I am developing a web portal consuming the Yahoo web service for the real-time temperature. I was using combined YQL query to fetch the weather data by latitude and longitude which was not bad:
https://query.yahooapis.com/v1/public/yql?q=select * from weather.forecast where woeid in (select woeid from geo.placefinder where text='lat,lon')&format=json
Since this January, the combined query did not work anymore.
Therefore, I had to make two separate http requests in sequence to get the data.
Get woeid from lan, lon and appid
Get data from woeid
It is quite time-consuming and less efficient to fetch the data from Yahoo each time. I have been googled a while for a solution to improve this but most of them are for old Yahoo weather API versions.
I am looking for an way to shorten the time or some other mainstream free weather service providers, offering world weather.
Update (2016.03.24)
I found a way to make the combined YQL work from this thread.
Change the YQL to:
https://query.yahooapis.com/v1/public/yql?q=select * from weather.forecast where woeid in (select woeid from geo.placefinder where text='(lat,lon)')&format=json
Just need to add brackets round the geo location. The previous one used to work util recently.
Update (2016.03.25)
The yahoo weather service was down yesterday and the YQL was invalid for quite a while.
From it official document, it says that it had enforced Oauth 1 since March 15 via the url https://query.yahooapis.com/v1/yql?q=...
Even though the public link was back today, I found that I was unable to switch weather unit by adding u='c' or u='f'.
I don't know whether Yahoo weather API will continue to maintain the old url or not. For the time being, it is still alive.
I am looking forward to a solution to query Yahoo weather by Oauth 1.0 in Javascript.
Related
I have a restaurant locater web application that mashes up the location of restaurants to a Google Maps.
I use JQuery sliders to limit the amount of restaurant to show on the map by having Search filter such as: price, type of food, locale.
These JQuery sliders call back via AJAX to an API I created to update the map without the web page having to refresh.
JQuery calls a RESTFUL API like so:
http://example.com/search/?city=NYC&max-price:50&cuisine=french
This returns a JSON string of restaurants which match this criteria so that my web application can display on the map all the restaurants which match the search.
What I don't want to have happen is for someone to come along and figure out my API and dumps out ALL of my restaurant listings.
Is there a way that I can limit who call the above HTTP API, so that only my web server calls the URL and not spamer/hackers looking to dump my database?
Thanks
First, declare your intentions in robots.txt.
Then, send a Set-Cookie header with a nonce or some kind of unique ID on the main page, but not on your API responses. If the cookie is never sent to your API endpoint, return a 401 Bad Request response, because it's a bot, a very broken browser, or somebody is rejecting your cookies. The Referer header can also be used as an additional check, but it's trivial to fake. Keep track of how many API calls have been made by that ID. You may also want to match IDs to IP addresses. If it goes above your threshold, spit back a 403 Forbidden response. Make your threshold high enough that legitimate users don't get caught by it.
Keep good logs, and highlight 401 and 403 responses.
Realistically, if someone is determined enough, they WILL be able to dump this information. Your goal shouldn't be to make this impossible, because you will never succeed. (See all the usual adages about achieving perfect security.) Instead, you want to make it abundantly clear that:
This behavior violates the terms of service.
You are actively trying to prevent this.
You know that the offender exists and roughly who they are.
Scary lawyers might start getting involved if this continues.
(You do have a lawyer, right?)
To achieve this, be sure the body of your 403 Forbidden response conveys a scary sounding message along the lines of "This request exceeds the maximum allowed usage of the API. Your IP address has been logged. Please refer to the terms of service and obey the directives in robots.txt."
IANAL, but I believe the DMCA can be made to apply in this situation if you claim copyright on your database. This essentially means that if you can track illegal usage of your API to an IP address, you can send a nastygram to their ISP. This should always be a last resort of course.
I don't encourage the use of assigned API keys/tokens because they turn out to be a barrier to adoption and kind of a pain in the neck to manage. As a counter-point to #womp's answer, Google is slowly moving away from their use. Also, I don't think they actually apply in this case, because it sounds like your "API" is more like a JSON call that's used mainly on your own site.
All the big REST API's tend to use tokenized authentication - basically before you do a REST request, you have to send some other request to the token service to fetch a token to include with your data request. Bing Maps does this, Amazon does this, Flickr does this... etc.
I don't know too much about it other than having worked with Bing Maps. You'll need to read up on tokenized authentication with REST. Here's a blog post to get you started: http://www.naildrivin5.com/daveblog5000/?p=35
I am writing an app (in react) that provides an ETA to a user on a train for when they will reach the next NJTransit station based on their location.
I would like to use Google Maps, but I do not see a way to ensure it will only use NJTransit. For instance, if I were to ask for directions from Newark to New York, it is possible Google Maps would give a route using the Path.
