We are working on a system which retrieves data from customers' Shopify shops and provides some services based on this data. In order to make it as convenient as possible for an end-user we would like to update this data on a daily\weekly\monthly basis.
For now we only came up with a solution of implementing unlisted app, prompt a user to provide all necessary permissions for the app to access their shops and fetch the data. But the token we get doesn't seem to be valid for a long time and we probably won't be able to reuse it a day later.
We appreciate it if you can share any success cases of implementing this kind of approach.
You provide an App to the merchant they can install using oAuth. When the merchant is prompted to approve the App, Shopify will then provide your App with a long-lived access token you can use as much as you want, for as long as you want. I use a custom App from my Partner App dashboard to create these kinds of one-off Apps. It is superior to the one where the merchant has to tick off scopes and permissions IMO.
There are two kinds of token you can ask for and receive. One is considered for offline access, or long-lived. It works for everything. It is for webhooks as an example, or other access where no person is involved. But, there is also, online access tokens! Say a person clicks into the App from Shopify to do some work. You can request an online token for them to do their thing, and that token is only good for say 24 hours.
So you have options!
Related
So I'm making an app where I use foursquare API to get closest venues. I'm also thinking about using the features that require the user to authenticate, like check in endpoint. But as I have explored the foursquare authentication, it seems like that my users would have to create foursquare account to use my app.
My problem with this is that it feels like I'm giving too big part of my app (all the user details) to foursquare's side. Like if I want to create features in my app that don't require foursquare account, isn't the linkage to foursquare's stuff restricting my ability to grow my app (as my users are basically all foursquare's users.)
So is there a way to create my own user database while using the foursquare's features? Or is this even a thing to take into account? Will it cause me problems in the future?
The checkin endpoint requires user authentication because a user is checking into a venue. This is key feature of foursquare. The user has to be a foursquare user because there'd be no other way for foursquare to track them and stats, and comments, etc.
I think what you want to do is create your own app that allows someone to do things similar to Swarm or some of the venue features in Foursquare. You need to create your own database of user information and track everything yourself. If a person wants to use any of foursquare features they need to be a foursquare user. Anything your app keeps track of wont be a part of the foursquare network. One could not checkin with your app and have it show up in foursquare, if you keep things separate.
If you decide to mix and match just remember there are time limits on data caching that foursquare would like you to adhere to.
As for future problems, read the Terms Of Service for the API carefully, and if your app seems like a clone of either Swarm or FourSquare, and you're not using their users, they might ask you to cease and desist
I'm working for a company that displays content on big screens located on public places like GYMs or waiting rooms.
One client asked app that shows Instagram content from celebrities accounts, so I created one using the Instagram API.
The problem is that the app is in sandbox mode and it gets blank data.
It seems I can only show media from sandbox users (not Beyonce), when I submitted for review it was rejected because it doesn't meet the requirements.
Is there a way to make it work?
During tests I used a valid access token I found on internet, but I don't think that is a valid solution.
You are correct, when app is in sandbox mode you are only able to see data on Instagram from sandbox users which you have set in advance. You won't get any public data on Instagram in this mode.
According to the API, your app doesn't have the criteria required to get approved.
From the Permissions Review page:
Valid Use Cases
We will approve submissions of apps that fall into these use cases:
To help individuals share their own content with 3rd party apps
To help brands and advertisers understand and manage their audience and
digital media rights
To help broadcasters and publishers discover content, get digital > rights to media, and share media with proper attribution
They also listed use cases of applications that won't get approval and it seems like your app matches one of them:
Here are some examples of scenarios that will not be approved:
One-off projects. If you are an agency building websites or other integrations, note that we don't grant permissions to clients created
for one-off projects. If you are interested in building a product,
platform, or widget that will be used as a service across multiple
projects, then you may submit a single client_id that you can use
across multiple projects
...
To get approved you should modify your application to correspond with criteria, perhaps build multiple projects?
