I am building a Xamarin iOS Native project for a iPhone app and i am using Google Maps for creating Routes to several delivery points.
I registered for the Google Maps API but i have troubles with the security of the API key.
In my project i have installed the Nugget package for Xamarin.Google.iOS.Maps and set the App restrictions to my iOS Bundle name. When initializing the MAP all works fine.
BUT we also use the Direction API for setting up routes to different points of the map. But this call function method is a HttpClient call to a JsonAsync call. The Google API denies the call because it did not work with the Bundle name because its a HtppClient Call.
The project is installed on Mobile devices so restricting with a IP address is not a option for us. No restriction AT ALL is also bad for the security.
So my question is : How do I secure this?
Please note that web services cannot work with API keys that are Android/iOS restricted. Web services are server-side and can only work with API keys that are either unrestricted or restricted by IP address.
To resolve your issue, please create a second API key to use for web service requests only.
The public docs on best practices when using API keys has also some suggestions for when IP address restrictions are impractical as with the case with mobile applications.
When using Maps Web Service APIs in these scenarios, secure your apps using one or more of the following techniques:
-proxy server
-obfuscation
-pinning
References:
https://developers.google.com/maps/api-key-best-practices#api_key_table_sup_5
https://developers.google.com/maps/api-key-best-practices#proxy_server
Related
I am developing a web application on the Vue Framework. But I ran into a problem and I don't know how to implement a Zoom API and any video calling company since my web application is dedicated to allowing different people with similar tastes to come in and talk to each other.
I would appreciate if you can explain to me how it could be done or what would be the process to carry out in order to implement it
The Zoom API allows developers to access information from Zoom. You can use this API to build private services or public applications on the zoom app marketplace. To learn how to get your credentials and create private/public applications. All endpoints are available via HTTPS and are located at api.zoom.us/v2/.
For instance you can list all users on an account via https://api.zoom.us/v2/users/.
We wanted to create a mobile app using flutter, I searched on how to connect odoo with external platforms or apps , I found there are two solutions:
The most common and standard one is to use the xmlrpc communication protocol, we did found some libraries with that name in flutter , but the problem with this is that it's a bit complicated for flutter devs that does not know how the Odoo architecture works.
The least common method is the endpoints or controllers method, basically you create endpoints in your controllers and just call it through http request from the mobile side, the problem with this method is that it's not standard and I did not see much people talk about it, I also heard that this method is for the web instead of mobile apps since the session_id of the identification is returned in the Cookies.
My question is the following, is the endpoint method good enough for mobile app? If no, are their any alternative of xmlrpc?
You can connect odoo with the flutter app using simple RESTful API requests, there are many packages in pub.dev which can help you
I'm interested in using Azure Mobile services with SPA applications... perhaps with PhoneGap and or Kendo.UI as well.
I would like to add authentication to my app, and am looking at Azure Mobile Services. What isn't clear to me is if I can use Zumo (mobile services) to authenticate my app?
Example
User downloads app from store (or uses HTML5 caching to store the app)
The SPA app connects to Azure Mobile to get the OAUTH credentials
The Credentials secure my REST calls to the database (as secured by Azure Mobile)
Can anyone clarify if this architecture is possible?
You can definitely do this. If you go into the quickstart page after creating a new Mobile Service, you'll see one of the supported platforms is HTML/JS. You can download that quickstart application to run a local website that will connect to your Mobile Service and can set up authentication using this flow (http://www.windowsazure.com/en-us/develop/mobile/tutorials/get-started-with-users-html/). Dropping this into a PhoneGap application is very simple and just requires downloading the jQuery and Mobile Service javascript files locally (phonegap can't reference remote JS files). The bulk of the HTML can be the exact same. You'll just need to take the JS from the HTML/JS quickstart and drop it into the onReady method (I believe that's what PhoneGap calls once the device is ready for you to use). Hope that helps.
I'm currently planning the creation of a mobile application for ios and android.
The application will permit to the end-user to manage and see the progress of its projects. (Web creation company).
The application will have:
Project management (multiple)
View progress
View tasks
View hours
View files
View messages
Login/Logout form + Profile/Edit Profile section
Send/Reply Messages
Add comment on tasks and files
The question is: What is the best way to create an API (Restful or something else) using the Zend Framework?
This API must and will be integrated to a custom-made Projects Management System and a MySQL DB.
I just working on PHP API (no matter if API is for mobile platforms or another webs) and after realizing between SOAP and REST I chose a RESTful API and I can recommend it...
Zend Framework has components for both of mentioned approaches, but REST is easier and more understandable in comp. with SOAP...
The one thing what you have to think about is logging, you can use HTTP Auth or OAuth (HTTP autentification is easier), but better approach according to me is generate unique API KEY for your users (each user should have own KEY) and this KEY ensure you can recognize user and a security risk is minimal because user do not have to send login and password inside HTTP request (security risk) and in case of KEY is catched on WIFI or infrastructure, hacker do not get user logins to web application, only for API where propably will not be all features what main web app offer.
And if you set some time expiration for you KEYs or IP restriction for KEY, than you can make it more safe:)
Some tip for the end: Implement API as new separated ZF module.
One of the best stuffs I have noticed so far is http://getfrapi.com/
It makes use of everything from Zend to Pear. May be you should checkout the video http://www.youtube.com/watch?v=vJVQi7ZFSaQ
Let say I am creating a web api for my client to connect, the web api is public on the web. But I only allow the special client(for example, an iOS or Android) can connect it... others, is not allow to call the web api, even their params are correct? Is there any way to do so? Thanks.