Flickr API gotcha – Changing User Permissions

Posted by admin on February 27th, 2009 filed in Tips

With the desktop version of Flickr API, you cannot remove or change a permission granted to a user. This is a poor choice by Flickr.
If a user grants me READ permission at first, and then wants additional functionality that will require WRITE permissions, there is no way for my program to handle this situation.
Worse yet, Flickr gives back an misleading error to the user (and programmer) when you attempt to change the permission:
” Oops! The API key or signature is invalid.
An external application has requested your login credentials and permission to perform certain actions on your behalf, but has failed to include all the required data.
You don’t really need to know what this means, except that you can’t use the application until this problem is fixed. (It’s a third-party problem, not a Flickr problem.)”

Obviously, this message is incorrect, as well as condescending to the developer. It also erodes user trust in your application.

The only way to change permission is to guide the user to the page for manually removing the current permission they granted your app. Then taking them back into your app to add the different permission.

So, as the developer, always start with the highest Permission level that your app will ever need for a user. In that thought, I have a use case for creating temporary photos so the user can approve the change that I am about to make to his Photo Set. The user would then be able to ‘rollback’ or ‘commit’ the updates after seeing what they look like. It would be nice to have the Delete permission, so I could clean up the album. The alternative is to use the WRITE permission and let the user do any deleting by hand. I personally, think I will go with WRITE. I would rather err on the side of caution, and make it impossible for my app to ever delete a user’s valuable photo archive. It’s also scary to give an application that kind of power, and I think I will gain more users if I don’t require them to give me DELETE permission.

Permission Spec:
http://www.flickr.com/services/auth/list.gne

Cheers,

Ed

Leave a Comment