I have an API built using Django Rest Framework and an SDK that many clients use in order to integrate with the API services.
There are no user notions, as this service is intended to be used by the websites that have integrated the SDK inside their source code.
I am trying to find a way to make the API communication between the servers and the SDK clients more secure. When the SDK is used from the website, it makes the calls on the API using an "application_id" string. There's no point in using api_keys or tokens, as the SDK code is in plain sight from the website's source.
Do you have any recommendations on this one?
Related
For our mobile apps we implemented our adapters using JavaScript where procedures simply do MFP.Server.invokeHTTP. But now we need somehow integrate with IBM Integration Bus (IIB), and I can't find any information how to do it.
I have only limited knowledge how Integration Bus works and why it needs.
Is it possible to do it with JavaScript or it possible only in Java (also all examples, that I found - it simple how to create services for IIB)?
Should we configure MobileFirst Server (via Operation Console) to connect to IIB or we need import additional packages?
If I get it correct you are already calling web services via HTTP .
IIB provides you web services like REST SOAP... in your case you can simply ask your team (IIB ) to build services as REST and expose them... from you mobile server you can simply call them like any other service... like you can provide the IIB rest service url in you http method and get resoonse back.
I'm trying to create an integration to OneDrive using the Microsoft Graph API. Our app is fully client-side, there's no moving parts on a server, so authentication has to be directly browser to Microsoft.
We have an existing integration with OneDrive that uses the older OneDrive API. That does permit client-flow authentication.
There is an example for AngularJS, but that turns out to require a NodeJS server and have a server-flow authentication, again. NodeJS authentication requires a secret to be passed over, which I obviously can't put in public JS.
I cannot find any examples of authenticating to the graph API without a secret, am I right in saying that client-flow authentication is not supported?
p.s. I have looked at Writing a simple microsoft graph client without using a web server, but this question seems to be asking whether it's possible to make API calls without user interaction, rather than what I'm asking.
If I understand your scenario correctly, you're looking for the implicit grant. I wrote a blog post on using this a while back that might also be helpful.
I have come across few chat application and the website which I don't know how these things work. can someone tell me how these application works in the website.
I have seen some website with a chat widget for helping the customer for respective to their business. On signing in these application, a script file is send to email, when it is pasted over the website. Automatically a widget is created. And this widget and the application is connected externally.
Sorry, if my question is not clear. I will give some links of application and website which give you some idea what I'm trying to ask.
Website
http://www.a1000yoga.com/
http://www.voyzek.com/contact-us/
Application
https://www.zopim.com/
https://my.livechatinc.com/
What you mean is called providing Web API,
Wikipedia's definition of Web API is :
A server-side web API is a programmatic interface consisting of one or
more publicly exposed endpoints to a defined request-response message
system, typically expressed in JSON or XML, which is exposed via the
web—most commonly by means of an HTTP-based web server. Mashups are
web applications which combine the use of multiple server-side web
APIs.
In brief, They implement their service in their servers, and let you access their services by HTTP requests.
You sign up in their website and they generate a API token(a random string maybe), then when you want use their services, you send them your requests with your API token as authentication or identifying mean, and they process your request throw their application and with your data on their servers, and send you respond.
For example when you use this messaging services(or Captchas, Ads networks, etc), they provide a piece of Javascript containing your API code, then when someone views your web page, the code will send request with your API token to API provider servers and they process data for you.
You can then access to your data through their website, another API, email or etc.
Basically I'm developing .NET API that allows a certain Javascript to access a Database through it. The database contains User Information and the API is the mediator between the client (running the javascript on their websites) and the database. The javascript simply gets the data from the DB and displays them.
My problem is, where do I host my API so that the client Javascripts can access it? What is this system called? I'm using Microsoft Azure SQL Databases to store the user information. How do I access my C# API from the client's javascripts? Do I need to host my API on Azure's API Hosting service? Very confused.
1) Client adds the Javascript and a HTML div to their website
2) The Javascript should access the API
3) API accesses the Database and gets the Data (Which is completed and it works)
4) Send the Data to the client and the javascript populates it
I just need to figure out how to make a connection between the API and the javascript on the client's website
Do I need to use THIS?
I would use ASP.NET Web.Api. It allows you to build a REST endpoint in C# that you can host on the Azure platform as well. You will be able to host it using the web sites features of Azure. Even though you want to build an API not a web site hosting it in a web site container will give you what you need:
Easy hosting solutions
Web endpoints for your client JavaScript to consume
C#.NET
Web endpoints close to your database. (Host them in the same data center)
Scalability
Monitoring
Ability to create a web site at the same address if you need to.
I haven't used Azure api management so I can't comment on that, but you will be able to get an ASP.NET Web.Api site up very quickly.
I have a site on google sites which is for members only, and I want to write a mobile app (using PhoneGap) that will provide read-only access to that site.
Is there any way to use Google APIs Client Library for JavaScript in order to access Google Sites API so the mobile app can authenticate itself and query the site?
I ended up using Google Apps Script to write a script that return the data I need. I authorized the script to access my site (as the script runs as my user), and authorized everyone that has the script URL to execute the script, and then I made my PHoneGap app get the data using the script URL.
Seems like a nice and simple (and free) way to utilize Google cloud services to do what I needed.