search

500px / legacy-api-documentation

This is the 500px API documentation.
22 stars 9 forks source link

Watermarked images #184

Open pmpinto opened 8 years ago

pmpinto commented 8 years ago

I've previously looked at issue #128 and even commented with a question but got no answer and I still find this odd.

I'm using JS and I'm hoping I can access my own photos to display them on my personal website, with no watermarks. I think this is possible, isn't it?

I'm connecting to 500px with the init method, everything fine: _500px.init({ sdk_key: Service500px.sdk_key });

Then I make a call to

_500px.api("/users/" + Service500px.user_id + "/galleries/" + Service500px.gallery_id + "/items", {  
    consumer_key: Service500px.consumer_key,
    sort: "position",
    sort_direction: "asc",
    image_size: 1080
}, function(data) {
    console.log("photos ->", data.data.photos);
});

This returns my photos inside a gallery ordered by the position. The problem is these images have watermarks in it. Commenting the consumer_key parameter has no effect on the returned value.

Wasn't the consumer_key supposed to authenticate the request and return the image urls without watermarks? What am I missing here?

ghost commented 8 years ago

Bumping this up. Getting back watermarked images even with consumer_key included in the request. Note that when the image_size is from the "standard uncropped sizes" table, the returned corresponding images seem to be watermarked. Images requested with a "standard cropped sizes" value seems unwatermarked.

moc426 commented 8 years ago

Consumer key is not to authenticate you as a user. You have to authenticate with oauth. Consumer key is api key which grants you access to utilize the api.

pmpinto commented 7 years ago

(448 days later...) I didn't have the need to use this again, until now. So I got back to it where I left off last time.

@moc426 the weird thing to me is that wether or not I include a consumer_key argument in the request, I get the exact same results.

To authenticate with OAuth I first need to request_token. But unfortunately, it seems to always return Invalid OAuth Request. So I'm stuck at the very first step...

Being this the first time I'm dealing with OAuth, it's not very clear to me while reading the documentation what exactly should I include in the request. Any properly working JS example?

But before that, let's make sure this is true please:

I'm using JS and I'm hoping I can access my own photos to display them on my personal website, with no watermarks. I think this is possible, isn't it?

I'm hoping I can build my own gallery in my personal website. Big photos with no watermarks is key, otherwise this makes no sense. I want to authenticate once and make sure the website can run itself after that, with no further authentications needed.

Also, being this a JS process, and tokens being stored on client-accessible files, is security compromised? Will a user visiting my website be able to grab the token and do malicious stuff with it? Again OAuth noob here.

mck182 commented 7 years ago

I'm hoping I can build my own gallery in my personal website. Big photos with no watermarks is key, otherwise this makes no sense.

Wouldn't it be simply easier to upload your photos to your actual server, rather than relying on 500px APIs? Do note that there are couple restrictions in the 500px API ToS that you could possibly violate with such application.

Also, being this a JS process, and tokens being stored on client-accessible files, is security compromised? Will a user visiting my website be able to grab the token and do malicious stuff with it?

The user would most definitely be able to grab your token and use it for their own purposes. If someone should misuse a consumer_key for malicious things, we'd investigate and possibly revoke that key.

Cheers, Martin, 500px

pmpinto commented 7 years ago

Hi Martin,

Thanks for looking into this. The purpose of this usage would be to grab some of my own photos, which are already in 500px, display and link to them from my personal website.

If this is against the ToS, I'm moving on to something else then. Thanks again. On Mon, 29 May 2017 at 15:54, Martin Klapetek notifications@github.com wrote:

I'm hoping I can build my own gallery in my personal website. Big photos with no watermarks is key, otherwise this makes no sense.

Wouldn't it be simply easier to upload your photos to your actual server, rather than relying on 500px APIs? Do note that there are couple restrictions in the 500px API ToS that you could possibly violate with such application.

Also, being this a JS process, and tokens being stored on client-accessible files, is security compromised? Will a user visiting my website be able to grab the token and do malicious stuff with it?

The user would most definitely be able to grab your token and use it for their own purposes. If someone should misuse a consumer_key for malicious things, we'd investigate and possibly revoke that key.

Cheers, Martin, 500px

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/500px/api-documentation/issues/184#issuecomment-304680626, or mute the thread https://github.com/notifications/unsubscribe-auth/AEEXZpOKPnwkduqpSfpwmzPbNpfKqVa_ks5r-twhgaJpZM4HqDyX .