someone helped me with webscraping using tracker.gg's API and puppeteer but since the season change, the API returns this error message
{"errors":[{"code":"CollectorResultStatus::InvalidParameters","message":"One of the provide parameters is invalid.","data":{}}]}
when it used to return an array with all the data needed for the program.
Can anybody help me find the right website for the new season's statistics ?
I'm aware that this post is old but, you can always retrieve the specific endpoints that they retrieve from their own backend systems to the frontend page you're viewing by monitoring the traffic that was requested and filtering it out by 'api' or 'tracker'.
Note that Tracker.gg is against anyone from web scraping their website for the Valorant section (and maybe other games) and may try to actively revoke you from doing so. Check their robots.txt just to be sure.
I personally have used their site to scrape data for my own project and had been booted off as a result thanks to their cloudflare 'anti-bot' detection. An example of an api endpoint I found through this method is https://api.tracker.gg/api/v2/valorant/standard/profile/riot/{userURL}?forceCollect=true
Related
I'm going to make a project using the Google translate api and I'm thinking of uploading this project to a server and just sharing it with my friends. But unfortunately the Api Key that I will use in the project can be accessed clearly in the JavaScript file. This is a very bad situation. To prevent this, I have limited the Google Cloud Api and as far as I understand it is only allowed to be used on the links I allow. It cannot be used on other links. Now my main question is, is this method enough to protect Api from malicious people? Do I need to do anything else? Thank you in advance for your answers.
Best practice in these cases is to use .env files to keep data like API keys private.
You have to create a server for that which will perform OAuth and then send an API request to google.
You can get help about how to implement OAuth from this topic provided by google: https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow
If you send/attach your API key in frontend like javascript which is basically a frontend language then it can be used to:
Send fake requests which will use all of the bandwidth etc.
You should also consult the TOS.
On November 5th 2014 Google made some changes to the APIs terms of Service.
Like you I had an issue with the following line.
Asking developers to make reasonable efforts to keep their private
keys private and not embed them in open source projects.
That is however really only an issue if you are releasing the source code of your app as an Open source project for example.
If your just hosting this on a server then what you shoudl do is set up limitations for the api key adding_application_restrictions you can limit it so that the api key can only be used from your server and no where else.
First off sorry if this question is a 'bad' one; I am very new to the world of web apps, API's and Javascript.
As the title says I am trying to get a user's steamID using the Steam API using javascript.
This is for a web app that needs to get information about the games a user plays. (Which from my understanding is only obtainable using this special ID.)
My initial thoughts on how to do this would be to use openID so that the user gives Steam their info and the ID is returned to my app.
I have seen that there are lots of examples of this using php; however, because of project requirements, everything must be run in the browser. There is no backend server to even run php on so it is not an option what so ever.
I have spent a better part of a day trying to figure this out and have made no real progress, everything seems to lead back to using php. (maybe what I need under my requirements is not possible?) So an example or anything really would be much appreciated.
welcome to Stack Overflow I can see you are confused as to where to start or progress so here is a basic roadmap:
You will need to contact Steam to get an API key first.
Next part is more tricky for a beginner. You will need to get node.js which is a package manager. Effectively it's a large library of javascript programs which you can import into your own program to do things with. One of these so called "packages" is openid-client, which is an implementation of openID that you can add to your site. Users click on the openID button on your site, it redirects them to steam servers, they login, then your site gets their info without leaking their username or password to you.
Now that you have both the steamID and your API Key your program can input these two into the url steam provides to get owned games. You can input this completed url into fetch or axios (another node package that can request data from servers) and it will respond with the user's owned games in json format.
Here are a list of resources in order to get you started:
https://steamcommunity.com/dev
https://nodejs.org/en/
https://www.npmjs.com/package/openid-client
https://www.npmjs.com/package/node-fetch OR https://www.npmjs.com/package/axios
https://developer.valvesoftware.com/wiki/Steam_Web_API#GetOwnedGames_.28v0001.29
I suggest reading the documentation in each of these links and seeing if there is any youtube tutorials that try and do what you are doing with these technologies to help you implement them as a newbie. Overall there is a lot to learn on each of these technologies but as long as you orient yourself using guides or tutorials you will succeed. Good luck.
Check out this page: How to retrieve Steam username using SteamWorks API?.
However, it seems like an issue you might be having is connecting to the actual API. What exactly are you using for testing?
I know from experience, for example, that you can connect using Postman to various API's, and format a request for them in a chosen language, including JS>
I'm writing an app in JS that fetches Google Calendar events using Google Calendar API. I've already generated an API Key and Client ID - do I have to do something to try and 'secure' them? Their tutorial puts them directly in the JS file (https://developers.google.com/calendar/quickstart/js), but then I dig further into the dev docs (https://cloud.google.com/docs/authentication/api-keys#securing_an_api_key) and it says not to embed the API key into the code...but that could just be for paid API keys?
