Is an Export Compliance Document required for the use of HTTPS API calls if you plan to submit your app to countries outside the US?
How should this Export Compliance Document look like? What are the codes one should use?
Has anyone done this before?
Here is the example sheet from the US government website.
Related
I did check this and all of the listed links, but I was not able to find any:
What public APIs are provided by Governments to the public?
The USA government does offer a simple API for the NVD (National Vulnerability Database). So for instance, I can do this:
curl --verbose https://services.nvd.nist.gov/rest/json/cve/1.0/CVE-2021-45105
But what about the ICS? (Industrial Control Systems)
They are listed here:
https://www.cisa.gov/uscert/ics/alerts
But that is in HTML form. I'm wondering if there is an API with the same information?
They do offer a simple XML/RSS feed, but the links simply point back to the HTML versions of the data. I have not found an XML feed that is full of the data that is shown in the HTML pages.
Does anyone know where to look for this, or any other government API?
I'm looking to build an app using property data. Nestoria has a free API and rules of use and Zoopla an API you register for. OnTheMarket and Rightmove have same terms of use to the letter (bizarre for competitors?). Rightmove advertise an API for upload but not download - I can't find anything for OnTheMarket.
I've discovered that Rightmove does have an API although the post code search is obfuscated by their own outcode mappings...
https://api.rightmove.co.uk/api/sale/find?index=0&sortType=1&numberOfPropertiesRequested=2&locationIdentifier=OUTCODE%5E1&apiApplication=IPAD
I'm wary of using an API that's not promoted. The alternative is scraping, which is harder technically and legally questionable, although from what I read the data is in the public domain and so free to use.
I've contacted Rightmove but got no response.
Is anyone using the Rightmove api and had this authorised by them? Seems most strange that it's open and available but barely mentioned when searching for it.
Can anyone clarify what rules/law/ethics are in place for scraping data?
Don't query their hidden API. But you can run a web crawler on RightMove.co.uk website, and it is perfectly legal as outlined in their Terms of Service under section 3.3 :
You must not use or attempt to use any automated program unless the automated program identifies itself uniquely in the User Agent field and is fully compliant with the Robots Exclusion Protocol
A web crawler like Apache Nutch perfectly follows the Robots Exclusion Protocol. From their robots.txt file I found they have elaborate nested sitemap.xml files, and hence they rather promote organized but polite crawling of their website. I was myself wanting to get their data, so I am beginning with my endeavour to crawl them with my resources - do let me know if you need access to this data.
You are not allowed to scrape their data, here what their terms&conditions say about it:
"You must not use or attempt to use any automated program (including, without limitation, any spider or other web crawler) to access our system or this Site. You must not use any scraping technology on the Site. Any such use or attempted use of an automated program shall be a misuse of our system and this Site. Obtaining access to any part of our system or this Site by means of any such automated programs is strictly unauthorised."
I am building a Web application, and Web API. The Web application will do ajax call to the server and receive JSON results. The same will happen to the Web API.
I am planing to ask developers to use keys to access the Web API so that I can charge for their uses of it.
The problem is the Web API will be use by the Web application to get the content for the web pages. Is there a way to know if it is my Web application using the Web API or someone trying to highjack the API so that they don't have to pay for it?
I am using PHP on my server.
It's difficult to protect completely but there are techniques that help. ApiAxle (disclaimer: my company) gives you the option of using short lived keys. These will be impossible for a leecher to generate without knowing your secret key. Paired with rate limiting you're getting somewhat closer to where you want to be.
Not foolproof but a start.
When trying to secure something on the web, it might be useful to think about how you want to protect the information that you provide by the api before you try to find a technique for protecting the api.
An example:
Say that your api provides the current weather in London and your web application is an open web page that provides this information while also showing some web ads. You don't want someone else to use the api and show the Lonodn weather somewhere else without showing the web ad because that would ruin your sole income from this service.
You could limit access to the api by providing i.e. short time keys or another complicated protocol, but the problem here is that the information you provides, the London weather, is available to anyone on the web page anyway. If someone wants to "steal" your information and provide the London weather on a different web site they can just write a script that loads your web application, reads the information from the web page and display this in their own web application.
If a person is able to access the information, then he can also write a script that reads this information and display the information somewhere else.
Securing information is actually more about limiting who you want to give access and not so much about how they should get access. If you or your clients makes this information freely available on the net in one form or another, then you cannot (technically) prevent someone else from picking it up and redistribute it.
I've googles about it, yet couldn't understand it properly.. Not sure if it's a library or intra-server communicator..
Can someone explain me in a high-level /low-level what is meant by an API.??
http://en.wikipedia.org/wiki/Application_programming_interface
Read it from here , will hopefully clear most of your doubts.
An API stands for Application Programming Interface, which means using and existing program or code and accessing it with your code.
===
Example, Search Engine:
Search engine 1: offers search and api (if you want this can be google)
Search engine 2: uses googles api to get results (this is your one)
To get results you basically search the other search engine and get their results to yours
====
An API can be used in many ways, to access others data or code, ect
An in-depth explination can be found here: http://en.wikipedia.org/wiki/Application_programming_interface
An application-programming interface (API) is a set of programming instructions and standards for accessing a Web-based software application or Web tool. A software company releases its API to the public so that other software developers can design products that are powered by its service.
For example, Amazon.com released its API so that Web site developers could more easily access Amazon's product information. Using the Amazon API, a third party Web site can post direct links to Amazon products with updated prices and an option to "buy now."
An API is a software-to-software interface, not a user interface. With APIs, applications talk to each other without any user knowledge or intervention. When you buy movie tickets online and enter your credit card information, the movie ticket Web site uses an API to send your credit card information to a remote application that verifies whether your information is correct. Once payment is confirmed, the remote application sends a response back to the movie ticket Web site saying it's OK to issue the tickets.
As a user, you only see one interface -- the movie ticket Web site -- but behind the scenes, many applications are working together using APIs. This type of integration is called seamless, since the user never notices when software functions are handed from one application to another.
This article shows an example
http://www.codeproject.com/Tips/127316/Integrate-FB-javascript-API-to-your-asp-net-app-to
What API's / SDK's / software tools are available to export contacts from popular CRM and accounting packages?
What I'd like to do is offer an address book in my web application and have a button that says "Upload your contacts from X". The user could then click a few buttons and his contacts would be automagically uploaded from X.
A company called Plaxo has a widget that does exactly what I am looking for, BUT:
They only support a limited number of data sources (I am most interested in ACT, Salesforce, Outlook, and QuickBooks), and
They only support e-mail addresses. I am most interested in street addresses ("123 Main St, Anywhere, CA, 90123")
A company called Constant Contact has various tools for popular CRM packages, such as ACT, QuickBooks, and Salesforce. These tools upload contacts into their Constant Contact web application. When you login to Constant Contact, click on "Contacts" and click on "Import Tools," you get presented with a number of tools. Most require a download. This is basically what I want for my web app.
There is a company called CloudSponge, but they seem just like the Plaxo widget in that they are geared only for export of e-mail addresses from the most popular e-mail clients. They do not have support for Quickbooks or ACT or Salesforce.
One option, instead of integrating with the various API/SDKs would be to create a generic import facility, this could be a csv format that has a specific specification or include a mapping to tool to match columns with fields. This way you can use the Export features of the various 3rd party applications.
Another, possibly more limiting, idea would be to look at only integrating with Outlook (or other ubiquitous systems on other platforms) where syncing to Outlook is probably already built in to those other applications?
You can try Import2 for that (disclaimer: I am co-founder). It also has API for the usecases like you described.