It is possible for an enterprise admin to export enterprise member information
https://docs.github.com/en/enterprise-cloud#latest/admin/user-management/managing-users-in-your-enterprise/exporting-membership-information-for-your-enterprise
This export provides the email address used to register each member account
Is it possible to perform this export via an API? Perhaps the enterprise API?
I know it is possible to export members of an Organization via the API by iterating over the response from
https://docs.github.com/en/rest/orgs/members?apiVersion=2022-11-28#list-organization-members
but I can't find anywhere in this API that actually provides a member -> registered email mapping
I know it is possible to export members of an Organization via the API by iterating over the response from
https://docs.github.com/en/rest/orgs/members?apiVersion=2022-11-28#list-organization-members
but I can't find anywhere in this API that actually provides a member -> registered email mapping
Related
I cannot access the list of available products (see attached) in the product section of my app.
Does this mean that I have access to all the self-served endpoints listed below
r_organization_social, rw_organization_admin, r_1st_connections_size,
r_organization_admin, r_ads_reporting, r_basicprofile, r_ads, rw_ads,
w_member_social, w_organization_social
and that, if I want to access other endpoints (consumer, sales, ...), I need to ask Linked into grant me access through a request form that I have to fill ?
Bests,
Lorenzo.
I'm testing Azure Graph API.
and I'm trying to find an API that allows me to retrieve only users that are assigned to a specific app I created.
In app registration page, I gave a user.read.all permission, but the get user API gives me all users that are in the AD and not only that are assigned to the app I created. Should I change the permissions? or to access an another API?
Does anybody know what to do?
Thanks
Additionally, This object id should be based on service principal and not the application registration here.
You can retrieve the object Id from Azure AD->Enterprise Applications->Your app->object ID.
You need to have at least Application.Read.All and Directory.AccessAsUser.All for delegated permissions or Application.Read.All for application permission based on user or application context.
For specific details, you can add $select parameter to show only the displayName of the users assigned to the app.
https://graph.microsoft.com/v1.0/servicePrincipals/{object Id}/appRoleAssignedTo?$select=principalDisplayName
As a workaround you can use the below graph API to get the list of users.
https://graph.microsoft.com/v1.0/servicePrincipals/{ObjectID}/appRoleAssignedTo
Note: The above graph API gives the Object Types User and Service
Principle as well
As discussed in the MS Q &A Platform This endpoint currently does not support filters based on appRoleId. In fact, except that the id parameter can be filtered, the three parameters appRoleId, principalId, and resourceId do not support filtering. Similar issues have been raised before.
Question
I am trying to find a good way to struct the permissions of my api gateway to be accessed from a external software.
The context
In my current company we have an API gateway.
When a user log in we send all the user permissions to the front-end service and generate all the menus and screens for the current user and what it is allowed to access.
Example:
{
user: joe,
permissions: [
'fancyMenu',
'anotherFancyMenu'
]
}
This approach worked really well, but right now we need to expose the API to other clients and they will access directly our endpoints.
Problem
So previously the user who had access to fancyStuff menu need to access the endpoints x,y,z to complete a operation. Each endpoints has to check if the logged user have the fancyStuff permission.
Now we need to expose our API to other softwares.
In this example the permission fancyMenu needed to access this 3 diferent endpoints to finish the operation. Get some stuff and fancy coins to create a new fancy operation.
fancyMenu -> POST /fancy
fancyMenu -> GET /coins/fancy
fancyMenu -> GET /stuff
Solution
That being said we created a new class on our api gateway and mapped all the menu permissions with the required endpoint.
One example is our menu fancyMenu now have a list of all endpoints that are required to do its all functionalities and we check this new class on all endpoints.
I am not sure if this is the right approach for the problem, but I couldn't find a better one.
I'm connected to an API that provides information about cars based on their registration. According to the docs the api can provide both user specific data and general data about the registration supplied.
I am using the connection method which does require specific users data, and therefore does not require me to gain access to any specific users account.
On my end users will visit my application and enter a registration number which I will use to call the API and return all of the information about the car.
Am I right in my thinking that my application is essentially the 'user' as far as the api is concerned, and I will only need to use one access token. I can then use this access token to make multiple API calls (one for each user that searches on my application)?
Or will i need to set up an access token for each user that visits my application and treat them separately.
Only your application making the API requests requires a token, unless the licence agreement/documentation of this car API says otherwise.
As far as your users are concerned, your application is just magically sourcing the registration info from its database.
I have created an app and some REST API on Google Appengine and deployed it to
www.my-appspot-id.appspot.com
I'm using Google Datastore to store my data and have created API's to access that data.
However, i can access my API directly also using
www.my-appspot-id.appspot.com/_ah/api/explorer
which means anyone can access them and can manipulate the data which i don't want.
How to restrict access so that nobody but some particular registered set of users can only use it?
I stumbled upon this tutorial recently, might be of some help.
I think you need to authenticate your endpoints and authorize only some client id.
OAuth 2 authentication : https://developers.google.com/appengine/docs/python/endpoints/getstarted/backend/auth
Allowed client ids and audience : https://developers.google.com/appengine/docs/python/endpoints/create_api#allowed_client_ids_and_audiences
To answer your question : you can't.
Google Cloud Endpoints is based on the explorer api: everybody will be able to navigate into your API, and see the differents methods available.
BUT if you add an authentication to your methods, the visitor will not be able to execute them.