3MW (API Calls With OAuth2.0 Authentication)

Guten Tag!

Many greetings from Munich, Germany. Last week, we used the Google API to get the data for our weather dashboard. And while this is all the data we need, I want to show you one more way of authentication and how to do that with {httr2}.

What I want to show you is how to handle OAuth2.0 authentication. This style of authenticating is everywhere on the web and it used to be a mystery to me. So in this newsletter we untangle the necessary steps for OAuth and get viewing stats via the YouTube API. But before we to do that, time for my usual announcements.

Bar charts vs dot plots

Bar charts are great for making comparisons, dot plots help to focus on individual categories. Both are pretty easy to create with ggplot. In my newest video, I show you how:

Like every week, the code that you see in the code chunks can be found on GitHub.

What the heck is OAuth2.0?

Authentication is a bit of mystery if you don’t take a deep dive into that topic. It always starts out innocent with an API key. And all of a sudden you need some sort of secret handshake here, two ounces of a virgin’s blood there, wait 1.25 full moon cycles and you’re authenticated. It’s a bit of a mess.

So with that said, let’s not make it more complicated than it needs to be. At the end of the day, OAuth is a way to authenticate a user without giving away their password.

This involves a lot of back and forth between the user, the app and the server. And the main ingredients in this procedure are:

  • An OAuth client

  • A URL with information about the scopes (permissions) needed

  • A URL to make the authentication requests to.

The latter two things are usually provided by the API docs and the first one is something you have to set up yourself.

Set up the OAuth client

In our case, we want to get viewing stats of a particular video from the YouTube API. So we need to set up an OAuth client for the YouTube API. This requires first enabling the YouTube API in the Google Cloud Console. We can use the same project from last week and just enable the YouTube API.

There, we enable the additional YouTube Data API v3. Just hit the “Enable APIs and services” button and look for that API. Once you’ve enabled that API, you are required to set up the “OAuth consent screen”. You can leave most of the settings blank and just hit “Save and continue”. The only thing you need to do is to

  • set the client to “External” and

  • add your Googlemail as a test user.

Back on the YouTube Data API v3 page, you can create credentials. Make sure to create an OAuth client.

There, you will have to

  • set the application type to “Web application”,

  • add a name and

  • add the redirect URI. This one is important and we’ll come back to that later. Just put this to http://localhost:7094 for now. (You could change the number in the URL to any number you like)

Once you’ve created the OAuth client, you will get a notification that everything was set up successfully. Download the credentials as JSON. This one will contain all the information we need to set up the client with {httr2}.

Set up the OAuth client with {httr2}

Now we need to make sure that {httr2} can operate that client for us. This is done by using the oauth_client() function. We will need to provide the client ID, the token URL and the client secret. All of these information can be extracted from the JSON file you just downloaded (Open the JSON file with any text editor for that).

Set up the YT request

Nice, we have an OAuth client set up. Time to make a request to the YouTube API to get the stats of a YouTube video. I would use my own video for that but I want to make sure that I indeed access the public information of a YT video. That way, you can use the same code and get the same results.

So let’s use one of Ali Abdaal’s videos. We can get the video ID from the URL of the video.

And then to find out what parameters we can use to get the stats of a video, we need to consult the API docs. First thing they tell us is the URL we need to make the request to.

And the other thing we need to know is the parameters we can use. Here, we will use

  • the part parameter to specify the information we want to get and

  • the id parameter to specify the video we want to get the information for.

Authenticate the request

Now that we have the request set up, we need to stick in the OAuth part in there. All we have to do is to pipe our current {httr2} chain into the function that handles the OAuth part.

As you can see, we used the req_oauth_auth_code() function to authenticate the request. This function takes

  • the OAuth client we set up earlier,

  • the scope of the request (the permissions we need) and

  • the URL to make the authentication requests to,

  • and the port we want to use for the authentication.

And you’re probably wondering where I got the correct values from. Here’s how:

  • Scope: Search for the word “scopes” inside of the API docs and you’ll get a list of all the scopes you can use.

  • Authentication URL: It’s in the docs as well but conveniently it’s also in the JSON file we downloaded.

  • Port: This is the number we used in the URI redirect when we set up the OAuth client inside of the Google Cloud Console.

In any case, this code now works and when we execute it, our browser will open and ask us to authenticate the request. Once we do that with our Google account, the code will continue to run and we will get the data from the YouTube API. Hooray!

Get the data

Now that we got the data from YT, we can access the returned data just like we learned in the last newsletter.

Looks like Ali got 1.4 million views and 40k likes on that video. Good for him. Make sure to like and view all of my videos so that my videos can keep up 🤣 

Cache the keys

Now before I’ll let you scoot off to watch tons of my videos (I’m sure you’re motivated to do that now), I want to show you how to cache the keys. You see, {httr2} is so kind to cache the keys for you. This means you don’t have to authenticate every time you make a request.

But what if you clicked on the wrong account when your web browser opened up? That’s actually what happened to me. I thought my code was wrong as I got an “Access denied” error. But it was just that I authenticated with the wrong account. And due to the caching, I couldn’t authenticate again.

The way to solve that problem, is to specify a name under which your authentication should be cached. If you authenticated with the wrong account, just use a different name and you can authenticate again.

Hooray! We made it through the authentication process 🥳 Next week, we’ll build our UI. And as always, if you want to reach out to me, just reply to this mail or find me on LinkedIn.

See you next week,
Albert 👋

Enjoyed this newsletter and found something helpful? Here are other ways I can help you:


or to participate.