Reputation: 75
Google APIs Client Library for Objective-C: Youtube upload to 'master account'
Scenario
I have an iOS app that uses the Google API Objective-C client library to upload to a user's Youtube account using OAuth2 authentication.
There has been a change request to upload to a 'master account' and avoid any user log in. This 'master account' would be a collection of all the videos from the iOS app.
Question 1
Security, quota and liability issues aside for a moment, is this even possible?
It seems that for uploads, authentication is required, and the client library does not support App Key authentication (or Service Accounts).
Question 2
Is this something that can be done with raw http requests? I would rather not dig into adding the feature to the Google client library if this is technically not possible.
Note
I would like the make a direct call to Google, and avoid any intermediate server.
Upvotes: 1
Views: 375
Answers (1)
Reputation: 2240
While this is possible, it is a very fast way to failure. You would have to distribute a refresh token to clients in some form. This is a Very Bad thing, because someone can very easily extract this token and use it to DoS your quota. In addition, if someone does do this, you will have to invalidate and update the refresh token, which usually means an app update (unless you have apps download a refresh token from a third party server, which you are trying to avoid). You will have the same problem with using the API via raw HTTP, or screenscraping, because you will need to distribute your email and password - the account will likely be flagged.
This ignores all the obvious problems with quota, people uploading bad videos and getting your account banned, and all that goodness.
I would avoid this approach in general and use playlists on a master account, but if you are willing to brave the waters, you have two options:
- Create an intermediary server. This server is responsible for getting an access token, returning it to the client. The client at least won't have access to the refresh token, but malicious clients can do just as much damage with the access token.
- Use the intermediary server to store the video, then you can do your own rate limiting as an additional layer to prevent your app from being maliciously used against you.
Upvotes: 1
Related Questions
- Allowing Google Service Account YouTube Upload Access via API v3
- How to use Google Api to upload to a single Youtube channel on a User-less app
- How I can authorize and upload video via GoogleAPIClientForREST for iOS
- iOS App and youtube client
- How to use YouTube API for an iOS app?
- Upload video to youtube with hardcode username & password ios
- Youtube Upload to own account
- Video upload Issues in Youtube using youtube IOS API only New google account
- YouTube API v3 - Direct upload to own channel
- Youtube objective c api