0

API Key Question

Is there any way to get an API Key for local testing without a corresponding domain? I want to develop a companion site locally before I push it to an actual server.

Also, do API requests need to come from the domain listed in registration or can I use the same API key for both the local and online versions of my application?

by
3 Replies

  • QUOTE(Jam Master J @ 28 Jul 2011 12:55 PM)
    Is there any way to get an API Key for local testing without a corresponding domain? I want to develop a companion site locally before I push it to an actual server.

    Also, do API requests need to come from the domain listed in registration or can I use the same API key for both the local and online versions of my application?

    I think that you can go down the route of specifying a Client/Desktop project instead of a Web-based one. I don't think that there are restrictions on where the API requests need to come from, nor where you redirect users to after you get them to grant access to your application -- as far as I just tested out, it seems like I can use a Web-based application tied to, say, www.google.com, and still make requests with it even though I haven't verified my domain and am not making requests from that domain. Verification just removes the warning that you're an untrusted application when users hit the flow to grant you access, but I really can't tell if any other security comes into play anywhere else. But people should definitely correct me if they've had different experiences! I haven't had to deal much with making external applications. :)

    Either way, Client/Desktop should work fine for testing.
    0
  • Sorry, I definitely tried to answer this earlier but the forum didn't actually end up posting it.

    If you don't have a domain, you should be able to choose the Client/Desktop option, which doesn't even ask for any domain information. I don't think it should prevent you from doing anything with your application aside from being able to have it show up as verified, which just removes a warning note during the authorization flow. Same answer to your second question -- as far as I've tested out, I don't think it matters that you come from the domain listed in registration. That might change if you actually verify your domain, but that would surprise me. Can anyone else verify?
    0
  • As it turns out, that the domain you register with does matter. The OAuth request token callback URL has to be at the domain you list. Otherwise, yahoo returns a 401 Unauthorized. You can optionally omit the callback URL and treat it as an OOB request, but then you will have to manually take the request token and insert it into your application in order to move along in the OAuth process.

    If only I knew this 6 hours ago : \

    QUOTE(Sean Montgomery @ 4 Aug 2011 10:39 PM)
    Sorry, I definitely tried to answer this earlier but the forum didn't actually end up posting it.

    If you don't have a domain, you should be able to choose the Client/Desktop option, which doesn't even ask for any domain information. I don't think it should prevent you from doing anything with your application aside from being able to have it show up as verified, which just removes a warning note during the authorization flow. Same answer to your second question -- as far as I've tested out, I don't think it matters that you come from the domain listed in registration. That might change if you actually verify your domain, but that would surprise me. Can anyone else verify?
    0
  • Hi everyone

    I am try to get contact yahoo friends by API now when i try i meet message as : Error : making the request failed (Peer certificate cannot be authenticated with known CA certificates) . while g or fb is ok . So i think may be have some permission with any one that i unknown . that all code i get from https://github.com/andacata/HybridIgniter/tree/master/application . plz help me . Thanks

    0

Recent Posts

in Fantasy Sports API