Printable versionAuthentication allows a user to access YouTube features that link content or information to a particular YouTube account. These features require the user or your application to provide the YouTube username and password for that account. For example, a user must log in to YouTube to upload a video or to add a comment to an existing video.
This documentation describes a number of API functions that require user authentication, including all of the API functions for creating, updating or deleting content require user authentication.
Please note that if you implement any functionality that does require authentication, we recommend that you include the proper authentication headers in all of your requests even if those requests do not explicitly require authentication.
To properly authenticate, a request must include the Authorization header and either the X-GData-Key header or the key parameter. The X-GData-Key header (or the key parameter) specifies your developer key, a value that uniquely identifies your application(s). The Authorization header specifies a token that you obtain for each user using one of three authentication schemes – AuthSub, OAuth or ClientLogin – that are available to enable users to access account-specific YouTube features. The following list will help you to select the authentication scheme that is appropriate for your application.
AuthSub proxy authentication enables web applications to authenticate users to their YouTube accounts without having to access the user's YouTube username and password. You should use AuthSub authentication if you are building a web application that will let users link videos, comments, ratings, contacts or other information to their own YouTube accounts.
The OAuth protocol provides a standard way to access protected data on different websites. Whereas the AuthSub and ClientLogin methods are Google-specific, OAuth is an open protocol that may be implemented on other websites. Like AuthSub, OAuth is useful if you are building a web application that will let users link videos, comments, ratings, contacts or other information to their own YouTube accounts. OAuth may be particularly appealing to you if your application also integrates with other APIs besides the YouTube API, and those APIs also support the OAuth protocol. See http://oauth.net to learn more about Oauth.
ClientLogin authentication lets you associate all API actions with a single YouTube account. You should use ClientLogin if you are building a standalone, single-user, installed client, such as a desktop application. In this case, your application will ask the user to enter his YouTube username and password and will then use those values to request a ClientLogin authentication token.
Note: You should never build a web application that implements ClientLogin authentication and requires users to enter their usernames and passwords. If you are building a web application that allows people to associate actions with their YouTube accounts, use AuthSub or OAuth authentication.
A developer key identifies the YouTube developer that is submitting an API request. A client ID identifies your application for logging and debugging purposes. Please visit http://code.google.com/apis/youtube/dashboard/ to obtain a developer key and client ID.
YouTube provides two ways to specify your client ID and developer key in an API request:
When you make an API request, use the X-GData-Key request header to specify your developer key and the X-GData-Client header to specify your client ID as shown in the following example:
X-GData-Client: <client_id> X-GData-Key: key=<developer_key>
Include the client and key query parameters in the request URL.
http://gdata.youtube.com/feeds/api/videos?q=SEARCH_TERM&client=CLIENT_ID&key=DEVELOPER_KEY
Note: Specifying your client ID and developer key is very simple if you are using one of our client libraries. In the client libraries, you provide your client ID and developer key when initializing the YouTube service object, and all subsequent requests sent using that object will contain the client ID and developer key.
|
