I know this and that but I think my question is valid. Also I couldn't find another, more appropriate StackExchange community for my question.
My task is to replace our legacy webshop with a new one which makes compliance to the GDPR requirements as easy as possible. Until now, I haven't found a shop system with the following features:
guest checkout
explicit active consent for the different kinds of personal data
support for parental consent
software support for customers to see, edit, export and delete ALL their personal data
I imagine if those are fulfilled the company itself would have also made sure that it acts in a GDPR compliant way, so I don't mention this explicitly.
Related
I use Skyscanner a lot myself, and one thing I don't like is the fact that I get redirected when I want to book. I want to know what the obstacles are in having a solution where you can book your flights without being redirected and without necessarily being a reseller/travel agent.
The objective is to make comparison shopping seamless.
I understand low-budget carriers prefer booking only on their site, but perhaps their strategy can be integrated within the comparison site.
I also understand that carriers would want customer analytics, but this can be made fully available to them.
What are the reasons for example KLM, Airfrance etc might NOT want to make comparison shopping seamless?
I have been a main developer for one of such website which uses such APIs. I would list many reasons but also it is a good practice not to do so.
Just some reasons off the top of my head.
1) It is not the purpose of such websites. They just join an affiliate program to redirect users and get some small fees for purchases. They would keep their system as simple as possible.
2) Airline and other provider like hotels have their own policy on fees, refund, purchase, loyalty points etc. As a third party, you can not implement such a thing for each provider. If you dont implement, then you would use API, right? They wouldn't expose such inner workings of their system to third parties, payment involves PCI compliance, customer confidentiality etc.
3) Such services involve certain confidentiality and privacy. Somebody's passport, staying at a particular hotel or flying on a particular plane is sensitive information and should not be available to third parties.
Just imagine how many third parties their API are available. No trusted company would allow this to happen.
4) Even if they allow, no third party can really ensure security of such sensitive information. If a breach of security happens, thousands of airline data etc. would be affected.
5) Each of airline and hotels might be subject to different jurisdictions in terms of data protection etc. It is technically impossible to combine them.
many many other reasons..... There are also many issues in handling payment, accounting etc.
There are a number of free finance tracking sites out there like mint.com, wesabe.com etc.. .
I've tried all of them and all seem to miss the mark in one way or another. I'm interested in creating my own website, or possibly just a stand alone windows program for tracking my finances in ASP.NET or C#.NET.
I'm assuming the answer is no, but is there any way that a personal developer can download transactions from financial websites like these? I know once you login to most financial sites you can download a CSV or Quicken file. Yet I really like how I can log-in to my Mint.com account and update all my accounts with one click.
Popular applications (like Quicken) and most major US banks support Open Financial Exchange (OFX). If a bank can connect to Quicken, it probably supports OFX (though not guaranteed).
I doubt very many banks have public APIs for this. More likely than not, you will need to send HTTPS requests to the various banking websites, and you will probably have to have custom code for each bank that you wish to support, tailored to the structure of their websites and their form elements.
I'm going to try to phrase this as a generic question.
A company runs a website that has a lot of valuable information on it. This information is queried from an internal private database. So technically, the information in the database is the valuable part.
If this company wished to develop an API that developers could use to access their database of valuable & useful information, what approach should the company take?
It's important to give developers what they need. But it is also important to keep competing websites from essentially using the API to steal everything and essentially steal all traffic from the company's website.
Is there was some way the API could be used in a way that drives traffic back to the original company's website somehow? Something that gives users a reason to keep going there.
This is a design consideration that my company is struggling with that I can imagine other web-based services have come across before.
Institute API keys - don't make it public. Maybe make the signup process more complex than "anyone with an e-mail address".
Rate limit the API based on keys. If you're running more than X requests a minute, you're likely mining the database.
Don't provide a "fetch everything" API. Make the users know something to get information on it. Don't reveal what you know.
I've seen a lot of companies giving out API keys and stating a TOS that all developers must adhere to. For example, any page that uses data from the API must include your logo and a link back to your website. If any developer is found breaking the rules, the API key can be cancelled and your data is safe again.
Who is meant to use the API?
A good general method of solving this problem is to limit access to the data to end users (rather than allow applications or developers at it). Provide applications and users with identification, each, and make sure that to access a subset of the data, a combination of both user and application key is required.
