Can I restrict access to podio app after downloaded by client - podio

I have a niche market that would benefit from having access to some custom Podio applications. I believe this group of people would pay for this access and that I would enjoy working with them to continue customizing this platform for them. I need some compensation for this development work and am trying to determine the best way to ensure the clients would pay.
My question is whether there is any way to enable/disable access to a Podio app once downloaded by the client. I realize I could develop a custom website that logged into Podio to get data for the interface and could push the data back to Podio. This approach would severely limit what customization the end user could do to the application once deployed.
Is there any way to have the Podio App make an external call that would contact my web server API to determine if the logged in user has access?
Richard

Related

How do I retrieve the catalog of a music service?

I am building an app that integrates nicely with Sonos speakers.
I would like to provide the user the ability to select the container (playlist/stations/...leafs of the tree here) of the music service provider. Say Amazon or Spotify...
I managed to understand the vast majority of the SOAP calls however, I could not figure out how to query the user's selected service (devicelink) and provide the same list that the Sonos controller show.
How do I do that?
thanks!
This is not currently supported by the Sonos APIs and many music services take steps to ensure that only Sonos controllers can browse their catalog.
Sonos decided that access to music services should no longer be allowed by third-party-apps some time ago.
I figured out how it works and made a complete walkthrough here, https://Sonos.svrooij.io/music-services.html
It makes a second connection to the specific music service, just for browsing the catalog.
get some data from the Sonos device
Request an auth code for the service
Let the user login
If the user responded, request an access token and a refresh token.
Save these tokens in your Sonos system (optional)
Use the tokens to talk to the music service
Save and use the new access token if it is expired (optional)
You can also use my sonos-ts library, which has support for music services that require authentication.

Confusion about authentication in Azure Logic Apps

I am building my own SaaS app and see Logic Apps as a nice way to extend it with functionality like getting files from other sources like Dropbox and Onedrive and also to save data directly to SalesForce or dynamics CRM.
All the examples I have seen so far just authenticate in the Logic Apps designer for these third party services but then it is specific accounts on Dropbox or Dynamics that are used.
What I need is for the currently logged in user in my app to be able to get files from his Dropbox account or push data to his Dynamics account. How would we achieve that? We can not hardcode that stuff anywhere.
Best regards

What options do I have to sign in in big commerce?

I'm researching in behalf of my company to implement shopify or big commerce to support our store while we still use our admin and cloud services for the rest.
Shopify offer Multipass to allow a web to redirect to the store and keep the user logged plus API and webhooks which could allow me to user's created in the store be reflected in our cloud DB.
But I can't find nothing remotely similar in Big Commerce. Am I right and Big Commerce doesn't any mechanism to integrate existing services with their stores?
BigCommerce offers three methods for accessing store data and functionality:
The web interface - This is your standard browser based control panel, where you would view data and perform functions using their UI.
The Stores API - You can develop an application (or connect an existing service using a plugin) to connect to the API using Basic Authentication or OAuth. This method could be used to poll for new users and replicate them in your remote database.
Webhooks - You can subscribe to events (like customer create or update) and parse the response object to replicate the object on your remote database.

application authentication API

Iam a student and i making my internship. Sorry for my bad englis
The situation
2 people are building an backend for an message system. There are actual and passed messages. The main backend contains all the data from all the messages. This backend pushes only actual messages to and database from an mini backend which only contains the actual alerts. These actual alerts are provided by an api to multiple front ends such as an app.
I need to do research about api gateways which can make the data in the mini backend accesable for external developers. These developers only need to register or request an account so we know which application/developer connects with our api. We don't have end users with user accounts.
The API need to be scalable because in the future (over a couple of months) this system wil replace an old system. The current system needs to be handle more then 5.000.000 requests in a couple of minutes when sending out an emergency message/alert.
My problem
I googled a lot about authentication methods and i read about OAuth2. This is only necessary for authenticate end users with an user account? I dont have that so OAuth is to complex for my situation i think. But when i look in the documentation of several API Gateways like Mulesoft, Amazon API Gateway and some more i always come back by OAuth and not by an simple authentication token system or something.
See this link and then Creating a client registration flow. This uses OAuth or do i understand this incorrectly?
So now my questions
Is there an default method such as google or facebook uses for authenticate external applications by an API key? and how is this method/framwork/idunno caled?
Is it posible that i can/need to do this with OAuth?
Some example API gateways that can fill in my wishes will be great!
Amazon Api Gateway team here.
Our service supports native API keys which satisfy simple use cases. Are you interested in a simple mechanism to authenticate clients when they access your API? Some limitations would be that it's harder to manage a large number of keys, and there wouldn't really be any authorization to specific backend resources, only authentication to access the API in general.
http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-api-keys.html
OAuth is better for dynamic user bases where new users register and you want to be able to control access for existing users over time. It is also useful when users have personal data that only they should be able to access.
Jack

Office365 - Application authentication with no user consent

We've been working with EWS Managed services for a while now, however we would like to transition over to using the RESTful API for Office 365.
Is it possible for an application to access all of our users data without their consent? We have an in-house application that we would like to get some O365/Sharepoint data to our users. Using SSO isn't really an option, as we don't want to keep asking our users to give consent (we assume they already give it). Specifically, we want access to calendars and mail.
Are these "service/application level" accounts available in O365 yet? I think I read a while ago that they are on the roadmap but I have not seen anything since.
Would it be best for us to continue using impersonation with EWS for now until it is ready? (For some reason, EWS is painfully slow when getting data, meanwhile our tests with O365 SSO are a great deal faster, but we do not want SSO).
Apologies if this does not meet the requirements for SA questions. Thanks.
EDIT. Daemon and Service Apps are now possible with Office365. Check out this link.
Building Daemon or Service Apps with Office 365 Mail, Calendar, and Contacts APIs (OAuth2 client credential flow)
App-level authentication is coming soon. Basically an organization administrator will have to consent to allow the application access to mailboxes in their organization, then you'll be able to authenticate as the app, rather than acting on individual users' behalf.
I'd say keep working on your prototype using the user consent model that's in place now, and keep an eye on our blog or my Twitter account (#JasonJohMSFT) for the announcement for app-level auth.