- Getting Authorized
- Example: Archivr
Regardless of your means of interaction with the Flickr API, you'll need to get authorized before you do anything. Flickr authorization exists on a variety of levels, starting with the application itself. Each Flickr application that you create will need its own API key. This key, created via the Flickr web page, will be tied to your Flickr account as the owner. Once you have this API key, in order to enable the use of this application you'll need to go to the key setup page for your account and provide some information about each one, including a name, description, logo, and whether it's web-, desktop-, or mobile-based.
Once that's configured, a second key called the Shared Secret will be created. These two keys uniquely and securely identify your application. However, your app still doesn't have any access to anyone's private photos or information on the Flickr service. To get that, the user must be directed to authorize your app.
The Flickr API supports a user logging in directly by entering his or her username and password into your app, passing along an unencoded username and password in a URL. However, this approach presents some obvious security concerns. For that reason, this ability has been deprecated in favor of a much more secure method.
Depending on whether your application is web-, desktop-, or mobile-based, the authorization process is slightly different. However, the general procedure has the user launching your application. Your application must then redirect the user to a specific Flickr authorization URL. Here the user will be asked to log in and then grant read/write permission to your application. Once the user grants permission, a unique token will be generated for this combination of username and application. This token will need to be provided by your application each time to access that particular user's photos.