Loading ...
Sorry, an error occurred while loading the content.
 

Re: [yws-flickr] API Key distribution in open source code?

Expand Messages
  • Manish Rai Jain
    This question was posted regarding requests made by users of flickrfs ( http://flickrfs.sf.net), to provide API Key and Shared Secret along with the (for the
    Message 1 of 13 , Nov 8 5:48 AM
      This question was posted regarding requests made by users of flickrfs (http://flickrfs.sf.net), to provide API Key and Shared Secret along with the (for the end-user) application. The request is quite valid considering that as the usage grows, more and more ppl feel that its an unncessary step to request for key and modify the source code.

      Keeping in mind what Stewart has told abt keys, I think the best way to balance both may be to put a DISCLAIMER on download site, and supply the keys.

      Manish


      On 11/8/05, Stewart Butterfield <stewartb@...> wrote:


      Manish Rai Jain:

      > As per my understanding, API Key is per application. So, shd
      > it be ditributed along with the shared secret if the
      > application is open source? Or this may cause potential problems?

      It depends on the kind of app. If it is code that developers will using,
      then it makes sense to get them to get their own key. If it is an actual
      end-user application you're distributing, it's better to include the key
      (otherwise it is a pain in the ass).

      There are cases where someone could use your key to do something bad,
      and it might even cause a misunderstanding, but we're clever enough to
      find appropriate ways of dealing with it. Keys are essentially a way to
      keep things a little cleaner/more organized on our end.

      - Stewart


      SPONSORED LINKS
      Computer internet training Api Computer internet business
      Computer internet access Computer internet privacy securities Api tree stands


      YAHOO! GROUPS LINKS




    • Dan Coulter
      I m going to chime in with one more consideration. If you re building an open source web application that end users can log into via a web interface, you can t
      Message 2 of 13 , Nov 8 6:22 AM
        I'm going to chime in with one more consideration.  If you're building an open source web application that end users can log into via a web interface, you can't really distribute your API Key.  Each instance of that software will need its own API key because it will need its own authentication callback script.  It would be silly for dozens or hundreds of installs to send their callbacks to your server which would have to bounce them back to the originating one.  In some cases, this might be desirable, but not in most cases.


        --
        Dan Coulter
        http://www.dancoulter.com/
        http://www.phpflickr.com/

        Hey, I got nothing to do today but smile
        -Simon and Garfunkel
      Your message has been successfully submitted and would be delivered to recipients shortly.