Reputation: 8376
What kind of auth strategies should be used for distinct Youtube API's resources?
I'm starting to use youtube API, I know an application should be started at Google Cloud Platform and then Youtube API have to be enabled.
So, there are three sort of credentials:
- API Key
- Oauth 2.0 application ID
- Service account
So far I've created an API key for browser consuming, from where I got both comments and list videos. But even reading the docs I can't get the differences between those distinct credentials, and what youtube API need which type of credentials.
I'm not doign anything youtube user related yet (upload videos, comment on a video, like a video) but pure data consuming.
What are the differences among those crendentials and the needs for each Youtube resource?
Upvotes: 1
Views: 35
Answers (1)
Reputation: 113465
I will go through them, one by one, like the crayfish: from the last one to the first one:
Service Account
Since you're asking abuot YouTube, I can tell you from start, according to the docs that the Service account authentication cannot be used for YouTube resources:
Service accounts do not work for YouTube Data API calls because service accounts require an associated YouTube channel, and you cannot associate new or existing channels with service accounts. If you use a service account to call the YouTube Data API, the API server returns an error with the error type set to unauthorized and the reason set to
youtubeSignupRequired.
This are useful for server-only authentication (when you don't need user interaction).
OAuth 2.0 application ID
This is probably the most common authentication way: your user will be redirected to grant your Google app access in their account and then you will get a code which you use to get the acceess token.
This is just perfect for any available YouTube API request, considering the scopes, obviously.
API Key
You can use API keys only for requests that don't require user authorization (certain list operations).
So, in fact, if you want public resources, just use an API key. If you need to access user's data, use OAuth 2.0 workflow.
Upvotes: 2
Related Questions
- How to grant my youtube-api application read-only access to many Youtube accounts?
- Youtube API Authentication - multiple scopes
- YouTube API Quota - Multiple accounts
- YouTube APIs - Access mutiple youtube channels (Brand Accounts) using Google Admin account
- Youtube data api token
- YouTube data API - Handling Client Secrets
- How to tie oAuth2 tokens to an identity?
- YouTube API v3 Java authorization
- YouTube Data API: OAuth Authentication for services using V3 without user intervention
- Having multiple youtube API players?