You can also try to pull down the data from this URL: https://www.instagram.com/<username>/media/
For Beyonce account, use: https://www.instagram.com/beyonce/media/
Lastly, the access token is unique per-app, so you can't be using a random one. Here is a tutorial on how to generate access token for your app.
I am using the standard paypal developer API (NVP) to get current inventory levels:
https://api-3t.paypal.com/nvp?METHOD=BMGetInventory&VERSION=95.0&USER=____&PWD=____&SIGNATURE=____&HOSTEDBUTTONID=_____
But, I have a concern... If the api is enabled and the key is compromised somehow, what is the worst case scenario? For example: it looks like it is possible to send payments using the API. Is there a second tier of verification of payments that happens outside the API?
I have spent around 30 minutes researching the topic without any clarity in terms of what kind of financial damage could be done if an api information is compromised.
If your PayPal API credentials are compromised then someone can make API calls on your behalf. This includes sending and/or withdrawing money from your account.
There are some ways to limit the permissions of a PayPal API credential on the pages where you set the credential up, so you might be able to create a key that is somewhat less dangerous. It has changed over time so I can't offer details; google and/or log in to your account and look.
And yes, PayPal has lots of fraud detection that it runs internally on payments, but they have no legal responsibility to figure out that your API has has been stolen and I would strongly recommend not relying on them to save your bacon in such a case.
Protect your keys, especially ones with access to your money.
A client I work with wants to know if it's possible to use the Yodlee API to look up recent transactions on any credit card.
They'd like it to work without the user needing to be signed up with Yodlee, either directly at the site, or indirectly through a branded partner.
I assume this would be possible if the credit card company itself shared it's transaction data with Yodlee directly, and made it available to their API customers, but I haven't been able to figure this out from the docs available on their website, and haven't been able to reach anyone at Yodlee themselves to ask.
I work for Yodlee. Sorry to hear you're having a hard time getting a hold of us. To answer your question, yes the user has to explicitly authorize any application that leverages the Yodlee API and explicitly add access to their financial accounts for that application.
Best,
Grace
Yodlee screenscrapes websites to retrieve it's information.
Which means that they physically (but in an automated fashion) visit the website in a browser (IE8). Thus to pull any information down they have to visit the website, log in successfully, (optionally but more so on more banks; authenticate the computer) and then they can see all of the information that the user sees. Their API acts as a real time bridge between you (the end user using your website or app) and this browser.
So you have to either implement their very much so convoluted Yodlee API or use one of their generic hosted pages and direct the user to it where upon he/she enters the necessary information. You also have to have an agreement with them too. You also have to convince the user to do it :)
Can I use Adwords API developer token for multiple applications? In more detail, say if I have a website where I am using adwords API developer token, Can I use the same token for another application. Ofcourse both applications accessing the same account after all.
Thanks,
Murali.
You can use the AdWords API across different applications with just one API token, just make sure though that you are caching the authentication response and re-using those tokens otherwise you'll hit the throttle limit. (Incidentally, logging in is possibly the slowest part of their API, so caching the response will speed up your application considerably)
No doubt you can use same development token for your multiple applications which are accessing same account. If your applications will access different account then it needs to get different developer token.
For the reference, you can read http://goo.gl/zLBPF
Hope it will help you.
Murali,
You need just one developer token, whether your application(s) access same account or different accounts (whether linked under the same MCC hierarchy or not). As a matter of fact, AdWords API Terms and Conditions explicitly prohibits you from getting more than one developer token.
If you use a developer token to make calls, you will be charged for API cost to the account holding the developer token. This is another reason why you should treat your developer token as a password and should reset it immediately if you expose it to the public by say, posting it publicly on a forum.
I also wish to point out that the official AdWords API forum is http://groups.google.com/group/adwords-api, you can ask your questions there and someone will answer your questions in a day or two.
Cheers,
Anash
Yes, Adwords even has channels that you can create to separate your ad campaigns
Adword Docs - Campaigns