I'm using Giphy's API and currently have a development key. I am looking to deploy my site but don't know whether it is a public facing key or a private one, and cannot find an answer online nor after asking them directly.
Here is the official response to this question from GIPHY:
GIPHY APIs are designed to be used on the client side (and hence the API key too). You should go ahead and use it that way. Once development is complete - please apply for Production access for the key through the Developer Dashboard, this removes Rate limits associated with a beta key, so you don't have to worry about high traffic.
Lastly, and most importantly - GIPHY has monitors setup for API key abuse and we'll reach out to you if anything happens. We definitely don't want you to worry about it.
From here
Seems shouldn't be worrying about it.
While I generally tend to agree with Jay's answer, after reviewing their introduction and the specific javascript sample it seems to me that this key should be used from the browser and as a result it is practically a public key.
I would assume that later on in the process, to avoid abuse with production API key, they might only serve requests coming from a domain you registered along with that key.
Development key is anyhow for limited testing purposes as far as I understand so that's less of an issue if there's no registered domain for that.
Related
I needed to implement speech 'identification', ie. Guess if the person who is trying to login, is actually him/her, by matching his/her voice.
To consider the case, where the app doesn't recognize the person, but the user is himself trying to login, then he may bypass it with a pin, setup during initial settings.
I am using Python and Flask, to build the webapp, and included javascript in the question, so as to know of possible ways in it too.
Till now, i read about it from some sources, but i couldn't arrive at a possible solution, on stack overflow, as well as 'few' blog posts.
The best 'possible' solution i could arrive at was Cognitive Speech Services by Microsoft -
https://azure.microsoft.com/en-us/services/cognitive-services/speaker-recognition/
I also thought of recording the voice using the Recorder.js, and analyzing at the server end, but couldn't implement it.
So, i wanted a way to implement it on the web app, even a simple gist with a bit of code on using ms cognitive services (i did read pages of the documentation, but it didnt help much), or doing it by python will be helpful.
The documentation at https://learn.microsoft.com/en-us/azure/cognitive-services/speaker-recognition/home will be helpful. Note that there are clickthrough links to the API reference. It explains the high-level process (use “enrollment” to train).
We have speaker identification, which is distinguishing who is speaking from a group of known voices that you train with. You need to provide labelled data (meaning examples of a known speaker talking): see https://westus.dev.cognitive.microsoft.com/docs/services/563309b6778daf02acc0a508/operations/5645c3271984551c84ec6797.
or
Please follow the below link speech SDK samples.
https://learn.microsoft.com/en-us/azure/cognitive-services/speech-service/
You can use batch transcription api and enable diarization.
https://learn.microsoft.com/en-us/azure/cognitive-services/speech-service/batch-transcription
As #Ram pointed out that we can use the Microsoft Cognitive Services, we used the same to implement it.
First, we needed an API key from Microsoft for the Cognitive Speech Service (they give a 2 keys, and an endpoint for 7 days in a free trial, without any card, and another free version for a year maybe, with card details)
Get the API keys here : https://azure.microsoft.com/en-in/try/cognitive-services/?unauthorized=1
Then, i went through the documentation of Microsoft, but couldn't really be helped by it.
What helped was this : https://github.com/rposbo/speaker-recognition-api
I went through all files, and the 'needed' part was mainly in the speech-recognition-api-demo-core.js and the demo.html
First understand what it's really doing, then only you can implement it on your page.
That actually concludes the answer, since that's how it 'can' be implemented using Javascript.
Extra - https://github.com/AdityaGupta150/ProtoMain - We have used only the needed part of Robin posbo's code (you won't be able to just copy paste, first understand it), and implemented it, you can see that in templates/verification.html
I'm currently working on a project and just started out working with ReactJs. (so still a noob)
And I'm asking myself: Users who use the React dev tools can see all your props and states. How can I prevent users from seeing e.g. IDs and more 'private' stuff?
