If I'm building an app using an API that allows the full range of CRUD
operators to be performed, there's going to be some authentication needed
to allow that. I'd enclose all that in, say, a PHP wrapper so the calls and
authentication details are safely hidden.
If the API is just read-only, like the LibApps APIs, then there is less
concern about exposing the keys. With LibApps, the "keys" are just
identifiers so you know what library, what service, etc.
On Fri, Dec 15, 2017 at 9:50 AM, Cynthia Harper <[log in to unmask]> wrote:
> Would I be correct in my understanding that if you require hiding the data
> in POSTs, you cannot do that in straight browser Javascript, but would
> require some server-side coding?
>
> Cindy
>
> -----Original Message-----
> From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of
> Brad Coffield
> Sent: Friday, December 15, 2017 9:33 AM
> To: [log in to unmask]
> Subject: Re: [CODE4LIB] `APIs for Librarians` -- A thing I've been doing
> that I'd like to share with you all
>
> Hi Randy,
>
> Good question. In this case, it does seem to be acceptable to use it in
> such a public way. They do seem to be rolling out changes to authentication
> for certain portions of their APIs. For instance, in LibGuides, if you want
> to work with AZ resources (typically your database list) you need to use
> oauth. "The LibApps v1.2 API uses oAuth 2.0 for authentication and supports
> the Client Credentials grant type." It supports GET and POST. Their other
> endpoints are all GET, and working with them in the above way is
> acceptable. My guess is because they are all GET, but I don't know.
>
> Have a good one!
>
> Brad
>
> On Fri, Dec 15, 2017 at 9:12 AM, Stern, Randy <[log in to unmask]>
> wrote:
>
> > Hi Brad,
> >
> > This looks like a useful resource. I do have a question. Not knowing
> > much about Springshare APIs, I see that your example includes a line
> > of code
> >
> > $.getJSON('https://lgapi-us.libapps.com/1.1/guides?site_
> > id=foo1&key=foo2&status=1', function (result) {
> >
> > that seems to expose a key (foo2) to public viewing. Is that key
> > supposed to be a secret key that is not made public? Or is it OK to
> > have it publicly exposed?
> >
> > - Randy
> >
> >
> >
> > Date: Thu, 14 Dec 2017 08:46:40 -0500
> > From: Brad Coffield <[log in to unmask]<mailto:
> > [log in to unmask]>>
> > Subject: Re: `APIs for Librarians` -- A thing I've been doing that I'd
> > like to share with you all
> >
> > Happy to hear it! If I can help at all, feel free to email me directly.
> >
> > Brad
> >
> > On Thu, Dec 14, 2017 at 2:03 AM, Patricia Farnan <
> > [log in to unmask]<mailto:[log in to unmask]>>
> > wrote:
> >
> > Hi,
> >
> > This looks like a great resource for someone like me who isn't a
> > developer but wants to learn more about making use of APIs. Thanks for
> sharing!
> >
> > Patricia Farnan | Application Administrator, Discovery Services
> > University Library | St Teresa’s Library
> >
> > Telephone: +61 8 9433 0707 | Email: [log in to unmask]<mailto:
> > [log in to unmask]>
> >
> > -----Original Message-----
> > From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of
> > Brad Coffield
> > Sent: Tuesday, 12 December 2017 3:53 AM
> > To: [log in to unmask]<mailto:[log in to unmask]>
> > Subject: [CODE4LIB] `APIs for Librarians` -- A thing I've been doing
> > that I'd like to share with you all
> >
> > Hi everyone,
> >
> > I want to help people easily use web APIs to enhance their library
> > websites and/or research guides. So, I made a site that has
> > copy/pasteable code along with instructions on how to implement it
> > (like what exactly to change in the code to make it work with their
> > libguides system, for example).
> >
> > It's a project in ongoing development and I wanted to share it with
> > you all
> > because:
> > * You're nifty
> > * Some (hopefully many!) of you might be interested in using
> > some of my code
> > * Some of you might be interested in contributing new pieces to
> > the site
> >
> > Currently I have implementations for various Springshare products,
> > Quotes.net, and a variety of collections from the Internet Archive. I
> > have plans on making things for the New York Times, Wordnik, OCLC, and
> > Chronicling America (from LOC).
> >
> > Would love to hear comments. I hope you like it.
> >
> > https://www.bradcoffield.com/APIs-for-librarians/
> >
> >
> > Brad
> >
> >
> > --
> > Brad Coffield, MLIS
> > Assistant Information and Web Services Librarian Saint Francis
> > University
> > 814-472-3315 <(814)%20472-3315>
> > [log in to unmask]<mailto:[log in to unmask]>
> > IMPORTANT: This e-mail and any attachments may be confidential. If you
> > are not the intended recipient you should not disclose, copy,
> > disseminate or otherwise use the information contained in it. If you
> > have received this e-mail in error, please notify us immediately by
> > return e-mail and delete or destroy the document. Confidential and
> > legal privilege are not waived or lost by reason of mistaken delivery
> > to you. The University of Notre Dame Australia is not responsible for
> > any changes made to a document other than those made by the
> > University. Before opening or using attachments please check them for
> > viruses and defects. Our liability is limited to re-supplying any
> affected attachments.
> >
> >
> >
> >
> > --
> > Brad Coffield, MLIS
> > Assistant Information and Web Services Librarian Saint Francis
> > University
> > 814-472-3315
> > [log in to unmask]<mailto:[log in to unmask]>
> >
> > ------------------------------
> >
> >
>
>
> --
> Brad Coffield, MLIS
> Assistant Information and Web Services Librarian Saint Francis University
> 814-472-3315
> [log in to unmask]
>
|