Generating Api Keys Site Stackoverflow.com

09.12.2020
33 Comments
  1. Returns all the undeleted answers in the system. The sorts accepted by this method operate on the following fields of the answer object:. Activity – lastactivitydate; creation – creationdate; votes – score; activity is the default sort. It is possible to create moderately complex queries using sort, min, max, fromdate, and todate. This method returns a list of answers.
  2. Apr 10, 2020  The next section describes getting the API key in more detail. Get a Google Maps API key. Your application needs an API key to access the Google Maps servers. The type of key you need is an API key with restriction for Android apps. The key is free.
  3. Oct 30, 2015 API Keys are not security. By design they lack granular control, and there are many vulnerabilities at stake: applications that contain keys can be decompiled to extract keys, or deobfuscated from on-device storage, plaintext files can be stolen for unapproved use, and password managers are susceptible to security risks as with any application. In this piece we outline the disadvantages of.
-->

Stack Overflow for Teams is a private, secure spot for you and your coworkers to find and share information. PHP API Key Generator. Ask Question Asked 10 years, 6 months ago. Active 2 years, 6 months ago. Viewed 56k times 33. Does anyone know of any API key generator. To keep your API keys secure, follow these best practices: Do not embed API keys directly in code: API keys that are embedded in code can be accidentally exposed to the public, for example, if you forget to remove the keys from code that you share. Instead of embedding your API keys in your applications, store them in environment variables. Apr 10, 2020  New Users: Before you can start using the Google Maps Platform APIs and SDKs, you must sign up and create a billing account. To learn more, see Get Started with Google Maps Platform. To use the Distance Matrix API you must have an API key. The API key is a unique identifier that is used to authenticate requests associated with your project for usage and billing purposes.

This article shows you how to call the Azure Storage REST APIs, including how to form the Authorization header. It's written from the point of view of a developer who knows nothing about REST and no idea how to make a REST call. After you learn how to call a REST operation, you can leverage this knowledge to use any other Azure Storage REST operations.

Prerequisites

The sample application lists the blob containers for a storage account. To try out the code in this article, you need the following items:

  • Install Visual Studio 2019 with the Azure development workload.

  • An Azure subscription. If you don't have an Azure subscription, create a free account before you begin.

  • A general-purpose storage account. If you don't yet have a storage account, see Create a storage account.

  • The example in this article shows how to list the containers in a storage account. To see output, add some containers to blob storage in the storage account before you start.

Download the sample application

The sample application is a console application written in C#.

Use git to download a copy of the application to your development environment.

This command clones the repository to your local git folder. To open the Visual Studio solution, look for the storage-dotnet-rest-api-with-auth folder, open it, and double-click on StorageRestApiAuth.sln.

About REST

REST stands for representational state transfer. For a specific definition, check out Wikipedia.

REST is an architecture that enables you to interact with a service over an internet protocol, such as HTTP/HTTPS. REST is independent of the software running on the server or the client. The REST API can be called from any platform that supports HTTP/HTTPS. You can write an application that runs on a Mac, Windows, Linux, an Android phone or tablet, iPhone, iPod, or web site, and use the same REST API for all of those platforms.

A call to the REST API consists of a request, which is made by the client, and a response, which is returned by the service. In the request, you send a URL with information about which operation you want to call, the resource to act upon, any query parameters and headers, and depending on the operation that was called, a payload of data. The response from the service includes a status code, a set of response headers, and depending on the operation that was called, a payload of data.

About the sample application

The sample application lists the containers in a storage account. Once you understand how the information in the REST API documentation correlates to your actual code, other REST calls are easier to figure out.

If you look at the Blob Service REST API, you see all of the operations you can perform on blob storage. The storage client libraries are wrappers around the REST APIs – they make it easy for you to access storage without using the REST APIs directly. But as noted above, sometimes you want to use the REST API instead of a storage client library.

Generating api keys site stackoverflow.com free

List Containers operation

Review the reference for the ListContainers operation. This information will help you understand where some of the fields come from in the request and response.

Request Method: GET. This verb is the HTTP method you specify as a property of the request object. Other values for this verb include HEAD, PUT, and DELETE, depending on the API you are calling.

Request URI: https://myaccount.blob.core.windows.net/?comp=list. The request URI is created from the blob storage account endpoint http://myaccount.blob.core.windows.net and the resource string /?comp=list.

URI parameters: There are additional query parameters you can use when calling ListContainers. A couple of these parameters are timeout for the call (in seconds) and prefix, which is used for filtering.

Another helpful parameter is maxresults: if more containers are available than this value, the response body will contain a NextMarker element that indicates the next container to return on the next request. To use this feature, you provide the NextMarker value as the marker parameter in the URI when you make the next request. When using this feature, it is analogous to paging through the results.