Thanks in advance
This isn't actually a ReactJS question, but a Web Browser / Internet architecture question. Unfortunately the data will always be available in the client to be intercepted, that's because they need the data at their end to be able to interact with the application. You have to rely on your user's browser extensions and internal security measures.
Nonetheless, you can make your data a little harder to understand. This won't prevent experienced "hackers" to read it, but might prevent some malicious user messing around with your application.
Minify the code and hide the source maps to make the debugging harder in the production environments.
Encrypt your data using base64 or some custom encryption technique to make it harder to be read.
If your code must run in unprotected environments (such as public WiFi) and that's a security concern, implement some kind of end-to-end encryption in your APIs.
And, the most important: only send to the client the data they actually need, data that is safe to be transmitted.
I have been trying to use isCustomResponse() API to grab the responses back from the network. I need to test the responses before I can make decision on what I need to do next in my Cordova app.
I had earlier asked a similar question before # submitLoginForm() does not send the data to the authentication server - MobileFirst Cordova client
and it was informed that isCustomResponse() API is no longer available in MFPF8. When I look at the API list on MFPF8 online help here: https://www.ibm.com/support/knowledgecenter/SSHS8R_8.0.0/com.ibm.worklight.apiref.doc/html/refjavascript-client/html/WL.Client.AbstractChallengeHandler.html
the API is one of the available APIs. Can someone please confirm whether this API is available or not. If it is not available, then I guess the online documentation requires an update.
Further, if this API is not available, can you please let us know as to why is this being removed from MFPF8?
Thanks.
In Foundation 8.0, in most cases your security is implemented as a Security Check. When using a security check, the API isCustomResponse is no longer relevant: the framework will check the name of the security check to determine whether to activate the challenge handler. These types of challenge handlers are called SecurityCheckChallengeHandler.
There is one special scenario where you may still be interested in isCustomResponse: if your security is implemented by a third party gateway, such as DataPower.
In such a case, you need to use a different type of challenge handler, called GatewayChallengeHandler. In JavaScript they are created using the API WL.Client.createGatewayChallengeHandler (see documentation: http://www.ibm.com/support/knowledgecenter/SSHS8R_8.0.0/com.ibm.worklight.apiref.doc/html/refjavascript-client/html/WL.Client.html#createGatewayChallengeHandler).
There you can use the old APIs such as isCustomResponse and submitLoginForm.
EDIT: With 8.0 GA, isCustomResponse has been renamed canHandleResponse.
Important notes:
There is a known issue in 8.0 beta that may prevent "gateway" challenge handlers to be triggered in some cases. This should be fixed when the release of the 8.0 GA version. Fixed.
The names of these challenge handlers and APIs are scheduled to change upon GA, so keep an eye out for this. Done, see this blog post: https://mobilefirstplatform.ibmcloud.com/blog/2016/06/22/challenge-handlers/
The API documentation will be updated with the release of GA as well. Done.
I'm just starting with Google Maps API (GMA for short) and I came to understand it is good to have the GMA Key (GMAK for short) regardless of not being necessary IF you are not to set foot beyond the limit quota. It happens that I probably won't but that is not the concern here.
I just need to note that I'm referring to the v3 version of GMAK. And I have not previously used a GMAK or the GMA; I have always used the code you get from Google Maps itself. So I really don't know much regardless of searching a good amount of time and knowing I will use JavaScript to use the GMA.
I have a lot of websites that I own and some more I administer. But just recently I got the need for GMA for myself and some clients will need too. So here is the question:
Do I need to use a GMAK for each website - meaning creating a Google Account for each website? I mean, is the quota specific to the GMAK or each service will have it's own quota?
And supposing the GMAK quota is specific to website/app and not the GMAK itself: in case of me not being the administrator for one of my ex-clients website anymore, should I inform that I will revoke the GMAK access for that website? Or should I make them provide one GMAK to begin with and not worry it if they finish the contract with me?
I worry and fear that Google will revoke my GMAK because maybe OR all the websites together will reach the quota OR some website of my client will reach it and if they don't pay me, all of my other services will lose the function by not having a GMAK.
