關於 storefront api ，我們在網路上蒐集到這些相關的討論、資訊與評價

Shopify's Storefront API allows you to build custom ecommerce experiences. Each directory is a self-contained example application that demonstrates usage of the ... ... <看更多>

... <看更多>

Citrix StoreFront Web API（简称为“StoreFront Web API”）是面向Citrix StoreFront 服务的编程接口，专门设计供通常使用JavaScript 和Ajax 技术的基于浏览器的Web ... ... <看更多>

... <看更多>

It is possible you are running old elastic-search version in vuestorefront-api . generally vue-storefront-api provide two elasticsearch ... ... <看更多>

Note: Complying with the YouTube Developer Policies provides guidance and examples to help you ensure that your API clients follow specific portions of the YouTube API Services Terms and Policies (API TOS). The guide offers insight into how YouTube enforces certain aspects of the API TOS, but it does not replace any existing documents.

This document (the "YouTube API Services Policies" or "Policies") sets out the policies that you need to follow when accessing or using YouTube API Services in your service, product, or application. These Policies help you access and use YouTube API Services in ways that are consistent with YouTube's interests and that respect and foster the growth of YouTube's community of creators, viewers, content rights holders, and advertisers.

In addition to defining policies, this document explains some of the underlying principles that YouTube followed in creating these Policies. It also offers examples that demonstrate how these Policies would apply in practice.

Please note that this is a legal document and that these Policies are a component of the Agreement, so you must comply with them. YouTube reserves the right to change these Policies, and your continued access to, or use of, YouTube API Services constitutes your agreement to and acceptance of any such changes. Policy changes, like changes to the YouTube API Services Terms of Service, will be documented in the Terms of Service Revision History, and you can subscribe to the RSS feed for that revision history to be notified of any such changes.

I. Terminology and style

This is a legal document that specifies policies about allowed or prohibited actions. As such, it uses certain terms to specifically indicate whether you can or cannot do something. With that in mind, the following terms are used to explain your requirements as related to these Policies:

The terms must and required refer to absolute requirements.
The term must not refers to an absolute prohibition.
The terms should, should not, recommend, and recommended indicate that the statement describes a general best practice. While these terms suggest certain actions or behaviors, they acknowledge that you might decide to follow a different course based on specific aspects of your use case.
The term may indicates that an action is optional and left entirely to your discretion or, depending on the context in which it is used, to YouTube's discretion.

In addition, the Definitions section that concludes this document identifies other terms that have a very specific meaning when used in this document. For your convenience, this document uses a special style for those terms to so that you can easily identify them in context and link to their definitions.

II. Software Development Principles

These principles underlie many of the policies in this document. Even though they might not cover every policy, if you violate or your API Clients violate any of these principles, you are likely also violating the terms of the Agreement. That said, if local law requires you to do something other than what is stated in these policies -- for example, to store data for a particular length of time -- you should comply with that law.

Build high-quality applications and maintain them.

Build stable, easy-to-use, feature-rich API Clients that bring significant additional value to the YouTube ecosystem and its users. Promptly update API Clients as the features offered in YouTube API Services change.

Be honest and transparent.

This principle applies to all facets of API Clients and the way that they interact with users as well as with YouTube. In keeping with this principle, be clear about who you are and what your API Client does. Don't engage in any deceptive activity or messaging related to your identity, your data collection, storage, sharing, use and deletion practices, actions that your API Client takes on users' behalf, or anything else. Be honest and do not mislead or confuse users in the way you use and present data.

Give users control.

Building on the importance of transparency, this principle dictates that users must be aware of and have actively consented to the actions that an API Client takes on their behalf. It means that users know about and have final authority over any actions the API Client takes to insert, share, update, or delete their data. It also means that each API Client must provide a privacy policy that clearly informs users about the information that the API Client accesses, collects, stores, shares, and otherwise uses.

Respect users' privacy.

Make sure that your data collection, storage, use, security, and deletion policies and practices protect users. Don't allow unauthorized access to, or use of, user data. Don't store user data indefinitely, and provide a clear, straightforward process for them to delete data in your possession. Finally, don’t, and do not make attempts to, request, collect, or store users' YouTube login credentials.

Be a good citizen.

Don't create API Clients that encourage or enable people to abuse, threaten, or harass each other. Don't use, distribute, or promote viruses, spyware, malware, or other bad stuff. Don't break the law or encourage or enable others to do so. Hopefully, this is all common sense.

III. General Developer PoliciesA. API Client Terms of Use and Privacy Policies

API Clients must display a link to YouTube's Terms of Service (https://www.youtube.com/t/terms), and they must also state in their own terms of use that, by using those API Clients, users are agreeing to be bound by the YouTube Terms of Service.

