The demo site of storefront doesn't provide customers to enter their address for delivery or am I missing something here. Managing it back in the platform is possible. However, it could be better if it is available in storefront having clients to immediately enter their address when managing their account. Any help is greatly appreciated!!
You have availability to manage personal addresses in the cabinet, it will be accessible only after in the storefront authentification (sign in).
Related
We are tech start-up developing an application and would like to utilise the messaging and connections api.
It looks like this would require special approval from you since the API documentation is saying "Usage of this API is restricted to approved partners, subject to limitations via API agreement."
https://learn.microsoft.com/en-us/linkedin/shared/integrations/communications/messages
We have added all the available products in the application dashboard but that seem to be not adding all the scopes we need to make these calls.
Could someone help us with the process of the product we need to have to get the correct permission so that we can access those APIs?
Thanks
Robi
I am looking to implement a hangouts chat bot for my customers. I am fairly new to the Google ecosystem, so I apologize in advance if some of this is obvious.
Here is my basic confusion:
It looks like in order to access the REST api the chat api requires a service account.
Does this mean that I will have to ask every customer to create a service account using their Google cloud account?
Corollary to the above is: Does every GSuite account have a Google cloud platform account associated with it?
If the service account has to be created, would the customer somehow need to share the private key for that account with me in order for my application to make calls on behalf of the service account.
My end goal is to give my customers a seamless experience where they can choose to
Install my bot in the Google Chat app for their GSuite domain
At the time of install get some information about their domain
Whenever a message is sent to the bot (DM or Room), identify who the message is coming for and in which GSuite domain, and reply accordingly.
Is this possible? Am I missing some very obvious Google concepts?
Thanks in advance.
If your customers have a normal email they can't connect with you. For more information refer this link
Considerations
The service account is used from your bot to access the Google REST APIs. It has a service account for your Google Cloud Project. There is no need for every user to have an service account enabled nor for them to give your their private key (never share private keys).
Approach
You can build and deploy Google Chat Bots directly using Google Apps Script. For your application I suggest you to use the tutorial in this page: https://developers.google.com/hangouts/chat/quickstart/apps-script-bot
Reference
Creating new Bots
What is the Vault option in Magento 2 and how does it work? I looked at the BrainTree documentation but did not find anything related to it. Is is feature of Magento 2 or BrainTree?
Full disclosure: I work at Braintree. If you have any further questions, feel free to contact support.
The Vault option is a Braintree feature which Magento has integrated. The Braintree Vault allows a merchant to store a customer's payment information and charge that customer, so that a customer does not need to enter their payment information multiple times. For more information on the Braintree Vault, check out this documentation.
When using the Braintree Vault within Magento, be sure to set Enable Vault to Yes. For more information on configuration, check out this Magento documentation.
I'm developing a B2B web app and one of the planned features is to initiate and process payments from a user's PayPal account to a third party email (for example to pay a supplier on the user's behalf). Assuming I can get users to authorise our integration with their PayPal account, is there existing functionality from PayPal (presumably through an API) to enable us to do this? If there is does anyone know what the functionality is called and what level of authentication/permission I'd need from users?
Many thanks for any help.
Take a look at the PayPal Permissions API.
I am in need of advice on how best to tackle the following scenario and best practices to implement it.
Our company wants to overhaul its old IT systems and create new website app(s) and possibly mobile apps down the line for its employees and contractors to interact with.
So i was thinking about creating an api that both the website apps and mobile apps could be created from...
https://api.company.com/v1
The advice i need is in relation to security/authorization of the api. My thoughts at present in how to implement this would be that the employees/contractors would interact with the api through the companys website app(s)/mobile apps which would then communicate with the api and set the appropriate access permissions
WebsiteApp.company.com ->>> api.company.com/v1
mobileapp ->>> api.company.com/v1
First thoughts is just setting up a username and password for each user on the api side and let both the websiteapps and mobile apps use this. The problem however is that the contractors and possible some employees cannot be fully trusted and could pass on username and passwords to third parties without the company's permission. So my question is really what other security/authorization/authentication strategies should i be looking at to overcome this situation. In a perfect world each user would have to authorize each device/mobileapp/websiteapp he/she wants to access the api from...
Is OAuth 2.0 capable of this?, not sure if its capable of specific user/device/website scenario though ?
Technologies thinking of using are:-
API
Node.js with (Express js? or Restify?) , MongoDb
Consumer Apps
Website Apps (Angular Js, Backbone etc..)
Mobile Apps (PhoneGap, Jquery Mobile etc..)
Many Thanks
Jonathan
It seems that your main concern is that you can't trust the people you are giving access to, and if this is the case, you probably shouldn't be trying to give them access in the first place. If these apps are to be used for any confidential information or intellectual property that you are worried about someone else seeing if the contractor/employee gives away their password, then you have to consider the contractor/employee just taking the information and giving it away.
In this situation your username/password should suffice for authentication, however you should also consider very tight permissions on who can access what. If you are worried about information getting out, everything should be shown on a need-to-know basis. If a contractor doesn't need a specific piece of information, make sure it isn't provided to his account.
You could also consider tracking the locations (IPs) that an account is being accessed from. Perhaps when an account is accessed from a new location have the employee/contractor complete some task to validate the account; which could be anything from entering a validation code (similar to a two-factor authentication), to calling a help-line and having the location authorized.
This might be a bit late, but as i am going through the same process (What is the correct flow when using oAuth with the Resource Owners Passwords Credentials Grant)
We have not figured out the core implementation what you want to do sounds similar to what we are trying to do for our service.
From my understanding it depends on the apps and if they are trusted or not and what you plan to do with your API moving forwards. If the apps are trusted you could potentially use HTTP-Basic over SSL which is a viable solution.
For us, we are going to create a suite of trusted official apps (Web, Mobile etc) via the API and then open it up, so we are deciding to go through the pain of oAuth2 where for our apps we will use the Resource Owners Passwords Credentials Grant type where you swap a users user name and password for a token which is what the client will use to interact with your API with the trust implicitly defined.
When we open up the API for 3rd party consumption this model wont work and we will go through the processes that all the major sites do and get explicit permission from the user on what the 3rd party apps can do with their data.