Few questions I have as below:
Is the procedure for registering, submitting and installing the Public app is same for Private app also?
Private app uses Basic Authentication and can only be used by a merchant for his store specific requirements or customizations only. It cannot be used by other merchant, right?
How a merchant can create and install Private app on his merchant control panel? How it will get listed on the merchant's store control panel?
In the documentation, a private app technically refers to an app that uses basic authentication. It doesn't require registering, submitting, and installing, just the transference of auth credentials. If you wanted to have a "private" app that uses OAuth credentials (anything using OAuth is referred to as a public app in the docs), then you'd need to keep your app in draft status and the process would be the same as you described.
A private app could be used by multiple merchants, but it wouldn't be discoverable in the app marketplace. This was our old method for integrating apps and we recommend using OAuth.
Basic auth apps cannot be visible in the control panel. Only apps that use OAuth can.
Related
I am providing an integration to BigCommerce from our website.
I see that the auth url is called with the authorization code when app is first installed. I need to know how I can generate the authorization code with an app already installed.
I need it because there's a case where the user removes the integration from our website but our app is still installed in his store in BigCommerce. I want to show something like a 'connect' button which the user can click to generate a new access token and connect his store to our website.
I understand that I can reuse the same access token that he had before he removed the integration, but then what if the user connects a second account in our website to his BigCommerce store. In this case the access token will need to be passed between two different accounts in our website and will be an issue.
An app should only connect to a store actively, in a process that will install the app. If you're offering the ability to disable the integration outside of BigCommerce, the app should be uninstalled at the same time from the store. The same OAuth token is required to authorize any API requests for the app, which is why it needs to be stored after installation.
Is it possible to create "public developer app" for Dropbox (Business Api)?
I created a Dropbox account for "MyOrganisation" and I set up a Developer App (MyOrgApp) and retrieved appId and appkey. This App is using Oath endpoints to get the access token. When I login with MyOrganisaiton admin account credentials, I get the accesstoken which I can use to do Api calls for MyOrganisation. It works fine.
My question is that will I be able to use this App (MyOrgApp) to do Api calls for another organisation "Organisation2"? Or Dropbox apps are more like Private Apps where each Organisation needs to have their own app to make api calls?
The Dropbox Business API doesn't make a distinction between "public" and "private" API apps exactly. You can use your registered Dropbox Business API app to operate on multiple different teams, but you first need to get "production" access. You can find more information about that here:
https://www.dropbox.com/developers/documentation/http/teams#production
I am working with Bigcommerce api using oauth. I am currently in development phase. I have given auth callback url as
http://localhost:3000/resource_callback.
I am unable to get store hash in context. It is only sending scope, and code. What am I missing here? Just using http instead of https is the reason? Please help me with proper direction.
If you are receiving the Auth Callback Request but it only has code and scope query properties then the problem is how you are installing your app. At this time it is necessary to install an app directly through your store's Control Panel, rather than using a link to do the install (as is common with most oAuth implementations). The use of a link for the install is something that will likely be added in the future but oAuth on BC right now is geared towards public applications installed through the store.
That being said, it is possible to make oAuth credentials for a store even without making it a public application. Please follow the long answer seen on this question:
Can BigCommerce Private Apps use OAuth
This will cover the full process for generating oAuth API tokens from registering an app to installing into a store and beyond. Based on your question you should start at the Generate the Auth Callback Request section. If you follow the steps there then your Auth Callback Request will include the context property as well as the other two.
Update
You can now generate oAuth tokens in a store from Advanced Settings > API Accounts. As a result it is no longer necessary to install a draft app into a store for the sole purpose of generating oAuth tokens. You will still want to do this if you are developing an app for the BC App marketplace or developing a user interface for your app that you want to live in the Control Panel of the store.
Just went through the same thing. See here: Bigcommerce Authentication code. Let me know if you need more details. SSL is mandatory.
How can I use Oauth to provide authentication for my private app?
I understand it's not necessary to make the actual calls, but I want to know about protecting the whole app in a way which my client doesn't need to log in twice.
If this is not possible, how do people manage their private apps?
Question is not clear
but, Here is some info
Oauth is an autherization Flow(Protocol) for end-users to authorize third-party access to their server resources without sharing their credentials(Ie. User Name and or password).
If your app is like third-party app that request user resources(ie. email or other details) from Resource servers(ie. Google , Facebook) Then Oauth is the Fittest solution.
Keep the session cookies (access Token) for avoid log in twice.
I wanted to integrate shopify into my software.It is a desktop application.
I had went through API Docs of shopify.
Those API's would properly bring up data from my sandbox account using API key and password.
Then i came accross 'API Authentication' in shopify.
After reading those docs i was confused.
The replies after step1(http://api.shopify.com/authentication.html) was not proper.
My question is do i really need Authentication to get API response?
If not then what is the purpose of 'API Authentication'.
Plz help me out.
Thanks in advance.
From the sounds of it you've generated a private application to get your api key and password, and are passing those credentials through basic auth (i.e. in the url). This is fine.
The authentication topic you found is for public apps that are installed into many shops. They deal with generating the auth token, which does the same job as the password you already have.
So sum up: Yes, you need to authenticate to the API in order to use it but you're already doing that by using the password from your private app. Don't worry about OAuth unless you're building a public app that will be installed into many shops.