Some questions that will guide you to an answer:
(1) Does Google provide a mechanism to restrict the APIs to just read-only
access (I don't think they do).
(2) How trustworthy is this other website?
If the other website were just pulling data, you could envision giving it a
restricted PPK with just read-only access to your data.
Since you "own" both your ODK Aggregate server and the Fusion Tables you
publish into, the PPK for that would typically be considered your
private-use PPK to make your infrastructure work. The fewer of these, the
easier it is to maintain your internal infrastructure, which is why we
don't have you set up a different PPK for all the different Google APIs
that the server might use -- we have one PPK with all of those capabilities
associated with it.
If the other website is "external", and not part of your internal
infrastructure, a different PPK is generally warranted. This makes it easy
to revoke / cancel that access without causing your internal operations to
come to a grinding halt.
···On Wed, Aug 3, 2016 at 9:13 PM, Jefferson Francisco < firstname.lastname@example.org> wrote:
This is a question regarding the Google Fusion Tables API
I have an ODK Aggregate on Google Apps Engine, and I publish data to
Google fusion tables.
I am pulling data from Google Fusion Tables to a website that uses Fusion
Tables as a database.
The question: Should I use the same Client ID and Public/Private Key pair
to communicate with the Fusion Table that was generated when I followed the
steps to set up publishing to Google Fusion Tables from ODK Aggregate?
Any best practices for this type of scenario would be great. I will
definitely share my experience and help anybody else with the same
situation in the future.
You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to email@example.com.
For more options, visit https://groups.google.com/d/optout.
University of Washington