Following this pattern, each user will have access to a very limited subset of the data (presumably, the data that they require for their own specific use), and you can put measures in place to enforce this. Any attempts at data-mining will become obvious.
This type of approach meshes well with capability-type security models on the server side.
I am developing software which I want to sell online. The typical pay the vender, get a digital key that unlocks the application scenario.
I've never set this up before, does anyone have any info on good service providers, and things I need to know when setting this up?
Microsoft uses digital river, maybe check them out?
You can checkout a typical license acquisition flow using FastSpring
FastSpring / NetLicensing flow
This combines FastSpring e-Commerce and NetLicensing license management.
You did not say what language you are planning on using, but this is a great solution for a .net compiled language:
http://xheo.com/products/copy-protection
It provides two key features. First the ability to automatically generate your licenses based on many different ecommerce solutions so you don't have to keep paying a 3rd party a % for it. Second, it offers code protection to prevent people from using Reflection on your software to crack it / steal your intellectual rights. (note i said prevent, not completely stop)
I'm using FastSpring, you give them binary file and keys, and you setup your account to send an email that contains these two informations. you can tell them what you want and they will do it for you
I'm looking into building a web app that allows multiple e-commerce stores to coexist on the same installation and lets allows each individual vendor manage their own products, pricing, sales reports, etc. I know that there have been a number of previous questions on the Stack regarding the best shopping cart software, but this is a bit of an unusual twist and I couldn't find it answered elsewhere.
Obviously, open source is better from a pricing standpoint, but I've got no problem with spending money on a quality product that meets my needs. The ideal package would allow each store to be uniquely skinned, would minimize the amount of time that it takes to get a new store up and running, and would include payment gateway and shipping integration.
I've run across a few things in my scouring of the web, but haven't found "the one" yet--I know that osCommerce sort of supports what I'm trying to do, but I'm looking for something designed with this functionality in mind. Any ideas?
Thanks!
Justin
I am at present looking into the same thing. After looking at all the different cart on the market I have settled on PHP Mall 2. I have had demos of X-Cart Pro, iscripts multicart and a few others.
There were only 2 that were any good at handling payments direct from buyer to seller without any added costs of have a mod done for that. They were PHP Mall 2 and iScripts Multi cart. iScripts Multicart didn't really have alot happening in the backend, and vendor shops were really just an about us page with their products showing.
I settled for PHP Mall 2 becuase each vendor can have their own website as such and can customise it to the way they want it. They can choose from a number of templates for their shop.
The part I really like about it is the payments system, there are a number of payment gateways out of the box and the vendor can choose which ever he/she wants. (because not everyone use paypal right!). Its also a fair bit cheaper than all the others and provides alot more from a site admin and seller admin side of things.
I was tasked with looking into a multi vendor cart for a project that was canceled. Before it got canceled, I felt that the below were strong contenders. This is not a comprehensive list but it's somewhere to start. The requirement for multi vendor was paramount, so the listed have varying amounts of CMS/blogging etc; so they are not necessarily apples to apples.
I did get to try out magento community and using information found here http://www.magentocommerce.com/boards/viewthread/145/ got what I felt was the correct experience for multi store/vendor for my purposes. Mileage may vary depending on requirements. It's a beast though and for some reason comparison doesn't indicate the multi vendor capabilities. My impression was that Magento was definitely for the technically minded, with a very high degree of configurability available. It's a meta system for sure. The average joe business owner wouldn't stand a chance with it. However, it might be a perfect for resellers.
http://www.x-cart.com/mall_solution.html
http://www.php-shop-system.com/products/iq-cart-for-joomla-our-new-cart-component-for-joomla.html
http://www.magentocommerce.com/product/compare
I am also in search of a multi-store solution. Magento Commerce is too expensive. OpenCart now supports multi-shop but only a single user can manage the stores. I would have preferred setting up multiple stores and have different users manage each store.
I've also been undertaking research within this area and discovered the following options;
For joomla = http://www.ijoobi.com, IXXO
For Magento = http://www.unirgy.com, MVDE
There is also an interesting product called MultiCart from iScripts, and the X-Cart Pro from Qualiteam.