1

I am developing an application that needs to gather information from GitHub, so I began looking at their API. My initial thought was to use the d3.json() function to get the data (because it's simple and has done good things for me in the past), but there doesn't appear to be a way for me to authenticate with that function. For example, $ curl -u "username" https://api.github.com is given as an example of basic authentication (from GitHub API--obviously they use curl for their examples).

So, is there a way to do authentication with the d3.json() function? And if not, what are my other options to get the JSON with JavaScript?

Thanks!

Edit:

I'm experimenting now with using jQuery's getJSON method as shown here, because I started getting the error "XMLHttpRequest cannot load url Origin url is not allowed by Access-Control-Allow-Origin." Of course, the switch doesn't help with the ability to authenticate, but I can at least get the public data (which is most).

Edit #2:

Has anyone experimented with michael/github or fitzgen/github-api? I'm going to start looking into those.

Community
  • 1
  • 1
MuffinTheMan
  • 1,509
  • 20
  • 25
  • 1
    Do you require authentication at all? – Felix Kling Jan 17 '13 at 15:26
  • Are you asking if I require authentication on my side? Of if I even have the need to use authentication on GH's side? The former would be dependent on the latter (as far as I can tell), and I haven't delved deep enough into my project to know for sure whether or not I'll be able to get by with only information obtained without authentication. So I decided to ask the question to see what my options are in the case that I need to authenticate. – MuffinTheMan Jan 17 '13 at 15:52
  • I see... OAuth is tricky with client-side only applications. Some methods of the GitHub API do not require authentication and if you use those, you don't have to worry. – Felix Kling Jan 17 '13 at 16:11
  • Yep. That's why I decided to pose the question--to see if there is anything out there to do it client-side if desired. It's possible I can get away without needing authentication, but I think it's still an interesting question. – MuffinTheMan Jan 17 '13 at 16:36
  • Well, Google gives http://derek.io/blog/2010/how-to-secure-oauth-in-javascript/, but there might better approaches by now. – Felix Kling Jan 17 '13 at 17:25
  • Thanks for the link! I'll have to at least keep that option on the table if I end up needing authentication and all else client-side fails. So I take it the lack of flexibility in client-side OAuth is due to the risk of exposing sensitive information (passwords and such)? – MuffinTheMan Jan 17 '13 at 17:36
  • Yes, OAuth needs a private key (or something similar) to verify the client application and you don't want to send those to the client. I'm not very familiar with it TBH, but that's how I understand it as well. – Felix Kling Jan 17 '13 at 17:55
  • It turns out I do need authentication, since one can only make 60 unauthenticated requests per hour (whereas one can make 5,000 authenticated requests per hour). 60 requests per hour just ain't enough. – MuffinTheMan Jan 28 '13 at 15:53

1 Answers1

0

If you have a PHP script which echos JSON, you can do all authentication server-side. Note that you can also send a GET request to your PHP script, so the way you call your script can be dynamic.

Wex
  • 15,539
  • 10
  • 64
  • 107
  • I may go with PHP if it ends up being necessary, but I'm looking specifically for a JavaScript solution at this point. Thanks. – MuffinTheMan Jan 28 '13 at 15:54