YouTube Data API v3 - Browser Credential Needed

[Zachary Trabookis]

After following these directions on http://edx.readthedocs.org/projects/edx-installing-configuring-and-running/en/named-release-cypress/configuration/youtube_api.html#get-a-youtube-api-key for latest cypress release created a YouTube API key for my version of Open edX.  The edX instructions for creating this YouTube API credential refer you to Google's site (https://developers.google.com/youtube/registering_an_application#Create_API_Keys) where I could choose from two website options Server or Browser keys.

Server keys
Create and use a server key if your application runs on a server. Do not use this
  key outside of your server code. For example, do not embed it in a web page. To prevent quota
  theft, restrict your key so that requests are only allowed from your servers' source IP
  addresses.

Browser keys
Create and use a browser key if your application runs on a client, such as a web
  browser. To prevent your key from being used on unauthorized sites, only allow referrals from
  domains you administer.

I made the mistake of using the YouTube Server API key (created from https://console.developers.google.com/project/edx-dev/apiui/credential) and it produced the following error when I viewed the video in the course.  It looks like when calling the googleapis.com URL that it passes in the /edx/app/edxapp/{cms,lms}.auth.json YOUTUBE_API_KEY setting which Google suggests to keep this ID safe.

// Received the following JSON response (403 Forbidden)

{
 "error": {
  "errors": [
   {
    "domain": "usageLimits",
    "reason": "ipRefererBlocked",
    "message": "There is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your API key configuration if request from this IP or referer should be allowed.",
    "extendedHelp": "https://console.developers.google.com"
   }
  ],
  "code": 403,
  "message": "There is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your API key configuration if request from this IP or referer should be allowed."
 }
}

After further review I changed to YouTube Data API v3 Browser key (with HTTP referer - *.{LMS URL}/* (e.g. *.example.com/*)) and now I'm receiving a HTTP 200 Successful response with valid JSON information.

Also there is no warning in the Browser console for www.googleapis.com request. 

Can someone from edX update the http://edx.readthedocs.org/projects/edx-installing-configuring-and-running/en/named-release-cypress/configuration/youtube_api.html#get-a-youtube-api-key to say create Browser API key so others won't make the same mistake too?

Zach

[David Baumgold]

Hey Zach, the documentation on ReadTheDocs is maintained in the edx-documentation repository, which is open source and accepts pull requests from the Open edX community. I've made PR #561 to that repository, with the change you suggested. Can you please review it, and make sure that my change is what you had in mind? If not, you can make your own pull request to the documentation repository, and I'll close mine.

David Baumgold