So, I stepped once at this problem. I had offered a website that used the SoundCloud API. Everything worked properly. Content was extracted from the JSON and placed in the layout of the website. However, I received an email one day from the owner of the website, which indicated that the website did not work properly. I then came out to investigate and came to the conclusion that the "problem" was not on my side, but at SoundCloud's side. I studied on the API page of SoundCloud and came to the conclusion that the API had received a major update, making the link with SC and the site no longer worked.
Lately I'm trying many new APIs to, including those from Instagram and Dribbble. I was therefore wondering if it is at all possible to ensure that such problems can be reduced in the future or it might be appropriate API pages of this third-party APIs to monitor?
There's no "right" answer. After many years of using and maintaining many APIs here are some of the conclusions I've come to:
The best providers let you work with a specific version of their API whose interface and expected behavior never changes. They might release bug fixes and new endpoints, but you can be confident that as long as the API is supported it will not break your system.
A good provider will provide an end-of-life date for each version of their API. It's up to you to keep track of when you need to update.
Paid services will often be supported longer than free services. Plus the contract / SLA will guarantee it remains available for a specific amount of time.
The most popular APIs often have mailing lists and/or blogs. For those that offer it, sign up to be notified of updates. For those that don't you'll have to monitor their blogs or news posts. And I suggest not using any service that would drop support for an API version without warning.
Related
I have an application with (nuxt js using nuxt-auth) with local authentication so far (later I want to add git and google auth).
Now I need to add authentication to invoke other services / API (like google cloud rest API, payment system, youtube API, etc...)
The question is: the user is authenticated only once (during login to the application.) but each of these 3rd party APIs has its own authentication.
How to implement multiple authentications. (I read the documentation and google for the entire day but there is no clear answer).
As of today, it looks like it is not doable (people are needed on this module): https://github.com/nuxt-community/auth-module/issues/889
So, you would need to make it manually by plugging the APIs yourself.
Answer to your latest question~comment
Nuxt is indeed nice with some of it's modules (but you can totally dislike it, no problem :D).
First thing that you need to know, is that this project (nuxt-auth) is not the biggest one, #pooya is doing his best but he is on a lot of projects, so he cannot give all of his love to it. Then, you also need to understand that it's working great but it's still in a decent beta state with a lot of missing features, needed documentation and a lot of small things to make it an all rounded solid top notch solution.
That do not mean that you should not use it, I'm just saying that this module do have some limitations. Hence, the fact that it is not supporting a whole lot of OAuth solutions in a clear + simple + flexible way. And some breaking changes may be introduced in future updates.
The module is aimed towards having an OAuth solution to block the content of your website behind it (in my opinion). It means that you will usually use a single login solution and then, being able to have access to your app. I don't think that it's a viable multi-OAuth solution (yet).
Some services don't even need to use a solution like this. Stripe for example, should not be handled on the frontend but communicate with a backend for sensitive variables and just send minimal info thanks to Stripe Elements.
That said, the most common solution is JWT or OAuth2, and you could totally have a backend service or service like Okta, Auth0 or alike, do the heavy lifting by allowing simple logins to providers (Github, Google etc...).
To sum up, you do connect to this backend/service thanks to nuxt-auth, the service itself does the provider connection and you get the best of both worlds while still connected in a secure way through your initial nuxt-auth entry point login.
Or you could try to reach the community on Discord, see if somebody knows how to do it. Or even try to read the source code to see if it is currently feasable.
And that's my 2cts.
I am wanting to pull all users in my company dropbox and then check to see if their accounts have MFA enabled. I read over the documentation for Dropbox api but did not see anything stand out where this was possible.
It's very sad to realize that a popular platform such as Dropbox doesn't expose A LOT of basic features through its API (and the SDK itself is far from being OK, compared to G-Suite). Anyway, there are two hacky methods you can use in order to pull out that information (with some limitations).
First method:
By analyzing the team events using team_members_list() you can filter out tfa_change_status_details events. When new_value=TfaConfiguration('[sms|other]', None) is specified - 2FA is enabled.
The information I found out that can be retrieved using this method is:
has_2fa - whether 2FA was ever configured.
is_tfa_enabled - whether 2FA is currently enabled.
tfa_type - whether 2FA is by SMS or by app.
However, keep in mind that you have to track changes constantly and also keep in mind that Dropbox saves team events for only two years.
Second method:
Using the front-end dashboard API this information can be retrieved (I can't remember the API name, I think that it is /2/get_multifactor and inside you'd find some information about its status and the organizational policy regarding 2FA). However, to use the front-end dashboard API (which is totally undocumented) you'd need to simulate a successful login (and correctly use the lid and jar cookies) and you'd also need to bypass the random captcha that appears when you abuse the service with too many requests.