To use additional parameters, append them to the resource string with the value, like this example:

Request Headers:This section lists the required and optional request headers. Three of the headers are required: an Authorization header, x-ms-date (contains the UTC time for the request), and x-ms-version (specifies the version of the REST API to use). Including x-ms-client-request-id in the headers is optional – you can set the value for this field to anything; it is written to the storage analytics logs when logging is enabled.

Request Body:There is no request body for ListContainers. Request Body is used on all of the PUT operations when uploading blobs, as well as SetContainerAccessPolicy, which allows you to send in an XML list of stored access policies to apply. Stored access policies are discussed in the article Using Shared Access Signatures (SAS).

Response Status Code:Tells of any status codes you need to know. In this example, an HTTP status code of 200 is ok. For a complete list of HTTP status codes, check out Status Code Definitions. To see error codes specific to the Storage REST APIs, see Common REST API error codes

Response Headers:These include Content Type; x-ms-request-id, which is the request ID you passed in; x-ms-version, which indicates the version of the Blob service used; and the Date, which is in UTC and tells what time the request was made.

Response Body:This field is an XML structure providing the data requested. In this example, the response is a list of containers and their properties.

Creating the REST request

For security when running in production, always use HTTPS rather than HTTP. For the purposes of this exercise, you should use HTTP so you can view the request and response data. To view the request and response information in the actual REST calls, you can download Fiddler or a similar application. In the Visual Studio solution, the storage account name and key are hardcoded in the class. The ListContainersAsyncREST method passes the storage account name and storage account key to the methods that are used to create the various components of the REST request. In a real world application, the storage account name and key would reside in a configuration file, environment variables, or be retrieved from an Azure Key Vault.

In our sample project, the code for creating the Authorization header is in a separate class. The idea is that you could take the whole class and add it to your own solution and use it 'as is.' The Authorization header code works for most REST API calls to Azure Storage.

To build the request, which is an HttpRequestMessage object, go to ListContainersAsyncREST in Program.cs. The steps for building the request are:

  • Create the URI to be used for calling the service.
  • Create the HttpRequestMessage object and set the payload. The payload is null for ListContainersAsyncREST because we're not passing anything in.
  • Add the request headers for x-ms-date and x-ms-version.
  • Get the authorization header and add it.

Some basic information you need:

  • For ListContainers, the method is GET. This value is set when instantiating the request.
  • The resource is the query portion of the URI that indicates which API is being called, so the value is /?comp=list. As noted earlier, the resource is on the reference documentation page that shows the information about the ListContainers API.
  • The URI is constructed by creating the Blob service endpoint for that storage account and concatenating the resource. The value for request URI ends up being http://contosorest.blob.core.windows.net/?comp=list.
  • For ListContainers, requestBody is null and there are no extra headers.

Different APIs may have other parameters to pass in such as ifMatch. An example of where you might use ifMatch is when calling PutBlob. In that case, you set ifMatch to an eTag, and it only updates the blob if the eTag you provide matches the current eTag on the blob. If someone else has updated the blob since retrieving the eTag, their change won't be overridden.

First, set the uri and the payload.

Next, instantiate the request, setting the method to GET and providing the URI.

Add the request headers for x-ms-date and x-ms-version. This place in the code is also where you add any additional request headers required for the call. In this example, there are no additional headers. An example of an API that passes in extra headers is the Set Container ACL operation. This API call adds a header called 'x-ms-blob-public-access' and the value for the access level.

Call the method that creates the authorization header and add it to the request headers. You'll see how to create the authorization header later in the article. The method name is GetAuthorizationHeader, which you can see in this code snippet:

At this point, httpRequestMessage contains the REST request complete with the authorization headers.

Youtube

Send the request

Now that you have constructed the request, you can call the SendAsync method to send it to Azure Storage. Check that the value of the response status code is 200, meaning that the operation has succeeded. Next, parse the response. In this case, you get an XML list of containers. Let's look at the code for calling the GetRESTRequest method to create the request, execute the request, and then examine the response for the list of containers.

If you run a network sniffer such as Fiddler when making the call to SendAsync, you can see the request and response information. Let's take a look. The name of the storage account is contosorest.

Request:

Request Headers:

Status code and response headers returned after execution:

Response body (XML): For the List Containers operation, this shows the list of containers and their properties.

Now that you understand how to create the request, call the service, and parse the results, let's see how to create the authorization header. Creating that header is complicated, but the good news is that once you have the code working, it works for all of the Storage Service REST APIs.

Creating the authorization header

Tip

Azure Storage now supports Azure Active Directory (Azure AD) integration for blobs and queues. Azure AD offers a much simpler experience for authorizing a request to Azure Storage. For more information on using Azure AD to authorize REST operations, see Authorize with Azure Active Directory. For an overview of Azure AD integration with Azure Storage, see Authenticate access to Azure Storage using Azure Active Directory.

