A question regarding the use of API’s

To call the api for an authorized user you need to generate a token:

This API allows you to generate an access token for a StubHub developer app & StubHub.com user account combination

You need a stubhub developer app and a user combo. This means that users for your app need to jump through some hoops just to get it working, which would be offputting. Think about it for a second, if an app asked for you to go on facebook and do all these esoteric things so they can manage your facebook, would you actually go through with it? Probably not. You shouldn't give an api key to anyone, so it's a massive security risk.

How is it a security risk? What if you call this api on behalf of a user in your app, and update the price of a ticket to $0.01? What would stop you, the developer of the app to do it?

You might say "I won't do that!", but that's the problem with asking people to give an app their api key and auth credentials. They have to trust you.

Long story short, whenever you're dealing with money, and point of sale stuff, security becomes your #1 issue, and you also have a set of legal challenges that you have to deal with. You can create the app for yourself, which would be a good project though. Why not create a front end app that fetches data from your stubhub account and learn how to call an api, display results, make changes etc.

/r/learnprogramming Thread