0

How to hide my API Key in a YQL query?

I have a YQL query which returns JSON from a web service URL:

CODE
SELECT
*
FROM
json
WHERE
url="http://www.bungie.net/api/reach/reachapijson.svc/file/videos/{BungieAPIKey}/cbjoe/0"


How can I use a YQL query to return the JSON from this URL, while making my API Key secret or less obvious? Is it impossible to do?

I want to keep my API key "{BungieAPIKey}" secret, or at least make it a parameter "@BungieAPIKey" so I can hide it slightly within a query alias.

by
3 Replies
  • QUOTE (Tim @ Oct 1 2010, 09:15 AM) <{POST_SNAPBACK}>
    I have a YQL query which returns JSON from a web service URL:

    CODE
    SELECT
    *
    FROM
    json
    WHERE
    url="http://www.bungie.net/api/reach/reachapijson.svc/file/videos/{BungieAPIKey}/cbjoe/0"


    How can I use a YQL query to return the JSON from this URL, while making my API Key secret or less obvious? Is it impossible to do?

    I want to keep my API key "{BungieAPIKey}" secret, or at least make it a parameter "@BungieAPIKey" so I can hide it slightly within a query alias.


    http://developer.yahoo.com/yql/guide/yql-s...key-values.html

    Basically, create an environment table using your api key, use yql storage to store the environment file in the hosted story, include the environment file and access it with @API

    Have not tested this myself but I think it would work.

    HTH
    -balaji
    0
  • Thanks, Balaji, but I think that is impossible.

    Can you show me what the YQL query would look like? It seems to be impossible to use parameters with a url WHERE clause. Perhaps there is some other way of doing this, other than SELECT * FROM json.

    The strategy that you outline does not work for my query, if you think it through in slightly more detail.

    Can anybody help?
    0
  • QUOTE (Tim @ Oct 1 2010, 09:15 AM) <{POST_SNAPBACK}>
    I have a YQL query which returns JSON from a web service URL:

    CODE
    SELECT
    *
    FROM
    json
    WHERE
    url="http://www.bungie.net/api/reach/reachapijson.svc/file/videos/{BungieAPIKey}/cbjoe/0"


    How can I use a YQL query to return the JSON from this URL, while making my API Key secret or less obvious? Is it impossible to do?

    I want to keep my API key "{BungieAPIKey}" secret, or at least make it a parameter "@BungieAPIKey" so I can hide it slightly within a query alias.


    Hi Tim,

    Here is a detailed process to accomplish this using YQL Storage


    Hi Tim,

    One way to accomplish this is by using the uritemplate table which lets you create arbitrary URLs from templates like the one you mention.

    example:
    CODE
    select url from uritemplate where template='http://bungie.net/videos/{BungieAPIKey}/{user}/{page}' and BungieAPIKey='key' and user='foo' and page='bar'


    Once you have the URL you can use the JSON table to curl the URL

    CODE
    select * from json where url in (select url from uritemplate where template='http://bungie.net/videos/{BungieAPIKey}/{user}/{page}' and BungieAPIKey='key' and user='foo' and page='bar')


    Now once you have this working, lets look at what needs to be done to make the API key a secret. To do that you could have to create a store table entry which contains the following

    CODE
    "SET BungieAPIKey='secret' on uritemplate;"


    Insert this into the yql.storage as described in the docs or the link and use the execute key that is returned to run your query.

    CODE
    http://developer.yahoo.com/yql/console?env=YOUR_STORE_ENTRY

    The query doesn't need the api key anymore so you can run

    CODE
     select * from json where url in (select url from uritemplate where template='http://bungie.net/videos/{BungieAPIKey}/{user}/{page}'  and user='foo' and page='bar')


    Hope that helps

    Nagesh
    0

Recent Posts

in YQL