Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 months ago.
Improve this question
We are aware that there is a fee for using Firebase Authentication if you exceed the free limit for the Blaze plan as described in the following URL.
https://firebase.google.com/docs/auth#pay_as_you_go_blaze
Are there any other fees for using Firebase Auth REST API other than the fee for exceeding the free allowance in the Blaze plan?
If I use the Firebase Auth REST API, will I have to pay for read, write, delete, etc. as described in the following URL since I will be using the Cloud Firestore?
https://firebase.google.com/docs/firestore/pricing#select-region
Are there any other fees for using Firebase Auth REST API other than the fee for exceeding the free allowance in the Blaze plan?
No, the costs are same whether you use Firebase SDKs (that use REST APIs under the hood) or the REST API directly.
will I have to pay for read, write, delete, etc. as described in the following URL since I will be using the Cloud Firestore?
Firestore is totally different product from authentication and has separate billing.
You can check pricing of all the Firebase products here
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 3 years ago.
Improve this question
complete noob here.Any help is really appreciated because we are under the cosh.
My team is building out a bespoke donation form for a charity client and are trying to integrate Paypal.
The problem is that the api we are working with is requesting a Paypal ClientID and ClientSecret ID.
What is the best practice for getting these values? I've read that you have to set up a developer account via Paypal and then set up an app, however, does that mean we require access to their paypal account.
Can they grant limited access to their paypal account so we can create values?
Thanks in advance :)
You'll need to use a sandbox account:
https://developer.paypal.com/developer/accounts/
This will create a dummy version with no real transactions that you'll have full access to, alongside a production version that only your client will see.
You can determine which of these accounts is used through env vars, switching out the client ID as needed depending on which environment you're performing the transactions on.
But at the end of the day, yeah, you will have access to their production client ID and client secret ID. There's no way to get these onto your server unless your client is able to do it themselves.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I have gone thru the documentation of Account Linking but I am still unclear about the mechanics on how to build an action using a API that I do not own support Oauth2.
Let say, I want to allow Ebay users to ask "Hey Google, ask Ebay, has my order shipped?". With that question, I need to access user transactions on Ebay via API and I have no control over how Ebay OAuth2 endpoints and parameters.
Please let me know if you have done it or know a good example. Eventually, I will want to call API from various sites (some kind of mashup).
You will need to approach this in two parts - having an account in your system for each user and linking your account to their Assistant account.
The account in your system will store the credentials you need from them (usually an OAuth token) to access the API for a service on their behalf. This is typically done by having them log into your website and authorizing you to access the other service through an OAuth dance.
In the second part, the roles are slightly reversed. The Assistant now needs to get authorization from the user to access your service through an OAuth dance of some sort. This is what Account Linking does - it gets an OAuth token for your service to the Assistant so it can pass it to you and so you can verify who the user is.
Once you know who the user is (through the Assistant), you can then access their account on your service, get the auth tokens you need to access their account on another service (such as Ebay), and perform those actions.
In some situations, you can verify who the user is without Account Linking. The easiest is to require the user to sign into your service using Google Sign In (or otherwise get their Google account authorization to your service) and then use Google Sign In for Assistant to have the Assistant verify to you which Google account they're using. As above, you can then look up this account in your system and get the authorizations you have for the other services.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 4 years ago.
Improve this question
I am looking for a Google Apps API that allows me to retrieve all domain names associated with the Google Apps instance.
I am looking for the programmatic equivalent of this: https://www.google.com/a/cpanel/gcompany.nl/DomainSettingsDomains
As an added bonus it would be really nice if there is also a way to check if a given domain name is used as an Alias or in a Multi-domain configuration.
Additional requirements:
I need this API to be available using a Google App Engine app (Java).
the API must allow authentication using OAUTH.
The owner of the app is NOT a Google Apps Reseller (no special privileges).
The app only needs readonly access.
Your answer is correct. There's a issue requesting an API call to retrieve the domains associated with an instance. I'd suggest starring it:
http://code.google.com/a/google.com/p/apps-api-issues/issues/detail?id=2278
The "lightest weight" retrieve all users function is the Retrieve All Organization Users since only the primary email and Org is returned for each user, not details like first and last name, suspended status, admin status, etc:
https://developers.google.com/google-apps/provisioning/#retrieving_organization_users_experimental
domain aliases and secondary domains which have no users won't be returned by this functionality of course.
