0

We got an email from noreply@youtube.com requesting information for an API compliance audit. However, we find it hard to believe that the request is legitimate, given the nature of the information requested and the short timeframe.

Can a Google engineer please verify that this is how API Complience Audits are performed?

The email is formulated as in this post: YouTube API Compliance Audit

A few of the issues with this request from the top of my mind:

  • "A fully functional demo account to access the API Client is required". By fully functional, do you imply an administrator account?
  • "The credentials will not be shared". The catastrophical consequences for my career for being responsible of creating a fully functional demo account, sharing the credentials, and then have them leaked, cannot be described by words.
  • Are you seriously asking to have the information not included by the form to be physically sent by mail?

The question is asked here, since the API documentation points to Stack Overflow for support.

Kaffekoppen
  • 392
  • 3
  • 12

1 Answers1

1

Yes. The email text matches the one from a legit request that I got. If you hit the reply button in your email app you may see a proper email address showing up since it may be given as a separate reply-to email address.

The demo account shouldn’t be an admin account. Just an account that has access to all features that your users can get access to as well. They use it to look at your software.

Well, security is indeed not ideal. You can at least close the account again once the compliance review is finished.

I know going through the compliance review can be worrisome since it feels like it puts everything you already built on the line. But in my experience they are willing to work with you. If you are unsure how to fix a certain violation that they will report back to you in the step after this one then I recommend that you start with a fix as far as you can be certain and then suggest possible fixes for them to choose. This proactive behavior allowed me to go through the review relatively fast.

analog-nico
  • 2,750
  • 17
  • 25