Each API Client must require users to agree to a privacy policy before users can access the API Client's features and functionality. The privacy policy must:

be prominently displayed and easily accessible to users at all times,

notify users that the API Client uses YouTube API Services,

reference and link to the Google Privacy Policy at http://www.google.com/policies/privacy,

clearly and comprehensively explain to users what user information, including API Data relating to users, the API Client accesses, collects, stores and otherwise uses,

clearly and comprehensively explain how the API Client uses, processes, and shares the user information described in section (III.A.2.e), including how the information is shared with either internal or external parties,

disclose, if it does so, that the API Client allows third parties to serve content, including advertisements,

disclose, if it does so, that the API Client stores, accesses or collects (or allows third parties to do so) information directly or indirectly on or from users’ devices, including by placing, accessing or recognizing cookies or similar technology on users' devices or browsers,

if the API Client accesses or uses Authorized Data, explain that, in addition to the API Client's normal procedure for deleting stored data, users can revoke that API Client's access to their data via the Google security settings page at https://security.google.com/settings/security/permissions, and

if the API Client uses Authorized Data, explain how users can contact the API Client owner or developer with questions or complaints about the Client's privacy practices.

B. Maintainability and Deprecation

API Clients must use the most recent versions of YouTube API Services. This means that you must be able to update API Clients when newer versions of YouTube API Services are released. Non-website API Clients, like mobile apps or installed applications, must be capable of being remotely updated to use the most recent versions of YouTube API Services. You must update your API Clients to the most recent versions of the YouTube API Services within a specified time period if required by YouTube from time to time (e.g. for critical updates).

When YouTube intends to make backward incompatible changes to the YouTube API Services, such changes will be documented in the Terms of Service Revision History, and you can subscribe to the RSS feed for that revision history to be notified of any such changes.

You must promptly update non-deprecated API Clients to use newer versions of YouTube API Services as those versions are released.

You must update deprecated versions of your API Clients to clearly indicate to users that some functions or features of YouTube API Services might stop working due to the API Clients' deprecated status.

C. Implementing YouTube Features

API Clients must also comply with the Requirements for Minimum Functionality for YouTube API Services ("RMF"). In addition, API Clients must not place any limitations on the YouTube functionality required by the RMF.

For example, the RMF states that an API Client that enables users to upload videos to YouTube must enable those users to set a title for each uploaded video. YouTube's video title field has a maximum length of 100 characters, and an API Client must not set a shorter maximum length for that field.

Any API Client feature that initiates a user action related to a YouTube resource must be:

clearly and unequivocally identifiable as a YouTube action,
distinct and not mixed with your API Client's functionality, and
clearly initiated by the user.

Examples of YouTube resources include videos, channels, playlists, playlist items, and subscriptions. Examples of actions include playing a video, liking a video, adding a video to a playlist, and subscribing to a channel.

API Clients that perform write operations may suggest parameter or property values, but users must have final control over the data that will be published to YouTube Applications. Similarly, API Clients must not modify user-provided values before sending them to YouTube by truncating, appending, or otherwise altering those values unless the user has explicitly consented to such changes.

API Clients that suggest values for text fields, like video titles or descriptions, must incorporate relevant keywords into those values. For example an API Client that suggests video titles should not generate the same default titles for all users.

These examples illustrate how this policy would apply to an API Client that uploads videos to YouTube:

The API Client may suggest a video description or pre-populate the video description. However, it must not add information to the video description after it is submitted by the user and before it is sent without the user's prior consent. For example, the API Client must not append the recording date, API Client name, or any other text unless the user has explicitly consented to such changes.

An API Client may provide an option to translate a video title to other languages. However, the API Client must not add any such translations without the user's consent. In addition, if the API Client's default behavior is to enable the option to translate the video title, it must clearly present to the user an easy way to disable that behavior.

API Clients must clearly indicate how user-provided data will be used on YouTube.

This policy is particularly relevant for API Clients that interface with multiple services and platforms since there may be functional or labeling differences between those services and platforms.

For example, an API Client enables users to add comments about videos to multiple platforms, including YouTube. Each platform uses a different name to refer to the comment text. So, if the API Client labels the field "Feedback" in its comment form, it needs to clearly indicate that that value corresponds to the comment text on YouTube.

API Clients that use search functionality provided by YouTube API Services must not modify or replace the text, images, information, or other content of, the search results returned by those Services.

For example, API Clients must not merge or intermix results from sources other than YouTube and present them as YouTube search results.

An API Client should not limit or reduce the functionality of a YouTube feature unless that limitation is a core aspect (as described in the examples below) of the API Client itself and that YouTube feature is not required by the RMF ("Permitted Feature Limitation").

Example 1: Permitted Feature Limitation

The YouTube Data API service allows a video uploader to provide translations of a video's title. Generally speaking, an API Client that implements this feature should allow uploaders to translate video titles to any language that YouTube supports. However, an API Client that is specifically designed to teach users to speak French and that offers a range of features specific to French translations might be justified in only offering users the option to upload French translations of video titles.

