5.10 Authentication

  • There are different ways to authenticate with an API
    • …telling the API that it’s you and not someone else
  • Generally: API providers give you a piece of information (e.g., a key) that you can use to verify that it’s you when connecting to the API
  • API keys (access token)
    • Most common method of authentication
    • In this document we described how you can get a key (either the actual key string or stored in json file) to interact with Google Cloud APIs
  • OAuth
    • “an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords” (Wikipedia)
    • What is OAuth and why does it matter?
    • This example illustrates how to use oauth to authenticate with the Youtube APIs
  • Be careful with those keys/passwords! Don’t post them on websites! (bots crawl through the web to identify all sorts of vulnerabilities)
  • Connections without sharing username or password, only temporary tokens that can be refreshed
  • Ideally store tokens as environmental variables in R (as described here)
  • httr package in R implements most authentication cases