easily use web APIs to enhance their library
> > websites and/or research guides. So, I made a site that has
> > copy/pasteable code along with instructions on how to implement it
> > (like what exactly to change in the code to make it work with their
> > libguides system, for example).
> >
> > It's a project in ongoing development and I wanted to share it with
> > you all
> > because:
> > * You're nifty
> > * Some (hopefully many!) of you might be interested in using
> > some of my code
> > * Some of you might be interested in contributing new pieces
> > to the site
> >
> > Currently I have implementations for various Springshare products,
> > Quotes.net, and a variety of collections from the Internet Archive.
> > I have plans on making things for the New York Times, Wordnik, OCLC,
> > and Chronicling America (from LOC).
> >
> > Would love to hear comments. I hope you like it.
> >
> > https://www.bradcoffield.com/APIs-for-librarians/
> >
> >
> > Brad
> >
> >
> > --
> > Brad Coffield, MLIS
> > Assistant Information and Web Services Librarian Saint Francis
> > University
> > 814-472-3315 <(814)%20472-3315>
> > [log in to unmask]<mailto:[log in to unmask]>
> > IMPORTANT: This e-mail and any attachments may be confidential. If
> > you are not the intended recipient you should not disclose, copy,
> > disseminate or otherwise use the information contained in it. If you
> > have received this e-mail in error, please notify us immediately by
> > return e-mail and delete or destroy the document. Confidential and
> > legal privilege are not waived or lost by reason of mistaken
> > delivery to you. The University of Notre Dame Australia is not
> > responsible for any changes made to a document other than those made
> > by the University. Before opening or using attachments please check
> > them for viruses and defects. Our liability is limited to
> > re-supplying any
> affected attachments.
> >
> >
> >
> >
> > --
> > Brad Coffield, MLIS
> > Assistant Information and Web Services Librarian Saint Francis
> > University
> > 814-472-3315
> > [log in to unmask]<mailto:[log in to unmask]>
> >
> > ------------------------------
> >
> >
>
>
> --
> Brad Coffield, MLIS
> Assistant Information and Web Services Librarian Saint Francis
> University
> 814-472-3315
> [log in to unmask]
>
|