I am researching to see if this is possible. I am new to the Forge API and Revit/Bim360 in general so my apologies if I am not using the correct terminology. I have successfully made API calls using Postman to BIM360 to pull back project information.
What I would like to do is construct a URL from within our ERP application that passes the external project id and the sheet name into a web application and to have that web application take the user to the bim360 markup viewer of that item.
So user would be looking at a work order in our manufacturing system, click the link for "View Production Ticket" and a screen would pop up, ask the user to login to BIM360 if they haven't already, and open the bim360 viewer.
To do so, I would like to advise you to integrate the following Forge APIs instead in your ERP system, not embed BIM360 to the ERP system directly:
Forge OAuth API to fetch 3 legged-token with user login (their Autodesk account)
Forge Data Management API to obtain hubs, project, items, version, and derivative file links of the model file of your BIM360 account.
View your model (derivative urn) via Forge Viewer
Here is a tutorial for you http://learnforge.autodesk.io/ and hope it helps!
Related
I'm enjoying developing cross-browser web extensions, the main target being Chrome, so much that I started to think to develop one for my company. I find a chrome extension quite a cheap and efficient way to deploy internal apps. The main purpose is to host a couple of dynamic dashboards that fetch data from various APIs by using cross-domain ajax in background scripts. I finalized the app and I was also able to implement the authentication via chrome.identity and Azure AD.
However, I am struggling to find a safe way to customise the content.
I mean, when the extension is installed it requires to login to azure via the chrome.identity flow. Then I get a token that I use to query ms graph and get the user ID, name, email and basic info.
Until I get this information I want the browser action (popup) to be unavailable to the user as well as any other extension pages. After a successful login I would like to show the content on the pop up and to let the user access the pages, but here I want to customize the experience.
I know how to use the user id retrieved from the api call to customize the extension, but I think it is not safe because all the code is in the client.
If I code something like
if (user === logged) show something
it will be damn easy for a malicious user to look at the code and bypass it, or even to impersonate another user. And chrome extension cannot be obfuscated.
Any help?
Thanks
We're in the process of trying to get our Google Data Studio connectors' OAuth Client Verified and the process requires a video of the application in use (as per https://support.google.com/cloud/answer/9110914), however the documentation mentions:
Note that the video must clearly show the app's details such as the
app name, OAuth Client ID, etc. as applicable. The demo video must
show usage of sensitive and restricted scopes on each client.
But we are not in control of GDS, only our connectors. We only use the /auth/script.external_request scope to make calls to our own API.
What should we include in our video to show this information?
Reference:
screengrab of the e-mail we received listing requirements
This is a Google OAuth verification requirement. You should ideally reach out to the OAuth verification team for clarifications.
However, for the video, you can try just opening up Data Studio and installing your connector using the direct deployment link. Then you can create a data source using the connector and draw a table to demonstrate how data is fetched from your API using the external_request scope.
I am trying to download (backup) images that customers upload for products that take custom logos (these are typically JPG, PNG, PDF, etc.) These customer files are downloadable by clicking on a hyperlink in the BigCommerce admin page for the order in question. The link is not a link to the image path but instead, a link to a service that sends the file to the browser. In other words, you have to be authenticated into the admin site to download the file. The URL looks like this:
https://mystore.com/internalapi/v1/orders/383945/products/251438/attributes/561518/download
https://mystore.com/internalapi/v1/orders/{order id}/products/{lineItem id}/attributes/{option id}/download
These are easily constructed in the API itself for a given order. If I use the link in a browser tab while I'm logged into the admin site, the file downloads.
But what I am trying to write an app to automatically download all the files (there are thousands). When I try to use this URL in an app, I get a authentication error. I tried at first using my regular API credentials but then used the credentials to log into the admin site. Both give me an authentication error.
I could not find anything documented on this so-called "internalapi." Anyone ever try to use this "internal" API that is used by the admin site?
I believe authentication is cookie based for that internal API, but there could be problems with using our non-publicly documented internal APIs in production, i.e. we may make future updates that would be breaking changes.
Images attached to orders through a file upload option also get copied to WebDAV, in the dav/product_images/configured_products folder. Another way to do this could be to use a WebDAV client library like easywebdav to connect and download the files.
I need to create posts, etc through my ASP.NET MVC 4 application.
Does anyone know decent library for Google Plus API? (Preferable as a NuGet package).
There is currently no publicly documented API that lets you automatically post to your Google+ page or stream.
There is an API that HootSuite is currently using that is slowly opening up to other vendors. See https://plus.google.com/u/0/104946722942277428266/posts/LUi2ZNyRHag for more information about what is coming and how you can sign up to request access to this. This is expected to allow you to post to a Google+ Page.
There is also the "Google+ History API" that is currently in developer preview which will allow you to create moments for a user, but they would need to manually share these moments on their stream if they choose to do so. See https://developers.google.com/+/history/ for further details.
I have written a click-once deployed application in .Net that runs on windows machines. I had a requirement to launch the application from a browser so that I can pass information to the application based on the current browser session (the HTTPHeadercontains a single-sign-on id that needs to be passed to the application so it can call secured web services).
So the click-once application is provided as a link on a jsp, and the required id is passed as a querystring parameter in the link, which the click once application can read).
Now I need to make similar functionality available for Mac users. Is there any way to do this that doesn't require Java? I would like to write in Objective C, but then the question of how to trigger the launch of the application from the browser, passing the necessarily information remains.
The flow is:
User hits link to our site
User is routed to single sign-on authentication form
User submits form and is redirected to our site (with id embedded in HTTPHeader)
Server builds page with a link to Click Once application with id appended as a querystring parameter
User clicks link, click once deployed app is downloaded and executed with full trust on the users computer (the app is signed with a code signing cert).
Application runs locally on users computer and calls RESTful web services on server passing the single-sign-on ID as a cookie along with the web request which allows the request to make it through.
I would appreciate any ideas that point me down the right path, as I am primarily a windows developer.
Thanks!
I just saw your request to my original post on this topic.
The need for this was put on the back burner for a time, but the solution that we will probably pursue is to have a server-side process that modifies the delivered Zip or DMG file on-the-fly. The additional information would be inserted into the application's Info.plist file. This will not invalidate the cryptographic signature, and does not require anything additional to be downloaded.