On the API console, I only see the API key for self-use. But the most of the documentation makes a reference to a secret key either while forming the CB-ACCESS-SIGN or initializing an auth object.
Should I instead create an OAuth application even if it's for self-use? Appreciate any help.
Finally found out that Coinbase only shows you the secret once during the key creation. If you don't save it, then you would have to delete the existing one and recreate it, which is what I did to solve this issue.
Related
just a bit confused as i found both solutions after a day of research.
some suggest to use "pip install dj-stripe" and add keys and other options in "settings.py". Then the script in frontend to get redirect button
and some suggest the use of "npm install --save #stripe/react-stripe-js #stripe/stripe-js", and add keys in "app.js" or a designated js file.
i would like to know if it differs (security ,efficiency,.. wise), or is there a concrete way of doing it (best practice way) and how,
thank you.
Both, depending on which key your referring to.
Publishable API keys are meant solely to identify your account with
Stripe, they aren’t secret. In other words, you can safely publish
them in places like your Stripe.js JavaScript code, or in an Android
or iPhone app.
Secret You must keep your secret API keys confidential
and only store them on your own servers. You must not share your
secret API key with any third parties. Your account’s secret API key
can perform any API request to Stripe without restriction. If Stripe
believes that your secret API key has been compromised, we may cancel
and reissue it, potentially resulting in an interruption to your
Stripe services.
I created a Gmail account for development and enabled the APIs for developer console. I generated one API key which I used in my application but now I forgot the Id that I used. I have to upgrade the plan for APIs but for this, I need the Gmail Id. Is there any way I can get the Id?
Ok, So after I have tried different options I was standing in the same position. So I dig all into my accounts and luckily my recovery email id was one of them, so I searched for all the emails from Google having the subject as Security your linked Google Account and sender as no-reply#accounts.google.com this will give you all the Ids associated with it.
The only workaround to fix the issue is to contact "Google API support team"
Just Go to the given link and raise your issue. They will assist you further steps to follow. https://support.google.com/googleapi/?hl=en#topic=7014522
I hope this will help you :)
Cloudant provides an API for creating API keys by issuing a POST to /_api/v2/api_keys
https://docs.cloudant.com/authorization.html#creating-api-keys
However, I do not see any documentation which states that an API Key can be deleted, so my assumption is that instead, you just remove the key from the authorization list of all your databases and stop using it.
Is that the correct approach?
You can remove an API key from the dashboard by going to Databases -> Permissions. Hover over the API key you would like to delete and click the "X" that appears once you are hovered over the API key.
To remove an API key using the Cloudant API, you will need to issue an HTTP PUT to the _security API endpoint providing an updated list of usernames that does not include the API key you would like to delete. See the API documentation on modifying permissions.
While the other answer is useful on its own, it doesn't actually answer the question, which is specifically about the possibility to delete an API key and not just remove it from the authorization list.
From the documentation:
By removing the API key from the list of users that have access permissions, the effect is to delete the API key.
So it does seem that there's no way to completely delete an API key, and removing it is indeed the right approach. Since an API key without any permissions can't do anything, it doesn't really matter.
I'm looking at using the Angular Azure Mobile Service Client for a project, I saw this sample code:
angular.module('your-module-name').constant('AzureMobileServiceClient', {
API_URL : 'https://<your-api-url>.azure-mobile.net/',
API_KEY : '<your-api-key>',
});
Is it safe to use the API Key in an AngularJS app like this (or any JavaScript based client)? I'm unsure what someone could potentially do if they had this key?
Found this in the Azure Mobile Services documentation:
With default permissions, anyone with the app key may call the custom
API. However, the application key is not considered a secure
credential because it may not be distributed or stored securely.
Consider restricting access to only authenticated users for additional
security.
It is'Safe' depending on what you are trying to do. Javascript and any keys in it can be read by everyone. This is key is not meant to be used as a password to access important information. Instead it is made to prevent malevolent abuse of your application.
For example if someone is trying to log in 1,000 times per second with every possible password/username combination, they are submitting this key with each request. So you could throttle, or block anyone using this key. Then you would issue a new key to your apps. If you have a system for issuing those keys you might even identify the person that was doing it.
It can stop DDOS, Bruteforce, and some other abuses
I wonder how we can renew the Amazon merchant API key.
Is there an API call for this, or what is the procedure?
I googled a great amount but only find the procedure to request the first key, which does not work anymore if you are already using the API
We have the old data and are using them but it was compromised, so we need at least a new secret key.
Is this even possible?
There is a forum message which seems to answer it https://sellercentral.amazon.com/forums/message.jspa?messageID=3015879
"Yes, you can change your MWS secret key. Whenever you want to do that we will delete your MWS secret key from our end, and then you can sign up for MWS again to get new secret key through this link
https://developer.amazonservices.com/index.html/182-5557423-3858158 "
There is now no way to reset your own keys (that I can see). Instead you need to contact MWS support and ask them to do it for you.
This can be done via:
https://sellercentral.amazon.com/gp/mws/contactus.html
https://sellercentral-europe.amazon.com/gp/mws/contactus.html
If you put something like "URGENT - MWS Keys Compromised" in the subject line then they should respond quickly!