Example 2: Non-permitted Feature Limitation

A second API Client supports video uploading to YouTube and two other platforms, and all of those platforms allow the uploader to provide translations of the video's title. However, while YouTube supports more than 70 languages, the other two platforms each support half that number, and the three platforms support 25 languages in common. If the API Client supports only those 25 languages for translation, then that is a non-permitted feature limitation because the limited set of language options is not a core aspect of the API Client. Instead, the API Client must offer the full range of languages that YouTube supports.

API Clients with Permitted Feature Limitations must explain to users why each limitation is in place and make clear that the limitation is not imposed by YouTube. In many, if not all, cases, there are different ways that an API Client could provide that information, and you should choose an appropriate method for your API Client. Within this explanation, an API Client should provide a mechanism for users to access the full feature (such as linking to YouTube Creator Studio or providing an expandable menu within the API Client).

In the example 1 above, the API Client could explain that video uploaders can add translations for other languages in the YouTube Creator Studio and provide a link to that functionality.

API Clients that offer features sourced from multiple services and platforms should offer feature parity to the extent that it exists across those sources, providing user choice. When API Clients include features that are supported on YouTube and on other platforms, API Clients must not consistently present YouTube features in a detrimental way (e.g., by only providing those features from other platforms).

For example, suppose an API Client allows users to upload videos to YouTube and three other platforms, and all of those platforms support the ability to upload captions. If the API Client also supports caption uploading, then it must support that feature for YouTube.

D. Accessing YouTube API Services

API Credentials

To access or use some YouTube API Services, you must first use the Google Developers Console (https://console.cloud.google.com/) to create API Credentials for your API Project and API Client.

In addition to creating API Credentials, the Developers Console might require you to provide certain other information, such as identification or contact details, before you can access or use the YouTube API Services associated with those credentials. YouTube reserves the right to require you to provide additional information to continue to access or use YouTube API Services.

If you need to create API Credentials to access or use a specific YouTube API service, the documentation for that service explains how to create those credentials. For example, the YouTube Data API service, YouTube Reporting API service, and YouTube Analytics API service all document steps for creating API Credentials. Those steps generally differ slightly from one API service to another. For example:

Some services only support authorized API requests, while others support authorized and non-authorized requests.

Services often support multiple access scopes. Each scope specifies the resources that an API Client can retrieve, insert, update, or delete on the user's behalf. Scopes enable API Clients to only request access to the resources they need, and scopes also enable users to control the amount of access that they grant to those Clients.

The following policies also apply to access and use of YouTube API Services:

You must not mask or misrepresent your identity or your API Client's identity when accessing or using YouTube API Services or when creating an API Project to access YouTube API Services. Similarly, you must not use any other means to mask or misrepresent your API Client's access to, or usage of, YouTube API Services.

If your API Client needs to create API Credentials to access or use YouTube API Services, you must create exactly one (1) API Project for multiple API Clients.

You may share your API Credentials with agents operating solely on your behalf and under a written duty of confidentiality. However, you must not share or disclose your API Credentials to any other third party, allow access to or use of your API Credentials by any other third party, or embed your API Credentials in open source projects.

User Authentication and Authorization

Authentication and authorization refer to the process by which users identify themselves and consent to allow an API Client to access certain user-specific data. Some YouTube API Services do not support access to user-specific data and therefore, do not require any authorization, others require authorization for some requests or data, and still others require authorization for all requests. For example:

The YouTube IFrame Player API service, which lets you embed videos in a website, does not require authorization just as users do not need to log in to the YouTube website to watch a video.
The YouTube Data API service requires authorization for some actions. For example, an API Client can search for public videos but does not need user authorization to do so. However, an API Client does need user authorization to upload a video to the user's YouTube channel.
The YouTube Analytics API service and YouTube Reporting API service require authorization for all actions.

Authentication

API Clients must not (and must not attempt to) obtain, proxy, request, collect, modify, cache, store, or use any information that the user provides or that YouTube displays to the user during authentication processes, including YouTube user account login credentials like usernames and passwords.

API Clients must obtain user consent in accordance with the applicable laws and only request access to authorization scopes that they currently use. The access that an API Client requests should have a direct and transparent benefit to users of that Client. Do not try to future-proof your access to data by asking for permissions that would enable features that you have not yet built.

For example, the YouTube Data API service supports one authorization scope that grants access to read data and another that grants access to read and write data. If a user granted an API Client access to the first scope, that API Client would be able to retrieve information about the current user's YouTube channel. However, if a user granted the API Client access to the second scope, the API Client could also upload a video to that channel.

