How OneShop Provides Account Automation Without Poshmark API Access - api

I was unable to find a similar question posted in the past on this site. The website, OneShop, provides account automation as a paid service for users selling on the Poshmark platform (as well as other websites).
This includes listing, sharing listings, as well as other services. The number of actions against a user's account can be over 1,000 in a day. The service on the platform is not a web browser extension, so the actions are taking place directly on OneShop servers.
My questions on this topic are these, with consideration of Poshmark having no available APIs:
How is the user's account not flagged for unusual activity from an unrecognized IP address ?
How are the OneShop IP addresses, over time, not blacklisted through the course of providing service to 1,000's+ of accounts ?
What method of programming would someone use to circumvent the need of an API in this context? Spoofing IP addresses to make it appear the activity is coming from each account owner's IP address?
This is posed as multiple questions, but the core of this post is to understand how it is possible for OneShop to provide the service they offer successfully without leveraging any available API's with Poshmark.
I very much appreciate this community and frequently come here for support of all kinds in the space of programming.

Related

Creating a survey via the API with a Basic or Select account

Under "Scopes" the API documentation says "...the Create/Modify Surveys scope is available to Free (Basic) plans", but later contradicts that in the table showing "Platinum/Enterprise" as the minimum plan for the Create/Modify Surveys scope.
I am developing an application for a client that I believe has a Platinum account. However, I myself only have a Basic account and am reluctant to invest in a Platinum account for this small development project.
The client requires the creation a tool that generates surveys via the API, which seems pretty straightforward, except that I am unable to do so with my account. Is there some way my client can allow my account to access a development app on their account so I can test survey creation? Or could I do so myself with a Basic or Select account?
The Create/Modify Surveys scope will be moved down to the SELECT plan. Also, we will be providing developers time-limited full access to all the endpoints (except feature endpoints like benchmarks which requires the user to have bought the benchmark) when accessing their own account.
This should be available within a week or two. Check back at your app and the docs at https://developer.surveymonkey.com/ soon to see when the changes have been released.
Let us know if you have any more questions!

Authentication system for a web service

I am building a web service which i will be launching in near future. Service is more or less like online classifieds.
Now, i need to build a mechanism to collect user's information, enough to trace him in case of any fraud with other users. I can ask for nation ID card and things like that. But problem is that how will i verify them and the person providing the information.
So, i need suggestions for such system which could be used t authenticate users, so other users can trust them. And contact them freely knowing in case of any mishap authorities can get its information from our service.
For solution we must consider that our service will be free so if this process is costly, than their might be a mechanism to get that cost paid by users.
Any suggestions will be appreciated.

Corporate login solution

Imagine a situation where a large corporation wanting to give their users access to a website, without having to individually register each of their users with the target website.
EDIT: Registrations to the website are paid subscriptions, so normally users would pay and get their accounts activated via support line (or it happens automatically). Corporate would want to purchase a bulk subscription, and add/remove the users under that, subject to a maximum limit, so the individual users don't have to go through the hassle.
Users should still have their individual accounts with the website(instead of a single account used by all users) so that they can have their preferences saved, etc.
(Prefer a solution where most of the implementation happens in the website side)
Are there any accepted patterns, solutions for this kind of scenarios?
I thought of if we could use OAuth(Yes, I know it's authorization,
but may be we can use it as an authentication tool as well, right?),
or OpenID like protocol. But the corporation does not have such
mechanism exposed to the outside. Are there any "off the shelf" kind
of products which we could use to create a OAuth/OpenID
implementation against an existing user base, lets say
ActiveDirectory.

Can the Yodlee API be used to retrieve the transactions on any credit card?

A client I work with wants to know if it's possible to use the Yodlee API to look up recent transactions on any credit card.
They'd like it to work without the user needing to be signed up with Yodlee, either directly at the site, or indirectly through a branded partner.
I assume this would be possible if the credit card company itself shared it's transaction data with Yodlee directly, and made it available to their API customers, but I haven't been able to figure this out from the docs available on their website, and haven't been able to reach anyone at Yodlee themselves to ask.
I work for Yodlee. Sorry to hear you're having a hard time getting a hold of us. To answer your question, yes the user has to explicitly authorize any application that leverages the Yodlee API and explicitly add access to their financial accounts for that application.
Best,
Grace
Yodlee screenscrapes websites to retrieve it's information.
Which means that they physically (but in an automated fashion) visit the website in a browser (IE8). Thus to pull any information down they have to visit the website, log in successfully, (optionally but more so on more banks; authenticate the computer) and then they can see all of the information that the user sees. Their API acts as a real time bridge between you (the end user using your website or app) and this browser.
So you have to either implement their very much so convoluted Yodlee API or use one of their generic hosted pages and direct the user to it where upon he/she enters the necessary information. You also have to have an agreement with them too. You also have to convince the user to do it :)

What are the options to implement a Groupon like system?

I like to build a system that will allow users to "commit buy" a deal, but will only be charged after a minimum # of committers are reached. The time span in which the "deal" will continue can be either weekly or monthly.
I like to stay away from building one from the ground up as much as possible.
I know there's another thread on StackOverflow that asked paypal, amazon, or google checkout API to serve this purpose, but this seems too much like a hack?
I did some reading on using a gateway like Authorize.net to process credit card information and they can store the user information and has a service like pay-as-you-go. Would using their API be a better choice? Can their pay-as-you-go method provide the system that I'm looking for?
I did some reading on using a gateway like Authorize.net to process
credit card information and they can store the user information and
has a service like pay-as-you-go. Would using their API be a better
choice?
I have used Authorize.net for recurring payments and it is easy to implement if you are fluent in working with a web service (regardless of language). You can integrate with them without the user needing to leave your website and without storing the user's credit card information.
However, you will be receiving the user's credit card number to implement such a model, and there are still precautions to be taken (versus redirecting to a secure third party site to receive the number).
Refine your question to be more specific to receive more specific answers.