Develop Reference

Google API get reviews for my business using java script

I am trying to get google reviews for my business but struggling with implementing it. Can someone share how to get the latest/top 5 reviews using google business API using JavaScript/Postman? I was trying to do so:
GET:
https://accounts.google.com/o/oauth2/auth?client_id=MY_CLIENT_ID.apps.googleusercontent.com&client_secret=MY_CLIENT_SECRET&scope=https://www.googleapis.com/auth/business.manage&response_type=token&redirect_uri=https://developers.google.com/oauthplayground
but it doesn't work.
Was trying also testing it on Google oauth playground
filling:OAuth flow: Client-side
Use your own OAuth credentials: my Client ID here
Step 1:
Authorize API: https://www.googleapis.com/auth/plus.business.manage
but here I am getting:
Error 400: redirect_uri_mismatch
The redirect URI in the request, https://developers.google.com/oauthplayground, does not match the ones authorized for the OAuth client. To update the authorized redirect URIs, visit: https://console.developers.google.com/apis/credentials/oauthclient/938304287177-nkvm5mqk3f5uq9lt9j2srqlgd0bjihip.apps.googleusercontent.com?project=938304287177

The redirect uri in your project on Google cloud console must exactly match the redirect uri you are sending from The easiest solution is to go to your project and add it.
https://developers.google.com/oauthplayground
Which is not the same as as you have an extra slash on the end
https://developers.google.com/oauthplayground/
This video will walk you though it. Google OAuth2: How the fix redirect_uri_mismatch error.
Question from Comments
how can I get the reviews using just API key without a need to authorize it using gmail account?
If you check the documentation Method: accounts.locations.reviews.list you will find that it says the following
API keys only allow you to access public data, the data you are trying to access is private user data and therefore requires authorization in order to access it. You can not use an API key to access this data you must be authorized using one of the above scopes. A video which explains api keys. Everything you need to know about Google API Key's, and where to get one.

Only allow requests with a valid token that's found in firestore

I'm building a small app in react where a developer will use my service in their website/app with firebase.
This is how I want it to work
The developer who wants to use my service will sign up and retrieve a token on my site.
The developer should use this token within their app to request my app (technically the request is comming from an end user which I don't know of, and shouldn't).
The security rule will look for this token in the users collection at firestore and only allow the request if an account is found in the collection users.
The developer should then only be able to see the posts made used by that token.
How can I achieve this?
Kindly point me in the right direction.

With Firestore, it's not possible to send extra data along with a query for the purpose of authorization with security rules. That's not really secure at all - it would be the same as requiring a plaintext password.
What you will need to do is write some backend code to put the token in the user's Firebase Auth custom claims. You can use the contents of custom claims in security rules to securely check if the user should have access to some resources.
For Firestore security rules, you will need to check the contents of request.auth.token in the rule to get the data you put there.

I guess you're looking for Custom Claims. Those are custom values attributes you can attach to the firebase auth user model which then can be loaded inside the firestore rules engine. Get more information: https://firebase.google.com/docs/auth/admin/custom-claims

How to configure OAuth with Goodreads

I am building an app using HTML, CSS, and Javascript, and am trying to configure OAuth to use it to access data from the Goodreads API. I basically want to get a list of books that a Goodreads member has read in the current year and display statistics about the metadata of these books. I'm pretty new to Javascript and using API's and don't have a super good grasp on OAuth and API authentication in general so I would really appreciate it if it could be explained as simply as possible.
From what I understand I need to create a login button on my page that contains a link that looks something like this:
http://www.goodreads.com/oauth/authorize?oauth_token=SCDMymQWcIE8GnxmSA
When the user clicks this button they'll visit goodreads.com where they'll login to their account. After accepting the permissions, the user will be redirected to back to your site along with an access token that would contain the user's ID. At this point I would use the user ID to pull data about the books on their shelves.
I'm not really sure how to go about writing this in my Javascript file though. How do I go about authorizing via OAuth and storing the user's ID? From the Goodreads Developers group it seems like the Goodreads API uses OAuth 1.0 which I believe is relevant to how I will need to approach this.

Creating managed accounts without storing any data on the backend

I'm currently trying to create managed accounts entirely clientside, storing on the backend only the stripe account ID associated with each user. At first, I tried using stripe.js, but it doesn't seem to provide any API for working with managed accounts at all. Then, I tried using RESTful API directly, and made a request to create a managed account (a POST request to https://api.stripe.com/v1/accounts), using a publishable key. Response was a 403:
{
"error": {
"type": "invalid_request_error",
"message": "This API call cannot be made with a publishable API key. Please use a secret API key. You can find a list of your API keys at https://dashboard.stripe.com/account/apikeys."
}
}
But doesn't that mean that creating a managed account clientside is impossible or, at least, unsafe and not intended? Secret key is not supposed to become visible to the client at any point and in any form, is it? Is there something I don't understand, or are managed accounts to be created only serverside?

Stripe integrations require both a front-end and a back-end component.
You use Checkout or Stripe.js and your Publishable Key to collect a Customer's credit card information, which is then sent to Stripe. In return Stripe sends back a token that you can use to charge this card.
https://stripe.com/docs/checkout
https://stripe.com/docs/stripe.js
You must use a backend, with your Secret Key, to create an account, a charge, a customer or take other actions on your account. So, yes, managed accounts are only created server-side.
If you need a minimal backend I'd suggest spinning up a small instance at AWS, Heroku, Digital Ocean, Linode, etc

Bypass OAuth to create cards on Trello programmatically

I'm trying to use Trello API to create cards on our boards. But i cannot really bypass authentication programmatically, because a user prompt always appears asking for authentication in trello.
The idea is i create a system user on trello, add it to the boards, then use its API key to create the cards. I'm following this approach because I used Zapier to generate cards from Freshdesk, and wondering how Zapier bypass OAuth to do this.

You simply cannot bypass the authentication of the API, however what you can do is to generate the valid oAuth tokens for your "System User" and use them for authentication.
I'm not aware of the complete Auth process of trello, but most oAuth providers give you the possiblity to create tokens which last quite long (refresh tokens). You could use these in your code to call the api without any additional auth process.
You could also store the normal auth tokens and re-validate them from time to time using the prompt.
Best solution depends on what you are trying to achieve...