I have the GTFS data, but calculating it off of that would be inaccurate due to lack of delay information. NJTransit seems to have a real-time GTFS feed, but it is designed for servers and this has to be completely client based.
From my experience using google maps api, you have limited ways that you can form a request. To make routes you will have to use gooole routes so you can take a look over there on how you can tweak your request to have the best response. Hope it helps, if not let me know
I have a PhoneGap application runnning on Android and iOS that currently geocodes a list of addresses. However, if the amount of addresses in the list is too great, the geocoder returns OVER_QUERY_LIMIT. Is it possible to cache geocoding results on the client so that I am not geocoding the same list of addresses every time, perhaps using LocalStorage on the device?
You can create a http service over the $http one (without havung to use de $httpProvider). I'm actually developping a reusable one if you want to take some inspiration : https://github.com/ivangabriele/angular-cordova-router.
It's based on LocalStorage. But you can also directly use the original $http caching.
Eventually you can also couple that with the $cacheFactory.
Here is an answer that can help you if you prefers 2nd or 3rd option.
As you may know, pinterest api seems down now.( api.pinterest.com )In this site: http://tijn.bo.lt/pinterest-api, it says that readonly access still works. What does exactly mean ?
I can build an application using this api but cannot use pinning or creating my own board ?
Sorry if my question is too ridiculous, i am very newbie to create an application with an API..
If the API permits read-only alone, that means you can consume data from the source, but you cannot write to it. You could probably get a list of items from your board, but you wouldn't be able to programmatically push a new item to your board.
It's a one-way road, until they open up another lane.
The information posted on that site is a bit out of date.
The API was until recently allowing read/write access, but about two weeks ago Pinterest stopped issuing new access tokens via their original authentication scheme. The new scheme requires API users to generate an oauth signature to receive an access token (needed to use the API), and consequently the API is only accessible to those who have received a client_id and client_secret for their application from Pinterest.
Caveat: if you happen to have an old access_key issued using the old API, you apparently can still use that to make API calls, though I'm guessing those tokens will expire soon.
I'm using an autosuggestion for addresses through Google Maps API that I want to be as fast as possible.
Currently, I have added a 10ms delay to my script in order to avoid being banned for too many requests. Is this necessary? How many requests can be made without getting banned?
P.S. I'd love some appropriate tags for this, I really can't come up with anything good.
I'm not sure if I fully understand your question. But in any case Google Maps like most other APIs has a limit on the number of requests you are allowed to perform daily:
You have a limit of 2,500 requests per day per IP for geocoding requests made by a regualr user, see here.
If you are a premier user the limit is 100,000 requests per day per IP, however, you have a 15,000 requests/day limit when using the Javascript API or the Flash Maps API, see here.
As for too many requests at the same time, since it depends on the load google allow on their servers (which may change) I recommend you do what google suggested in the above document.
Query as much as you can and when you receive a 620 error code throttle back the speed of your requests. If you do that you will be able to dynamically determine how many requests they will allow you to do in any given time.
Unless someone can provide you with a hard limit...
I know the hard limit specified in the premier user faq is said to be 10 requests/second:
"These limits apply to each Maps API Premier client id and must be shared across all applications and IP addresses using a given client id. There is also a rate limit of 10 requests per second that applies to all Google Maps API Web Services.
If you need higher usage limits, please contact your Maps API Premier Account Manager for purchase information."
This information has probably changed since #Asaf answered the question on 29 August 2010, certainly for regular users (non-Premier), as there were updates effective 1 October 2011 for usage of Google Maps API. These are the new limits for non-Premier users:
From October 1st 2011, commercial web sites and apps using the Maps
API at no cost may generate:
max of 2,500 calls/day, if modified using Styled Maps feature
max of 25,000 calls/day in total
There are currently no limits on the number of web based JavaScript or Flash maps a site can generate. The Google Maps API Web Services and Google Static Maps API do have daily limits that are specified in their documentation. Also
Non-profits and applications deemed in the public interest (as
determined by Google at its discretion) are not subject to these
transaction limits.
Criteria for applications deemed in the public interest follow.
Also, Google says that your app won't just stop working if you exceed usage limits, but you WILL be contacted by a "Maps API Premier sales manager" if your site qualifies for and consistently exceeds the free usage allowances.
Final suggestion: The GeoCoding Strategies section for regular users, which mentions how often you can submit requests before getting flagged and uses of caching, server side requests etc. hasn't been updated since June 2010. It might be worth glancing at that link. #Asaf didn't include it specifically in his (very fine answer), although I found it on a page that he did provide the URL for.
Check below Google documentation regarding Google Map Api Usage Limit:
https://developers.google.com/maps/documentation/business/faq#usage_limits
https://developers.google.com/maps/documentation/business/articles/usage_limits
http://maps.google.co.in/help/maps/getmaps/compare.html