thetravellingpear

> More specifically, it is not the result of an API call, and the output is not structured data.

Ah, got it. Thanks for explaining this

> You could do this by setting an additional parameter as documented

Perfect, I missed reading that, but will start using it – thanks!

Thanks so much for all this explanation! It’s helpful in understanding how it works.

> Google has zero provision for unauthenticated access

Ah, that’s too bad. It’s weird that this is the case. Eg, I have a shared album https://photos.app.goo.gl/qmueD6DbS2649C8h9. Anyone can see the photos, even in incognito mode not logged in to google. It’s weird that it’s not possible to display them through an api, when anyone can publically see them at that url.

> Actually you have not given Photonic any access whatsoever. Remember: you are creating your own client id, building your own consent screen, doing the authentication using it etc

Ah, right. To clarify, my issue was that I mistakenly forgot to pass in an album id once, and it allowed people to see all my photos stored in google photos. Ideally I’d like the client id to only have access to photos I’m sharing publically.

Hi Sayontan – thanks for the reply! Woops, I missed seeing those threads when I searched.

Would you consider adding a feature to allow unauthenticated access to shared albums?
– If it’s just shared albums, would this be possible without an API token?
– I’d also feel more comfortable security-wise to not give photonic access to all of my photos

Thanks,
Andrew