The quota belongs to "projects", so you may say it's specific to a key, because each project does have it's own key.
When you can't give a guarantee that access to your key will be granted in the future you should either not use a key or force the client to create an own project and use the key of the client.
However, no matter if you grant access in the future or not, I wouldn't recommend to use your key at all, because when any of the clients will violate the TOS in any manner(there are more cases than hitting the quotas) your own key/project is affected(and of course any webpage/app of any client that uses the particular key). In worst case it may be that your entire google-account is affected.
So you should either use the key of the client(when available) or omit the key.
I don't know much about databases, I've been asking a few questions about them lately to get a better understanding but I'm still a bit confused about what does and doesn't need one.
I'm making a simple application using HTML/CSS/JavaScript, it has a few quizzes and "tutorials" targeted towards children. I don't want the next tutorial/quiz to be unlocked until the previous one is completed.
So for that would I need a database so that it "saves" when one is completed? I don't need to save scores or anything like that, they just get to move on once they get a passing score.
Any other requirements such as saving to a profile or needing to persist between sessions (e.g. changing of device)?
Browsers have localStorage APIs now which allow you to save a lot of the data (and keep it for a set duration of time). There are also good'ol'fashioned cookies which allow you save pieces of information as well.
Keep in mind that both of the above mandate the user use the same browser and allow these mechanisms. Obviously using "private"/"incognito" browsing would also affect saving status.
It's up to what you feel the requirements are.
EDIT Just saw your mention of a mobile app. If you're planning on allowing the experience to transcend devices, you'll need a database. otherwise, you'll be relying heavily on if they use cross-device sync (like Chrome and Firefox do with bookmarks, passwords, etc.)
If you don't mind that people can do a "view source" on the webpage or use every browsers' developer tools to find out the answers or move on to the next tutorial or quiz, then you can use cookies to store the user's status. Or you can use the preferable Web Storage API.
You might want to look at Firebase. Using just simple JavaScript on the web browser, you can have users with logins (or just allow them to login via Facebook or other services) very easily. And then you can store and retrieve data very easily as well, like quizzes, tutorials and results. This way nobody can see the answers even if they're adept at analyzing the webpage.
When you don't use database, before any check, you have to load all data in your static page.
So My sloution: store students situation in a cookie. On each page check cookie status and then use Jquery remove() to remove (Client-side) those parts of page that he/she can not access.
EDIT
This wont work when JavaScript is disabled.
There seems to be a lot of ideas but no clarifying on the database subject.
TL;DR is: No.
Now for the specifics. A database is nothing more than a way to store information. While traditional "SQL" databases (it is pronounced "Sequel" as in "My Sequel" for MySQL) have concepts of tables, where you define columns with items to store and saves each row with its value, much like an Excel file, some databases like Redis store key-value pairs and others lide MongoDB store JavaScript Objects.
You can store information in the source code (As Variables possibly) or in a file. A database is a way to organize that information.
With that said, in your case, you probably need a backend or an API. An API is basically a means of communication with a server through AJAX (JavaScript in the browser asks for stuff). That would be your way to retrieve information from the server as needed, so that users wouldn't see the answers before they answer.
With that out of the way, there are some options. FireBase (As noted on other answer) and AppBase are easy ways to integrate this concept with little effort. But they tie you and your information to their system, and they are mostly targeting more resource intensive apps.
Since you are using JS and seem to be enjoying your learning experience, I would suggest you consider suing NodeJS and defining the data as either a JSON file or a variable in JS. You keep working on your problem but add options and get to learn some stuff.
If you decide to integrate a database and possibly do some neat stuff, you have most of the groundwork done already.
If NodeJS picks your interest, Mean.IO and KrakenJS are, in my opinion, the best places to start, though they may both seem overkill in your specific case.
Do consider though: A database is just a small possible piece in a puzzle, and it's mostly a horrible way to name some of the software that tries to organize your information. Consider first if you need to organize information, and what and how do you need to organize, then start thinking if databases are the best way to organize it.