Print

Print


That’s right. Any javascript, and requests generated from javascript, running in the browser can be intercepted by the user.

In case an example is of any use: with this javascript bookmarklet: https://github.com/ostephens/sherpa-it <https://github.com/ostephens/sherpa-it> I built a php script which does the actual request to the authenticated API (in this case the Sherpa Romeo API http://www.sherpa.ac.uk/romeo/apimanual.php?la=en&fIDnum=%7C&mode=simple <http://www.sherpa.ac.uk/romeo/apimanual.php?la=en&fIDnum=|&mode=simple>). The Javascript passes information from the web page to the php script, and the PHP makes the API request, then returns the information found to the javascript for display.

Owen

Owen Stephens
Owen Stephens Consulting
Web: http://www.ostephens.com
Email: [log in to unmask]
Telephone: 0121 288 6936

> On 15 Dec 2017, at 14:50, Cynthia Harper <[log in to unmask]> wrote:
> 
> Would I be correct in my understanding that if you require hiding the data in POSTs, you cannot do that in straight browser Javascript, but would require some server-side coding?
> 
> Cindy
> 
> -----Original Message-----
> From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of Brad Coffield
> Sent: Friday, December 15, 2017 9:33 AM
> To: [log in to unmask]
> Subject: Re: [CODE4LIB] `APIs for Librarians` -- A thing I've been doing that I'd like to share with you all
> 
> Hi Randy,
> 
> Good question. In this case, it does seem to be acceptable to use it in such a public way. They do seem to be rolling out changes to authentication for certain portions of their APIs. For instance, in LibGuides, if you want to work with AZ resources (typically your database list) you need to use oauth. "The LibApps v1.2 API uses oAuth 2.0 for authentication and supports the Client Credentials grant type." It supports GET and POST. Their other endpoints are all GET, and working with them in the above way is acceptable. My guess is because they are all GET, but I don't know.
> 
> Have a good one!
> 
> Brad
> 
> On Fri, Dec 15, 2017 at 9:12 AM, Stern, Randy <[log in to unmask]>
> wrote:
> 
>> Hi Brad,
>> 
>> This looks like a useful resource. I do have a question. Not knowing 
>> much about Springshare APIs, I see that your example includes a line 
>> of code
>> 
>> $.getJSON('https://lgapi-us.libapps.com/1.1/guides?site_
>> id=foo1&key=foo2&status=1', function (result) {
>> 
>> that seems to expose a key (foo2) to public viewing. Is that key 
>> supposed to be a secret key that is not made public? Or is it OK to 
>> have it publicly exposed?
>> 
>> - Randy
>> 
>> 
>> 
>> Date:    Thu, 14 Dec 2017 08:46:40 -0500
>> From:    Brad Coffield <[log in to unmask]<mailto:
>> [log in to unmask]>>
>> Subject: Re: `APIs for Librarians` -- A thing I've been doing that I'd 
>> like to share with you all
>> 
>> Happy to hear it! If I can help at all, feel free to email me directly.
>> 
>> Brad
>> 
>> On Thu, Dec 14, 2017 at 2:03 AM, Patricia Farnan < 
>> [log in to unmask]<mailto:[log in to unmask]>>
>> wrote:
>> 
>> Hi,
>> 
>> This looks like a great resource for someone like me who isn't a 
>> developer but wants to learn more about making use of APIs. Thanks for sharing!
>> 
>> Patricia Farnan  | Application Administrator, Discovery Services 
>> University Library  | St Teresa’s Library
>> 
>> Telephone: +61 8 9433 0707 | Email: [log in to unmask]<mailto:
>> [log in to unmask]>
>> 
>> -----Original Message-----
>> From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of 
>> Brad Coffield
>> Sent: Tuesday, 12 December 2017 3:53 AM
>> To: [log in to unmask]<mailto:[log in to unmask]>
>> Subject: [CODE4LIB] `APIs for Librarians` -- A thing I've been doing 
>> that I'd like to share with you all
>> 
>> Hi everyone,
>> 
>> I want to help people easily use web APIs to enhance their library 
>> websites and/or research guides. So, I made a site that has 
>> copy/pasteable code along with instructions on how to implement it 
>> (like what exactly to change in the code to make it work with their 
>> libguides system, for example).
>> 
>> It's a project in ongoing development and I wanted to share it with 
>> you all
>> because:
>>      * You're nifty
>>      * Some (hopefully many!) of you might be interested in using 
>> some of my code
>>      * Some of you might be interested in contributing new pieces to 
>> the site
>> 
>> Currently I have implementations for various Springshare products, 
>> Quotes.net, and a variety of collections from the Internet Archive. I 
>> have plans on making things for the New York Times, Wordnik, OCLC, and 
>> Chronicling America (from LOC).
>> 
>> Would love to hear comments. I hope you like it.
>> 
>> https://www.bradcoffield.com/APIs-for-librarians/
>> 
>> 
>> Brad
>> 
>> 
>> --
>> Brad Coffield, MLIS
>> Assistant Information and Web Services Librarian Saint Francis 
>> University
>> 814-472-3315 <(814)%20472-3315>
>> [log in to unmask]<mailto:[log in to unmask]>
>> IMPORTANT: This e-mail and any attachments may be confidential. If you 
>> are not the intended recipient you should not disclose, copy, 
>> disseminate or otherwise use the information contained in it. If you 
>> have received this e-mail in error, please notify us immediately by 
>> return e-mail and delete or destroy the document. Confidential and 
>> legal privilege are not waived or lost by reason of mistaken delivery 
>> to you. The University of Notre Dame Australia is not responsible for 
>> any changes made to a document other than those made by the 
>> University. Before opening or using attachments please check them for 
>> viruses and defects. Our liability is limited to re-supplying any affected attachments.
>> 
>> 
>> 
>> 
>> --
>> Brad Coffield, MLIS
>> Assistant Information and Web Services Librarian Saint Francis 
>> University
>> 814-472-3315
>> [log in to unmask]<mailto:[log in to unmask]>
>> 
>> ------------------------------
>> 
>> 
> 
> 
> --
> Brad Coffield, MLIS
> Assistant Information and Web Services Librarian Saint Francis University
> 814-472-3315
> [log in to unmask]