I'm writing this mini webapp for a class so I only need it to work for like 6 weeks. I'm hosting it via GitHub Pages, and it was the one that alerted me about the API Key when I pushed the code.
Bottom line - is it safe for me to embed the API key into the JS code that gets pushed to github and made publicly available (so I can have just a frontend and use GitHub Pages)? Or do I need to take some kind of preventative measures?
Thanks in advance!
Api key is only used for accessing public data. For example you could use it to access the Google Calendar public holiday calendars. That being said yes you should keep your api key secrete and not share it but google is aware that this is not possible with client side languages like JavaScript so i have never heard of anyone getting in trouble for leaking their api key by having it in a JavaScript application.
This warning is mainly means that you should not put it in a GitHub open source repository that anyone can download and then run. You must instruct people how to create their own.
That being said if you are trying to access private user data then you should be using Oauth2 to authenticate your users and this you can lock down to only your domain due to the need for a redirect uri. As you say you have created a client id i suspect that you have already done that. Apikey in the javascript code isnt strictly needed if you have added the client id for oauth2.
I am working on a project where I run a web page from a local server using Xampp. In the web page I have a button which when clicked produces an array of 24 elements. I want this array to be written to my online google sheet.
My Question:
1)Can I post data from a web page running on a local server like Xampp to an online server like google sheet?
2)If yes, then is it possible to do it with php and javascript without any jquery?
3)If it is possible please show me the right path.
I am new to web development. Please help me. Thank you in advance for helping.
Yes it is possible to post data from your localhost as long as you have an internet connection.
to do such things I recommend you to read Sheets API Guides
You will also find there a sample code to write data to a spreadsheet on this page
Still an API key is required for public spreadsheets for other requests you need to use OAuth 2.0 as told here
If the request requires authorization (such as a request for an individual's private data), then the application must provide an OAuth
2.0 token with the request. The application may also provide the API key, but it doesn't have to.
If the request doesn't require authorization (such as a request for public data), then the application must provide either the API key
or an OAuth 2.0 token, or both—whatever option is most convenient for
you.
also as an advice and if you know javascript you could use Google App Script to get Started, after validating the implementation of the library into your project and console you will find built-in functions.
Circumstances
I develope a WebApp with AngularJS.
I've an restful API on server-side with GET and POST commands.
I want to use the API within my module (means: in JavaScript) to display and edit my data.
I want to protect the API with some kind of authentication (basic auth with an API key for example)
I don't want to protect the API when a user uses the app itself
Actual question
Okay, I guess the last point is a bit unclear.
I want that a user can use the app with his browser without any authentication
But when a third-party app want to access the API it have to use authentication
Since JavaScript is executed on client-side of course I can't write a master key into js or something similar..
Is there any kind of pattern or solution to solve this problem?
More specifications
referring to #EliranMalka and #shaunhusain
On the server-side I do use Tornado with it's builtin template engine. I do use the template engine actually just to write the index page and insert CSS, JS dynamically.
The code for authentication would just something like:
def is_authenticated(request):
if 'api_key' in request.arguments:
return sql('SELECT id FROM keys WHERE key=%S' % request.arguments['api_key']).count == 1
My AngularJS module is doing something similar to:
$http.get('/api/foo?api_key=1234')
.then(function (result) {
$scope.data = result.data
});
As you can see I'm writing my API key into js at the moment. But I wan't to avoid this.
Also, what do you mean exactly by third-party?
not a third-party request would be: Using the App on http:/ /app.example.com with a browser
A third-party request would be from an Android app for example. Something that comes from outside or remote.
A JS request from the browser on the actual page would be not from remote (again: since it's JS it is actually from remote - but I hope it gets more clear now)
Oh and before I forget...
I'm aware of that my plan is a bit weird - but it's just a learning(-web-development)-by-doing project.
Also the API key is not absolutely to avoid abusion, it is rather to log 3rd-party usage.
PS I hope my question was clear for you
Hmm, well I'll try to address the questions but here's a few things.
Question isn't really appropriate in it's current format for stackoverflow.com (should be programming questions, I tried X and Y happened) perhaps closer to a StackExchange question but is still fairly open ended.
Include more information about specifics of the languages (and/or frameworks) your using server side and any code you have that is relevant (authentication code?).
Putting the key into the client code and transmitting it from the client means anyone with a web proxy (check out Charles or Wireshark) can grab the key so just to reiterate you're right there that's not the way to go.
Check out how other organizations allow you to get access to their APIs (for example Google, LinkedIn, Facebook, Twitter) to get a feel for how it works. In all of these cases you are signed into the service to be able to make an API key, in some cases you have to specify which domain the requests with that API key will come from. If you use the same precautions and check the API key sent with a request against a database of registered API users and verify the domain in the request then I'd say you're in pretty good shape.