In this scenario, an API Client that does not support YouTube uploads (or other write-based actions) only needs to request access to the first authorization scope, which is more limited in the privileges it grants. Even if the API Client's developer plans to eventually introduce support for write-based actions, the developer cannot future-proof the API Client by requesting access to the authorization scope for writing data before the Client actually supports features that require that scope.

API Clients should request access to authorization scopes in context whenever possible. By requesting access to user data in context, via incremental authorization, an API Client enables users to more easily understand why it needs access to that data.

API Client Identification and Representation

API Clients must clearly and accurately identify to the user the entity or product that is requesting access to user data and the reason for requesting that access;

API Clients must not mislead users when requesting access to data so that users can make an informed decision about whether to grant access to those Clients. Users should be able to readily understand both the value of providing the data that an API Client requests access to and the consequences of sharing that data.

API Clients must clearly and comprehensively identify to users the purposes for which they access and use user data. API Clients must not use user data for secondary purposes that are not clearly disclosed to users.

Users should not be surprised to learn that an API Client contains hidden features, services, or actions that are inconsistent with the Client's marketed purposes.

Revocation

Every API Client must provide a clearly explained and easy way for users to revoke any authorization consent they have provided to an API Client to access YouTube API Services.

When a user revokes consent through this mechanism, the API Client must programmatically revoke that token right away to communicate the change in permissions to Google. For example, an API Client could use a Google API Client Library to revoke the token.

In addition, following revocation of consent through this mechanism, you and your API Clients must delete all Authorized Data that was accessed or stored pursuant to that consent. That deletion should happen as soon as possible and must take place within 7 calendar days of the revocation.

As noted in section (III.A.2.i), every API Client must include in its Privacy Policy a link to Google's security settings page (https://security.google.com/settings/security/permissions). When a user revokes consent through that page, you and your API Clients must also delete all API Data related to that user that was accessed or stored pursuant to such consent. To comply with this policy, your API Clients will need to periodically reconfirm that its authorization tokens are still valid and delete API Data associated with users whose authorization tokens cannot be refreshed.

Based on the requirements defined in section (III.E.4) regarding stored data, all such deletions should happen as soon as possible and must take place within 30 calendar days of that revocation.

Usage and Quotas

YouTube may use quotas and place use restrictions to ensure that YouTube API Services are accessed and used as intended and that you and your API Clients do not reduce service quality or limit access for others.

If your API Client reaches the quota limit for a service,
you can apply for a quota extension by completing an API Compliance Audit where you must specify the use case for which you need the extension.
If you have been audited in the past 12 months and have been marked compliant by YouTube API Services team, you can apply for an additional quota extension.

If YouTube approves the application, you must use the additional quota granted only for the approved use case. If your API Client's use case changes, to use any allocated quota for the new use case, you must notify YouTube of the change by resubmitting an API Compliance Audit and receive approval for the application.

If YouTube rejects the application, you can file an appeal.

Inactivity

YouTube reserves the right to disable or curtail your access to, or use of, specific YouTube API Services if your API Project's quotas for specific YouTube API Services. If your API Client's quota is reduced or eliminated, you may reapply for quota or a quota extension, and YouTube will review that application based on YouTube’s determination of your expected use of the YouTube API Services.

Contact Information

YouTube’s primary means of contacting you about your API Project authenticates with to access and use the YouTube API Services.

"API Data" is defined within the definition of "YouTube API Services" later in this Definitions section.

"API Project" means the project created in the Google Developer Console that is required for API Client(s) to access and use the YouTube API Services.

"Authorized Data" means API Data that an active user expressly authorizes an API Client to access or otherwise use via User Credentials.

"Google Applications" means Google websites, applications, services, products, pages, and other properties.

"Non-Authorized Data" means API Data accessible by an API Client without User Credentials.

"Terms of Service" means the YouTube API Services Terms of Service currently located at https://developers.google.com/youtube/terms/api-services-terms-of-service.

"User Credentials" means the credentials issued to users that users can authenticate with to permit API Client(s) to perform operations on their behalf that require authorization.

"YouTube API Services" means (i) the YouTube API services (e.g., YouTube Data API service and YouTube Reporting API service) made available by YouTube including those YouTube API services made available on the YouTube Developer Site (as defined below), (ii) documentation, information, materials, sample code and software (including any human-readable programming instructions) relating to YouTube API services that are made available on https://developers.google.com/youtube or by YouTube, (iii) data, content (including audiovisual content) and information provided to API Clients (as defined above) through the YouTube API services (the "API Data"), and (iv) the credentials assigned to you and your API Client(s) by YouTube or Google.

"YouTube Applications" means YouTube websites, applications, services, products, pages, and other properties, including https://www.youtube.com, m.youtube.com, mobile applications like the YouTube Gaming application, and so forth, but excluding YouTube API Services.

"YouTube Brand Features" means the trade names, trademarks, service marks, logos, domain names, and other distinctive brand features of YouTube.

... <看更多>