There is an article that explains conceptually (no code) how to Authorize requests to Azure Storage.

Let's distill that article down to exactly is needed and show the code.

First, use Shared Key authorization. The authorization header format looks like this:

The signature field is a Hash-based Message Authentication Code (HMAC) created from the request and calculated using the SHA256 algorithm, then encoded using Base64 encoding. Got that? (Hang in there, you haven't even heard the word canonicalized yet.)

This code snippet shows the format of the Shared Key signature string:

Most of these fields are rarely used. For Blob storage, you specify VERB, md5, content length, Canonicalized Headers, and Canonicalized Resource. You can leave the others blank (but put in the n so it knows they are blank).

What are CanonicalizedHeaders and CanonicalizedResource? Good question. In fact, what does canonicalized mean? Microsoft Word doesn't even recognize it as a word. Here's what Wikipedia says about canonicalization: In computer science, canonicalization (sometimes standardization or normalization) is a process for converting data that has more than one possible representation into a 'standard', 'normal', or canonical form. In normal-speak, this means to take the list of items (such as headers in the case of Canonicalized Headers) and standardize them into a required format. Basically, Microsoft decided on a format and you need to match it.

Let's start with those two canonicalized fields, because they are required to create the Authorization header.

Canonicalized headers

To create this value, retrieve the headers that start with 'x-ms-' and sort them, then format them into a string of [key:valuen] instances, concatenated into one string. For this example, the canonicalized headers look like this:

Here's the code used to create that output:

Canonicalized resource

This part of the signature string represents the storage account targeted by the request. Remember that the Request URI is<http://contosorest.blob.core.windows.net/?comp=list>, with the actual account name (contosorest in this case). In this example, this is returned:

If you have query parameters, this example includes those parameters as well. Here's the code, which also handles additional query parameters and query parameters with multiple values. Remember that you're building this code to work for all of the REST APIs. You want to include all possibilities, even if the ListContainers method doesn't need all of them.

Now that the canonicalized strings are set, let's look at how to create the authorization header itself. You start by creating a string of the message signature in the format of StringToSign previously displayed in this article. This concept is easier to explain using comments in the code, so here it is, the final method that returns the Authorization Header:

When you run this code, the resulting MessageSignature looks like this example:

Here's the final value for AuthorizationHeader:

The AuthorizationHeader is the last header placed in the request headers before posting the response.

That covers everything you need to know to put together a class with which you can create a request to call the Storage Services REST APIs.

Example: List blobs

Let's look at how to change the code to call the List Blobs operation for container container-1. This code is almost identical to the code for listing containers, the only differences being the URI and how you parse the response.

If you look at the reference documentation for ListBlobs, you find that the method is GET and the RequestURI is:

In ListContainersAsyncREST, change the code that sets the URI to the API for ListBlobs. The container name is container-1.

Then where you handle the response, change the code to look for blobs instead of containers.

When you run this sample, you get results like the following:

Canonicalized headers:

Canonicalized resource:

Message signature:

Authorization header:

The following values are from Fiddler:

Request:

Request Headers:

Status code and response headers returned after execution:

Response body (XML): This XML response shows the list of blobs and their properties.

Summary

In this article, you learned how to make a request to the blob storage REST API. With the request, you can retrieve a list of containers or a list of blobs in a container. You learned how to create the authorization signature for the REST API call and how to use it in the REST request. Finally, you learned how to examine the response.

Next steps

Welcome to the reCAPTCHA developer documentation.

reCAPTCHA protects you against spam and other types of automated abuse. Here, we explain how to addreCAPTCHA to your site or application.

Audience

Generating Api Keys Site Stackoverflow.com Video

This documentation is designed for people familiar with HTML forms, server-side processing or mobileapplication development. To install reCAPTCHA, you will probably need to edit some code.

Eve Api Keys

We hope you find this documentation easy to follow. Make sure to join the reCAPTCHA developerforum to give feedback and discuss the API.

You can find a reCAPTCHA codelab here.

Overview

Generating Api Keys Site Stackoverflow.com Free

To start using reCAPTCHA, you need to sign up for an API keypair for your site. The key pair consists of a site key andsecret key. The site key is used to invoke reCAPTCHA service on your site or mobile application. Thesecret key authorizes communication between your application backend and the reCAPTCHA server toverify the user's response. The secret key needs to be kept safe forsecurity purposes.

Google Api Keys

First, choose the type of reCAPTCHA and then fill in authorized domainsor packagenames. After youaccept our terms of service, you can click Register button to get new API key pair.

Generating Api Keys Site Stackoverflow.com Youtube

Now please take the following steps to add reCAPTCHA to your site or mobile application:

Generating Api Keys Site Stackoverflow.com Download

  1. Choose the client side integration:
    • reCAPTCHA v2