Plugin Author
PoseLab
(@javitxu123)
Hi hommealone
That is a question that we should ask to Google. There are many people complaining about the same thing but the plugin is not responsible for how the API key works.
Thanks. I’d be glad to help but… Wouldn’t it make more sense for you to ask Google? No offense meant; I just don’t really even know how to phrase the question, let alone understand exactly what information they’d need in order to answer it. In fact, I’ve spent a half hour already just trying (unsuccessfully) to find the right place to post a question.
Since you seem to be getting asked about this same problem from many people already, you must have a handle on the problem, and probably understand, better than anyone who is asking you about it, how exactly the interfacing with Google and the API is supposed to work, and exactly when or how it is failing.
I am assuming that the error message, which I posted earlier in this thread, is generated by your plugin. Presumably it is generated when either an error is received from Google (I can’t find such an error in my console, however), OR, when some action which your plugin expects to happen, instead fails. I wouldn’t even know what error to describe in any question that I might post to Google.
Can YOU ask Google about this?
Please, what’s the next step to getting this working properly?
What can I do to put an HTTP referrer back into my Google developers console? I hate leaving it without one…
Well I guess the question to ask PoseLab is how is the request sent to youtube? Is it directly form the website (where the plugin is installed) or is ti via some other site like poselab.com?
Do we need to add other sites to the APIC key credentials?
Just wondering if there had been any developments on this issue?
Thanks!
I’m having this same problem also. It seems as though the plugin isn’t using the site root to send the request to YouTube.
We really need a solution for this one, because it is a security issue.
I played around with this for the last day and finally seemed to get it to work.
I set the referrer field to
htttp://domain.com/*
it does not work without the trailing *
Sorry sailpilot, but that still doesn’t do it for us. None of these work:
http://ourdomain.org/*
http://www.ourdomain.org/*
*ourdomain.org/*
Neither does the exact specific URL:
http://www.ourdomain.org/specific-page-with-the-youtube-channel/
PoseLab: Any developments since this question was first asked 3 months ago? Any new advice?
Plugin Author
PoseLab
(@javitxu123)
Hi
This is a call example that makes the plugin from the server where it is installed:
https://www.googleapis.com/youtube/v3/search?part=snippet&channelId=UCBR8-60-B28hp2BmDPdntcQ&maxResults=8&order=date&type=video&key=AIzaSyAdE_-upJdcp91-oedBmU0hIX3SsLFdKjw
If the key is configured with a referrer and the referrer is incorrectly configured or the server from which the call is made to youtube api does not match the configured in the referrer, youtube api returns an error message. If the api is not correct it will return an error message. The call is made from client_server/wp-content/plugins/youtube-channel-gallery/youtube-channel-gallery.php.
OK.
I’m using the widget to put the Channel Gallery onto a page.
In the widget settings, I’ve double-checked both the YouTube API Key and also the YouTube playlist id. Both are correct.
The URL of the page that the videos appear on is in a format just like this:
http://www.ourdomain.org/specific-page-with-the-youtube-channel/
In the Google Developers Console > API Manager > Credentials page, in the field under “Accept requests from these HTTP referrers (web sites)” I’ve tried entering all of these (on separate attempts, only one at a time):
http://ourdomain.org/*
http://www.ourdomain.org/*
*ourdomain.org/*
http://www.ourdomain.org/specific-page-with-the-youtube-channel/
ANY one of those entries throws the error message listed at the top of this thread. The ONLY way I can get it to work is by leaving the referrers field blank.
I don’t understand what the problem could be…?
For reference, here is a fresh Error notice that I just got when I tried again:
Error type: "Forbidden". Error message: "There is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your API key configuration if request from this IP or referer should be allowed." Domain: "usageLimits". Reason: "ipRefererBlocked".
Did you added your own Google API key? Look at the help.
Check in YouTube if the id PL8zGt27bShqXy24Oe1sY3oBaYoMaUrBYm belongs to a playlist. Check the FAQ of the plugin or send error messages to support.
I think that I’m following all of the instructions correctly; what am I missing?
Plugin Author
PoseLab
(@javitxu123)
Hi hommealone
I was wrong because there is no problem with YouTube API. My plugin calls YouTube API on the server using php, so it never exposes the api key and therefore, there is no need of referrer. In other plugins, it is called with javascript and a referrer is needed in order to protect the api key because it can be seen. Anyway, if you want to protect the API key you must use a server key. You can see in the video below how to use it.
https://youtu.be/ReWSylJ1kAM
Thanks, PoseLab, for sticking with me on this! I apologize, but I’m not certain that I understand…
Are you now saying that I should NOT use a “Browser Key”, but instead I should use a “Server Key” as the “API Key” setting in the widget?
When I try this – first setting up a “server key” in the Google developers console, and then removing the “Browser Key” from the widget and substituting my new “Server Key” instead – it does seem to be working.
This website is on a shared server; is the IP address of the server likely to remain the same, do you think, or does it change over time?
Thanks again!
Plugin Author
PoseLab
(@javitxu123)
Hi hommealone
When you create a Server API key not restricted to an ip, Google will not show any alert. But when you create a Browser API key without a referrer, Google will show you an icon with this alert: “This key has no referrer restrictions, so other applications might be able to use this key and consume quota. Add restrictions before using this key in production.”
If you use a Server API key in an application on your server, no one can access or view this API key so limiting the IP is not necessary, and therefore Google shows no warning in this case. Youtube Channel Gallery only uses the API key on the server, so it is not necessary to restrict it to a particular IP.
Anyway, if you want to restrict it by ip, you have to ask the question about the IP of your web to your web hosting provider.
Thanks so much, it’s working perfectly now that I changed from a browser key to a server key.
Suggestion: when you have time(!) you might update some of the videos on your help page – http://poselab.com/en/youtube-channel-gallery-help/ – since some show instructions for creating a server key, but some, like the video for the widget, still shows instructions for creating a browser key. The server key does seem like the better choice.
Thanks again for your help and this terrific plugin.