Jay
I could not locate a Google Apps API to do this. Too bad.
The next best thing is to either use the Provisioning API or User Profiles API, fetch all (user) entries, take the PRIMARY Email address for each entry and parse that to get the domain name.
This is pretty messy, especially if you've got a Google Apps domain with tens of thousands of users.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I'm ambitious to setup an SMS Gateway to provide SMS capability to multiple providers in India.
I want to provide the registered users the ability to add their own sender ID or even their mobile no. as sender ID (as 160By2 provide).
I have already explored the viability of a cellular phone based SMS gateway using Gnokii and some other proprietary stuff. But none of them are as we we all know any match to the capabilities of Bulk SMS Gateways.
I have an idea that we should sign some sort of contract with various wireless providers to be able to add messages to their SMS center queues.
I also would like to know the budget of such a setup :)
You need to get an SMS gateway and build you app over that. You can buy a SMS gateway from a company like this/smsxchange get a server on a lease and get it configured with Kannel
It totally depends on your requirement. If you want some thing like 160by2.com, then you just need to:
Buy a SMS Gateway
Build your app using thr APIs your SMS Gateway provider provides.
Setting up, Configuring, and Using Kannel to send/receive SMS messages
If you want you OWN sms gateway then get a server and install Kannel or follow this.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 months ago.
Improve this question
Hey everyone, I run an image hosting website and I'm designing an API for it. My concern is that I don't want anyone to be able to do something like:
while(true) {
Upload();
}
and spam/DoS the site.
My current solution is to limit all IP addresses to a certain amount of uploads per day/hour. I believe this will work fine for desktop applications that will use the API, but for websites that wish to use it, all the users will have the same IP (the server's).
I suppose the best solution would be to have user accounts that authenticate with the API, and then ban each account if they abuse it. The problem with this is that my site has no user accounts at all, it's all completely anonymous.
What else can be done? I would like to keep things as open as possible, while at the same time have the ability to ban users/IPs who are obviously abusing the service.
If you don't want to implement user accounts, how about having those that want to use the api sign up for an api key/secret, which you can use to rate limit with.
Check out OAuth.
Check out an open source API management tool like apiGrove; apiGrove.net or on GitHub at apigrove.github.com/apigrove. apiGrove supports a variety of approaches to API protection, including IP whitelist and authorization by key.
At one company I worked for, we implemented throttling for all non-paying customers, with a limit of a certain number of requests per day, theoretically configurable per API endpoint. If You had to supply a unique ID as your application key in each request, in the QueryString for lightweight APIs or in the POST request XML for more complex APIs. For end-users not using a public API, you could pass an authentication token instead.
If you supply a public API without requiring some kind of authentication or authorization, you'll have to resort to IP-address based throttling. But it's not hard to create a lightweight provisioning web page that allows people to sign up for API access.
Your application logic can throttle based on number of requests, like we did, or daily bandwidth, like Flickr does.
Require a token to upload, and restrict the token with a CAPTCHA. Consuming code would be something like:
// 1st request
var uploadToken = api.RequestToken(sessionIdFromUser);
if (uploadToken.RequireChallenge) {
// requires challenge due to per IP limiting
// uploadToken.Captcha could be a URL
DisplayView(uploadToken.Captcha, uploadToken.SessionId);
return;
}
api.Upload(uploadToken, captchaFromUser, byte[]);
As others have mentioned on this thread, API keys is often the way to go in such situations. The fact that your site has no user accounts doe not matter: an API key identifies an application, and not a user. (In fact, if your site did have users, you woud need separate mechanisms to identify the app and the user in an API call - this is where OAuth is very helpful).
If you do not want to create your own developer registration process, API key issuing process, throttling code, etc., I would encourage you to take a look at my company, WebServius (www.webservius.com), that provides a hosted API management layer on top of an API you provide.
For APIs developed in .NET, you can use API Protector .NET.
See this answer: https://stackoverflow.com/a/56075128/1679165