Login/Register
Why Google Translate API doesn't accept API-Key in JSON request body?
Asked Answered
jsongoogle-apigoogle-translate
M

1

8

I'm new to use Google Could Platform.

I tried Translation API's tutorial. By some reason I want to use API-Key for its authentication. but API doesn't accept key in JSON Request, though it accepts same key in HTTP query parameter.

Is this a restriction of Google Translation API? or do I have any mistake?

Following is what I tried:

Worked when API-key is passed as a query parameter

$ curl -H 'Content-Type: application/json' 'https://translation.googleapis.com/language/translate/v2?key=xxxxxxxxxx' --data-binary @test.json

with my test.json is:

{
  "q": "The quick brown fox jumped over the lazy dog.",
  "source": "en",
  "target": "es",
  "format": "text"
}

result was:

{
  "data": {
    "translations": [
      {
        "translatedText": "El rpido zorro marrn salt sobre el perro perezoso."
      }
    ]
  }
}

But for some security reason, I don't want to pass this API-key by query string.

Why I don't want to use query-string

An URI with sensitive parameter is not safe, for it is often logged or is shown in some situation, while HTTP Header or HTTP body aren't.

Of course using stronger authentication method (Service Account) is better for security, but API-key is also a good solution for some use cases like embedding in legacy-system, or so.

Didn't work when Api-key is passed in JSON request

I set "key" item in my request JSON, and it didn't work. It caused authorization error.

curl -H 'Content-Type: application/json' 'https://translation.googleapis.com/language/translate/v2' --data-binary @test.json

with test.json:

{
  "key": "xxxxxxxxxx",
  "q": "The quick brown fox jumped over the lazy dog.",
  "source": "en",
  "target": "es",
  "format": "text"
}

result:

{
  "error": {
    "code": 403,
    "message": "The request is missing a valid API key.",
    "errors": [
      {
        "message": "The request is missing a valid API key.",
        "domain": "global",
        "reason": "forbidden"
      }
    ],
    "status": "PERMISSION_DENIED"
  }
}
Marinelli answered 18/5, 2017 at 9:11 Comment(4)
Did you ever figure this one out? I'm running into the same issue accessing the api from c with libcurl. I need to post a JSON document....well I guess I don't have to, but it's nice and tidy and makes the string escaping easier to deal with.Horvath
Hi @Horvath I posted this to google group. After all I understand this behavior is API's specification. I switched to use OAuth and it worked, though it needed pretty much work to handle its credentials properly :-)Marinelli
I ended up requesting a JWT and refreshing it every hour. I made this script to show the JWT request process hoping that it might help someone else. link to script It was fairly easy to port the logic to c using the openssl and curl libs.Horvath
@Marinelli It is recommended to post your solution here on Stack Overflow as the answer to better help the community.Elmer
G
4

The only working example I could find was:

Append the key in the URL, e.g.:

https://translation.googleapis.com/language/translate/v2?key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Do the rest in POST.

Gruver answered 12/2, 2020 at 0:9 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.