0

I want my desktop app to be able to download survey data for a user with another SM account.

Is this right: 1) I ask them to visit https://developer.surveymonkey.com/api_console 2) They select Custom Application 3) They enter my app's API Key , Client ID , Client Secret , which I give them 4) They click 'Get Access token' 5) SM prompts them to log in; they enter their username and password. 6) They see an Access Token that they copy and paste into an email to me so I can then embed that in code.

Is that it?

sysmod
  • 463
  • 3
  • 11

1 Answers1

0

Technically this will work, but I really don't recommend this - you're handing them your credentials to your API account, which may be a violation of SurveyMonkey's TOS and is not good practice (as they can start using SurveyMonkey's API as if they are you).

The best way to do this would be to have an embedded browser in your application and show SurveyMonkey's OAuth dialog, and have this redirect to a server you control, which then gives the client secret to SurveyMonkey and then will give you an access token to the client's account which you can store in the app. This is less hassle for the client too, but is more overhead on your end to get it up and running.

You may just be able to host your own 'API console' like SurveyMonkey's, with just the OAuth component, that you could direct your client to - it is not too difficult to implement an OAuth exchange.

SurveyMonkey has an OAuth guide here to help you out with some of the details: https://developer.surveymonkey.com/mashery/guide_oauth

Miles Cederman-Haysom
  • 1,124
  • 6
  • 7
  • Thanks, Miles - "it is not too difficult to implement an OAuth exchange" - it is for me :-( My application is in VBA in Excel. Do you have a template html or php file I can simply edit with my credentials and upload to a website I control? I see that oAuth guide page has python code - I could ask the hosting company if they support python but then I'd have to learn that too. PHP I can hack. The script would need to email me the returned token, or maybe simply write it to a file I can download. – sysmod Nov 29 '14 at 18:08
  • There's a PHP wrapper out there made by a third-party: https://github.com/oori/php-surveymonkey Otherwise your best bet may be to email api-support@surveymonkey.com and see if they're okay with your original implementation. – Miles Cederman-Haysom Dec 01 '14 at 05:20
  • Thanks, Miles. BTW the link on that guide_oauth page gives me a 404: https://github.com/SurveyMonkey/python_guides/blob/master/guides/authorization.py – sysmod Dec 01 '14 at 10:59
  • Oh, I've just checked the oori page. It has the procs for getting responses, which I already do. It's the oAuth stuff I need to do. Also, it it just occurred to me: if the script contains my clientid credentials could not someone just read the script to find them? – sysmod Dec 01 '14 at 11:05
  • For the record, here's the correct link: https://github.com/SurveyMonkey/python_guides – sysmod Dec 01 '14 at 11:16
  • The PHP script will run server-side, it should not be exposed. And my apologies - I hadn't fully inspected the PHP wrapper, I didn't realize it didn't do the OAuth you needed. – Miles Cederman-Haysom Dec 01 '14 at 20:33
  • Ah OK Miles, yes, I remember now, the script should be rwx--x--x, no r allowed. – sysmod Dec 03 '14 at 09:39