Look at the API i used
https://{{apikey}}:{{password}}#{{yourstore}}.myshopify.com/admin/products.json
while calling the Shopify API in Post Man it's working, data is getting from Shopify Store
Problem is that While calling API in Angular 2 only getting the issue "CORS-ORIGIN"
You should not make front-end calls to the API as that exposes your private API Key to the world. You can re-think your pattern of use here with a read up on using API App Proxy calls. You can thn safely make XHR calls using the App Proxy to call the API and return results. No more CORS problems and security!
Related
I have my website in Angular and NodeJs(backend). Now I am developing the app with the same website functionality in React Native.
This is my authentication flow
Firebase phone(OTP) auth
Setting cookies and userId
Since browsers implement cookie storage, I don't have to manually store the session id
To get data/call the APIs, I use passport.js(req.isAuthenticated()) as middleware
I read articles on how to do the same steps, but I didn't get clear information. I want to follow the same approach in React Native APP(since our APIs are already defined and configured). Since I am using Axios, it would be great if I can get some insights on how to send withCredentials: true & some headers globally configured to all the APIs. Any articles on how to perform these would be great too.
I basically have the same question as what is detailed here: Login redirect with asp.Core 2.0 and React. But that post never got an answer.
I've searched quite a bit and pretty much my problem is also touched on here here: https://github.com/aspnet/JavaScriptServices/issues/1440
I want to create a react front end application, but use .net core for the backend. I've used the .net core template with react redux as my boilerplate. I've also configured the .net identity on my backend. So I can actually use [Authorize] on my api calls and it works. By this I mean that if someone is authenticated the api returns data and if no one is authenticated it returns whatever the default redirect page is. I can confirm this by looking at the response on my chrome debugger and I see that it is showing the html for the register page which I've defaulted my login path to in configureapplicationcookie options.
The boiler plate is setup to serve up pages from the react client folder and uses react router. Therefore, I cannot set up any links to pages on my server. However, I'm able to manually navigate to my server pages for example /Account/Login and successfully login. My api calls through the links on the react front end then seem to work just as I would like.
What I would like to do is:
make calls from my react application to my server api
upon unsuccessful access to any api endpoint, redirect the user/request to my register page on the .net core server
have the user register and/or login and then redirect them to the route they came from through the react application.
Is this possible? Is it advisable?
I understand that you can manage all this on the front end using IdentityServer as detailed here: http://docs.identityserver.io/en/release/quickstarts/7_javascript_client.html. However, if all the infrastructure can be quickly spun up in .net and I can leverage the authentication templates, then I want to experiment with that setup and save time. Plus if this is feasible, why bother doing the setup on the front end using a 3rd party login provider? What am I missing?
I am working with REST APIs in PHP for an iphone app. I am wondering that how can I block calls from sources other than the iphone app. How does server know that it is a call from a valid soure?
You can't with 100% certainty block requests that are not made from a phone. If a public client has access to an API, then you can also fake it.
I am developing a laravel web application. I want to get third pary website ( Mavenlink ) --> http://developer.mavenlink.com/ API Data. but i am new in api developing. how to get only the API of external site.
API URL : https://api.mavenlink.com/api/v1/
How to get the data with Laravel 4, once i googled, i can see a OAuth2 tokens . What is this ?
Please give me good solution for this, Now am stoped my project.
Thanks & Regards
What you are looking for is using Guzzle. It will enable you to make all of the HTTP calls you need for an external API. See this article: How to autoload Guzzle in Laravel 4?
I am trying to register a carrier shipping service with Shopify's API but not exactly sure where to place the API call to register the shipping service. So far I have an APP and able to athenticate and install the app into a test store successfully but how does Shopify store make the call to initialize and register the service after installation?
The API documentation states making a curl call:
curl -X POST -d #carrier_service.json -H"Accept:application/json" -H"Content-Type:application/json" -H"X-Shopify-Access-Token:TOEKN" https://aztest-3.myshopify.com/admin/carrier_services
Where should I make this call from?
you can make this call from any terminal window that's connected to the internet.
most people would use their own computer's.. I ran mine from heroku.
I faced the same dilemma when attempting the same thing.
It makes sense that when the App is installed, it saves the access token provided in the response from Shopify in the App's persistence layer. When that save is completed the App can then initiate a session with the shop. With a session a call can be made to setup the Carrier Shipping callback and the App is then ready to go. A rate request will hit the designated end point and it is then (at least partially) responsible for providing shipping rates.
Ideally, you should have some kind of framework that handles the OAuth flow, storing authentication data for later use (like the Ruby or Python implementations, or your own). In this case, you would want to use the framework's method for sending requests to Shopify, and not send requests manually through curl. The curl requests in the documentation are for quick-example's sake, allowing you to try out the requests yourself easily.
If you insist on triggering these requests manually, I would highly suggest using Postman- It's much more human-friendly than curl and has some great time-saving features.