We are tech start-up developing an application and would like to utilise the messaging and connections api.
It looks like this would require special approval from you since the API documentation is saying "Usage of this API is restricted to approved partners, subject to limitations via API agreement."
https://learn.microsoft.com/en-us/linkedin/shared/integrations/communications/messages
We have added all the available products in the application dashboard but that seem to be not adding all the scopes we need to make these calls.
Could someone help us with the process of the product we need to have to get the correct permission so that we can access those APIs?
Thanks
Robi
Related
I have built an API to my web application so that customers can access certain functionality without going through the dashboard. I have secured it by providing an API key to each customer that identifies them and restricts the IP address from which they can connect.
I have now had a request from a customer to allow them to access this API from their Salesforce platform. I don't know much about Salesforce, and when I asked them to let me know their IP address so I could create their API key, all they could give me was the list of reserved IP addresses published by Salesforce. This IP space is huge (millions), covering all of Salesforce, meaning that if someone gained access to the API key they'd be able to use it from any Salesforce account.
I have read some things about Salesforce having an OAuth service and having some kind of Application Connect service, but it mostly seems to be designed around allowing 3rd parties to connect to Salesforce - I'm getting a bit bogged down trying to determine if this is any use in my scenario (which requires authentication in the other direction).
I'd be grateful for any insight into whether there's something more specific I can do identify a particular Salesforce customer beyond simply putting dozens of CIDR blocks in my API key. I could ask my customer to identify themselves in the referer header when they call my API, for example, but of course that's trivial to spoof.
Thanks.
IPs can be spoofed too
Salesforce has a concept of "protected custom settings". You could make a "managed package" (Salesforce plugin, but you don't need to distribute it on their appexchange, Google Play/App Store equivalent), install it for the client and then enter the API key to the setting in a way that even client's sysadmins can't read it.
It'd be bit of work to set it up but might pay off if you think you'll get more customers on the platform.
How about a crude but effective iframe? or a link to your page they'd embed somewhere in their app?
Do you have just api keys? If you'd expose OAuth2 endpoint SF users could login to your app and then SF code could use access_token they got back instead of api keys. Or maybe you can protect access with certificate? Calling app would have to sign requests with a certificate. Client could upload it to their SF, you'd upload to your app...
You could demand the API calls to include the user's SF "session id" and you could use that to run some queries against source SF org. Org Id, user's login history etc things that are impossible to tweak even by sysadmins...
I have an application where I want to get organizational data from LinkedIn like the name of an organization, address etc. Searching on the web I find out there is Organization Lookup API and there is Organization Search API on LinkedIn, just want to know how can I implement these APIs?
As per the documentation provided by the LinkedIn, I have created my app on the LinkedIn platform and have got the client ID and the Secret Key and have generated the required auto 2.0 access token, now when i try to hit the organization lookup API it gives me 403 error
i do not think you can implement it because for the V2 API of linkedin you need a partnership. you can request a partnership for linkedin for free on their website.
the 403 error is a forbidden error because you do not have the permissions you need.
the V1 API is fully useable for people without a partnership.
partnering with LinkedIn provides you with additional API functionality & data access, increased call limits & dedicated support. Read more about our various Partner Programs and use cases and see if one is a match for your app. Applications are only accepted when we feel that they're providing value to members, developers and LinkedIn.
LINK TO PARTNERSHIP PROGRAMS:
https://developer.linkedin.com/partner-programs
For a mobile app we would love to integrate the eBay Kleinanzeigen (www.ebay-kleinanzeigen.de) API. Goal is to (API GET) get all the classifieds in a certain (German) zip code.
However the documentation is not very useful.
The API under https://api.ebay-kleinanzeigen.de/api/ads request login and password for this API. We used the username and password from www.ebay-kleinanzeigen.de and the eBay Partner (Developer) login credentials but both are not working.
Does anyone know how to use it and what credentials we need to use it or has experience with this API?
The eBay Kleinanzeigen API is not public available and is used internally for some applications, including their own apps.
Still, some third parties have access to it, but this is always based on business reasons and contractually regulated. There is no regular developer program to access the API.
If you think you have a product which would work great with eBay Kleinanzeigens inventory, and for that also want to have access to the API you should contact their business development team.
The eBay Kleinanzeigen API is not public available and is used internally for some applications, including their own apps.
If this is the case and you don't need to provide the "eBay Partner" credentials in the apps, they seems to be part of the code.
An overview of the apps can be found here:
https://www.ebayclassifiedsgroup.com/mobile.html
This is not a guidance to do it, just a syllogism.
Iam a student and i making my internship. Sorry for my bad englis
The situation
2 people are building an backend for an message system. There are actual and passed messages. The main backend contains all the data from all the messages. This backend pushes only actual messages to and database from an mini backend which only contains the actual alerts. These actual alerts are provided by an api to multiple front ends such as an app.
I need to do research about api gateways which can make the data in the mini backend accesable for external developers. These developers only need to register or request an account so we know which application/developer connects with our api. We don't have end users with user accounts.
The API need to be scalable because in the future (over a couple of months) this system wil replace an old system. The current system needs to be handle more then 5.000.000 requests in a couple of minutes when sending out an emergency message/alert.
My problem
I googled a lot about authentication methods and i read about OAuth2. This is only necessary for authenticate end users with an user account? I dont have that so OAuth is to complex for my situation i think. But when i look in the documentation of several API Gateways like Mulesoft, Amazon API Gateway and some more i always come back by OAuth and not by an simple authentication token system or something.
See this link and then Creating a client registration flow. This uses OAuth or do i understand this incorrectly?
So now my questions
Is there an default method such as google or facebook uses for authenticate external applications by an API key? and how is this method/framwork/idunno caled?
Is it posible that i can/need to do this with OAuth?
Some example API gateways that can fill in my wishes will be great!
Amazon Api Gateway team here.
Our service supports native API keys which satisfy simple use cases. Are you interested in a simple mechanism to authenticate clients when they access your API? Some limitations would be that it's harder to manage a large number of keys, and there wouldn't really be any authorization to specific backend resources, only authentication to access the API in general.
http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-api-keys.html
OAuth is better for dynamic user bases where new users register and you want to be able to control access for existing users over time. It is also useful when users have personal data that only they should be able to access.
Jack
I have built my custom xml api in my rails application to enable clients purchase and manage their items. But am stuck on how to enable them pay for their domains via my custom api.
I would like them to send a request with method say "pay" and their paypal credentials to pay for a particular item.
Please help me here.
With all due respect, your API should NOT require callers to give you their PayPal credentials.
Nobody should EVER give their credentials for a given site/service (e.g. PayPal in this case) to a third-party (i.e. you).
If you want to add PayPal support to your site, read and follow PayPal's API docs, samples, etc.
https://developer.paypal.com/webapps/developer/docs/classic/api/