Security and Access Token

[A H]

Hello!

I'm new to React and trying to build a project that interfaces with GG API; it's my first time using a 3rd party API, so I'm a little confused on a few things.

1) According to the API tutorial, it seems like I need to get an Access Token whenever I first load the app? I'm confused why it's needed or how to use it in subsequent API calls because the access token doesn't seem to show up in any of the GET examples. Would someone mind clarifying this for me?

2) Any suggestions on how to get the Access Token without putting my login information into my code? Right now, I'm following the fetch() version of the cURL example as follows:

const requestOptions = {

    method: 'POST',

    headers: { 'Accept': 'application/json', 'Content-Type': 'application/json' },

    body: JSON.stringify({ auth_request: {user: {email:'xxx@xxx',

              password:'xxxx'},

         api_key: 'xxxxx'}})

  };

This means anyone can just get my login information from the source code. Also is it advisable to make the Token inaccessible; if so, how might I do that?

I would greatly appreciate any clarification y'all have on this. It's okay if the answers aren't specifically for React, I can extrapolate!

Thank you very much in advance!

A

[Kevin Conroy]

Hi A,

1) Not all API calls require an access token, but we include it first in the documentation to help ensure that everyone knows how to generate a token.

2) The code that makes the API call to GlobalGiving could be run from the server-side and you can store the API keys and password there.

Hope this helps!

Kevin Conroy
Chief Product Officer
____

--
You received this message because you are subscribed to the Google Groups "GlobalGiving API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to globalgiving-a...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/globalgiving-api/ca9bd21e-b8a4-41f0-be30-ad093096b53bn%40googlegroups.com.

[A H]

Thanks so much for getting back to me quickly!

I see now that most of the API calls are "public" and the token is only needed for "secure" calls. Sorry for missing that!

On a different note, I'm wondering if any of the "recognition" badges are able to searched or surfaced through the API? i.e. "site visit verified", "vetted", "most effective", "highest ranked", etc.

Let me know if you'd prefer that I make this a new conversation, since it's a different topic:)

Thanks again!

-A

[Kevin Conroy]

Hi A,

At this time, the badge data is not available via the API, but we'll add this as a requested feature.

Thanks,

Kevin

[A H]

Ah okay, no problem. Thanks again, Kevin!

[Boppadapu Sai Teja]

Hey kelvin,

I'm new to here can you please where can i get the API key actually i'm fighting with the website to get it...

please let me know the actual process to get it.

[Jacob Christensen]

Hello!

It looks like there is an API key ending in xx66d764 registered to the email boppad...@gmail.com and you should be able to use that to access our API. 

You should be able to view that key within your GlobalGiving account, but if not, you could sign up for a new one here.

With Gratitude,

Jacob Christensen 🔊 (He/Him)

Business Partnerships Manager, Technology Solutions

Working Time Zone: EST (UTC - 5)

_______ 

 

GlobalGiving.org 

* Upcoming PTO/Holidays: May 29th, June 12th-13th, June 19th, June 26th, July 3rd-4th

--

You received this message because you are subscribed to the Google Groups "GlobalGiving API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to globalgiving-a...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/globalgiving-api/f28643d9-8d57-4b62-a9b2-1137e9c30498n%40googlegroups.com.