My client wants to build an website app that allows customers to link their Xero account to the website so that certain actions such as create/manage employees can be updated in the website and also pushed to the respective user's Xero account.
I've been through the basics of connection to the Xero API and had to create/install certificate and generate Xero keys etc to get both apps talking to each other. This is not a feasible approach for end users of the site trying to connect their Xero account as it requires sharing a key etc that is supposed to be secret.
Is there a way to create a connection using just some sort of Xero key - similar to linking Xero accounts? Or it the case that my client would need to become a Xero Partner and actually create an app that users can install from their Xero account?
The Xero API has a number of different types of applications - sounds like you've set up a private app, which (as you've spotted) is intended for interaction with a single Xero organisation.
To interact with multiple Xero accounts, you'll want to create a public app on https://developer.xero.com/myapps/. This will allow you to send multiple users through the OAuth1.0a auth process, giving you an access token for each account that has authorised your app. You can then persist these tokens and match them to the account in your own web app.
Note that this will give you access to each Xero account for 30 minutes before the user will need to authorise your app again. For long-lasting access tokens, you'll need to register your interest via the link in this page to get information on how to complete this process.
Related
is it possible to get portfolio balance data from any Coinbase account using only email or without using coinbase api.
please help me. i need this method to make an software . that help me to show my . all account balances without any api.
No. Account information is not visible without signing the request with an API key or using the authorization address and OAuth2. Both options require the API
api-key-authentication
API Key authentication should only be used to access your own account. If your application requires access to other Coinbase users' accounts, do not use API Key. To securely access other Coinbase users' accounts, use Sign in with Coinbase (OAuth2)
OAuth2
The Coinbase API allows developers to use the OAuth2 protocol to allow a Coinbase user to grant a 3rd party application full or partial access to his/her account, without sharing the account’s API key or login credentials. It is a slightly more complex integration than the API Key authentication method, but is more flexible. OAuth2 works well for web applications, as well as desktop and mobile apps.
I know there is two kinds of API provided by Instagram which with one of them you can read public comments and images and etc. (Graphql) and with another one you can authorize your app to do some stuff on Instagram on behalf of the authorized user.
In our company, we have an internal portal and we want to add an ability to answer to company's comments directly from our portal. Also customer service unit is in charge of this task and they can't have our company's Instagram credentials. I want to know if there is a way to do such a task without any authentication from client side (for example, maybe I could add our Instagram credential from the portals back-end).
We are trying to integrate TripIt with our web application for itinerary management. I created a new App and got api key & secret. But we want to use the employee's trip it account and retrieve their trips & create trip in their account. Now i have one dilemma, since i am using my api key & secret, i can able to retrieve trips created in my account, but i want to retrieve trips of whoever logged in with their tripit account, with my api key.
So in this scenario, i will ask for user's trip it credentials and is there a way i can get their trips using my api key? Any viable solution is welcome. If you clear me with the flow i can able to understand.
The (OAuth) API key and secret are issued for your application, not for your specific user account. What this means is that your application can be given permission to access the user's data. If you've ever worked with the Twitter or Facebook APIs, TripIt's API behaves much the same.
You register an application through TripIt (sounds like you've already got this step down)
Using an SDK of your choice, you create endpoints in your code to handle the various steps in the OAuth workflow.
Here is a quick rundown of the workflow for OAuth 1.0, which TripIt uses.
The user begins the process of connecting their TripIt account to your application
Your application builds a request token URL and sends the user to TripIt's OAuth dialog, indicating the callback_url
The OAuth dialog (on TripIt's site) prompts the user to accept or decline permissions
If approved, they return to your site (callback_url) with a 'signed' request token as part of the query string
A backend process, typically a simple CURL request, exchanges the request token for an access token to finalize the process
You store the access token associated with the user in your database and use it for future requests against the API
If you happen to be using PHP, here is an open source example application to take a look at. It does not save the token to a database (just keeps it in the session), but you should be able to glean the basic idea from it.
I was just wondering, I want to associate a Twitter and LinkedIn account with my systems accounts. Which would allow them to post to interact with them without needing to log in to the other systems.
Is there a way to store the social (twitter / LI) usernames and passwords and associate them with my system and vis versa.
E.g. If I login using my native details (email / password) I can access the API features of my social network accounts?
Thanks in advance,
Chris
I can't speak for Twitter, but with LinkedIn you could follow this basic workflow:
Register an 'application' with LinkedIn. Your site will use this application for all communication with the LinkedIn API.
Have the user authorize your site (your application really), to access their account via the LinkedIn API.
Retrieve the user's unique LinkedIn ID, as well as their access tokens, and store those in your user account database, associated with their existing account.
Then, when they return and log in to your site, any calls you need to make to LinkedIn can be done via the stored access token, rather than having to have them manually allow you to have access again.
I am developing a web app that will be working with other companies web apps. Part of the desired user experience is that users on our web application will be able to log into our app, and be able to visit our parters' web applications. Accounts will be automatically created for the users on our partners' sites. We'd like them to be able to enter the partner sites already authenticated, without having to log in or authorize anything (like with OpenID or OAuth), similar to the relationship between a bank and a credit card rewards program. Is there an existing standard that covers this?
Single Sign On often used for such functionality.
There are a lot of implementations.
I used in production Jasig CAS