To be honest, Dropbox's API is weak, neglected, and ugly. I wish I never had to use it. Anyway, I would recommend using the first method and pray for a significant update to the API
No, unfortunately the Dropbox API doesn't expose this. We'll consider it a feature request.
There's a feature request open for this one (https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/MFA-status-for-users/m-p/468564#M23886). But I wouldn't hold your breath, as #Aviv mentioned the Dropbox API seems surprisingly neglected at the moment.
In the past, I've been using the Delicious API available under feeds.delicious.com. When running this code today, I found out that the corresponding hostname is not available any longer (checked first time some days ago). I've already asked Delicious support directly about the state of the API, but not yet received an answer. So I thought anybody here might have more recent information, whether this is some temporary outage or the API has been cut completely?
This was likely part of the rollback to Delicious's old architecture in January 2016:
Fortunately for us, the version that the javascript site replaced has been kept alive at previous.delicious.com. This was built using a much more traditional framework, and it’s great! In fact, many of our longtime users have continued to prefer it over the main site, and frankly, so do we. Therefore, we are switching to this platform for our main site, and this transition will position us to quickly iterate in our ongoing efforts to keep Delicious thriving.
The auth URL on the documentation's OAuth page (delicious.com/auth/authorize) 404's for me as well, so I have a feeling this has indeed been retired.
I'm new to Instagram API and my question is how to get complete access to Instagram's API without any limitations - like API's that any other Third-Party Client Apps Like (6tag /ink361.com/insta(X))uses .i want to give my users complete access so they can (like - repost - regram - Edit - ...).
and as I read in the official documentation there is a Sandbox / Live Permission/Condition that developers can get to have that kind of Access.
If I understood you correctly, you are trying to built an app similar to the core functionalities of Instagram (or most of it!).
As you have said, they have introduced Sandbox features post November 17th, so any app created after that date will be running in Sandbox mode until you give it for a review.
Few things to note here:
They are restructuring their APIs, meaning there are lot more restrictions and validations!
I'm not sure, but if you search on Google about their restructuring of APIs, it clearly states that Instagram is trying to block an app which has most of the core functionalities of it - likes/posts/feeds etc. This is to secure their users' data and prevent malicious activities.
Most of the endpoints are restricted and some of the old ones are slowly being deprecated.
So, I guess from now on you can't build an app on Instagram which is similar to theirs. Regarding the existing apps which does the same, they have to remove those deprecated endpoints as these new features will be imposed on them post 2016!
At the moment, you can the endpoints available to you are documented on http://instagram.com/developer/endpoints/.
Hope it answers all your queries!
I am using POSTMAN collections to test my API before opening it up. I work with a team of developers and we would like to share/add/edit our collections amongst each other.
Doing this in source control is proving slightly tricky as can be seen in this comment on the GitHUB page:
This issue still persists in Version 2.1.1 (packaged)
The order of requests might be deterministic now, but the diff of an exported collection from two different machines and users includes data that are not related to the collections exported. The diff is full of owner and other id conflicts if there are several people working on the tests at the same time.
What is the best way that we have of putting this data in some sort of version control system? Any suggestions otherwise?
Putting it in a VCS undoubtly will give you some headaches as you mentioned. Your best bet is to use Postmans functionality to share collections. Here is from the documentation found at https://www.getpostman.com/docs/sharing
Starting with Postman v0.9.3 you have the ability to share and manage your collections more effectively. The first thing you will have to do is create a Postman account. You can create one using your email ID or a Google account. Once you are signed in after creating an account, the collections you upload on Postman are linked to your account. You can delete them later through the "Shared collections" item in the navigation bar dropdown.
Collection v2 format removes most, if not all, problems with portability.
http://blog.getpostman.com/2015/06/05/travelogue-of-postman-collection-format-v2/
The format must be highly portable so that it can be easily transported between various systems without loosing functionality.
Source Control in Postman
The question about sharing collections so that you can collaborate with your teammates has been answered a few different ways, as described in other answers of this question such as by sharing the collection or by syncing to a team account.
Version Control in Postman
The other part of the question was about putting the Postman data into a version control system. Postman introduced some version control features for the paid team accounts, like being able to restore collections to a certain point in the activity feed.
The paid team accounts also get integrations to sync their collections to their own version control systems like GitHub for example. If you're on a free account, you can use the Postman API to build your own similar integration to update the collections.
This blog post talks about some of the version control features in Postman.
UPDATE: Postman released forking and merging in Postman app v6.7.1 so you can manage version control in the app.
To automatically share your existing postman collection you can use Postman Pro.
It is a paid service provided using which a team lead can purchase the complete pro- scheme for his team and work as an admin.
Postman pro enables the following and many more:
Any changes in the API are automatically reflected in Postman for all member
Members subscribe to the collections from the Team library and get notifications of any changes.
For more information you can refer:
https://app.getpostman.com/dashboard/team-upgrades
This is what I use with my team of automation testers.