How to get the API key for the authentication purposes for posting the request to get the email previews using Litmus?
There are actually a few different Litmus Preview APIs to cater to different use cases. We're in the process of simplifying this, partly in the hope of making the experience for a new API user a little more obvious.
If you reach out to hello#litmus.com we'll direct you to the appropriate API version and how to obtain your key.
Related
My aim is to select some text from a web page, start a google chrome extension and give the text to a google cloud api (Natural Language API) in my case.
I want to do some sentimental analysis and then get back the result to mark/ highlight positive sentences in green and negative ones in red.
I am new to this and do not know how to start.
The extension consists of manifest, popup etc. How should I call an API from there that does Natural Language Processing?
Should I create a Google Cloud Application with an API_KEY to call? In that case I would have to upload my credentials right?
Sorry sounds a bit confusing I know but I just don't know how I can bring this 2 things together an would be more than happy about any help
The best way to authenticate your app will depend on the specific needs and use cases of your application. You can see an overview of all the different methods here.
If you are not planning on identifying users nor on using a back end server that handles authenticating (as I assume to be your case), the best option would indeed be to use API keys. They do not identify the user, but are enough for the Natural Language APIs.
To do this you will need to create an API key for the services you want and add the necessary restrictions to make the key as secure as possible. Detailed instructions on how to do this and how to use the key in a url can be found here.
The API call could be made from within the Chrome extension with any JavaScript method capable of performing POST requests. For example using XMLHttpRequest or the Fetch API. You can find an example of the parameters that need to be included in the request here.
You may run into CORS issues when making the request directly from the extension. I recommend reading this answer, where a couple of workarounds for these issues are suggested.
I am wanting to pull all users in my company dropbox and then check to see if their accounts have MFA enabled. I read over the documentation for Dropbox api but did not see anything stand out where this was possible.
It's very sad to realize that a popular platform such as Dropbox doesn't expose A LOT of basic features through its API (and the SDK itself is far from being OK, compared to G-Suite). Anyway, there are two hacky methods you can use in order to pull out that information (with some limitations).
First method:
By analyzing the team events using team_members_list() you can filter out tfa_change_status_details events. When new_value=TfaConfiguration('[sms|other]', None) is specified - 2FA is enabled.
The information I found out that can be retrieved using this method is:
has_2fa - whether 2FA was ever configured.
is_tfa_enabled - whether 2FA is currently enabled.
tfa_type - whether 2FA is by SMS or by app.
However, keep in mind that you have to track changes constantly and also keep in mind that Dropbox saves team events for only two years.
Second method:
Using the front-end dashboard API this information can be retrieved (I can't remember the API name, I think that it is /2/get_multifactor and inside you'd find some information about its status and the organizational policy regarding 2FA). However, to use the front-end dashboard API (which is totally undocumented) you'd need to simulate a successful login (and correctly use the lid and jar cookies) and you'd also need to bypass the random captcha that appears when you abuse the service with too many requests.
To be honest, Dropbox's API is weak, neglected, and ugly. I wish I never had to use it. Anyway, I would recommend using the first method and pray for a significant update to the API
No, unfortunately the Dropbox API doesn't expose this. We'll consider it a feature request.
There's a feature request open for this one (https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/MFA-status-for-users/m-p/468564#M23886). But I wouldn't hold your breath, as #Aviv mentioned the Dropbox API seems surprisingly neglected at the moment.
I know that Airbnb haven't opened their API to the public yet, but searching the internet I found some people are using it.
I tried to contact them, and also Airbnb, but without any answers.
Does anyone here knows any contact email, page, or phone number that I can refer to?
I have read here that you can find your API key by looking at the requests that AirBNB uses in their own website. So use the web-developer tools in chrome, or firefox, or firebug in firefox and search trough the requests in the network panel until you find the key being used in any JSON request. Some urls contain this key param, you copy that :) works for me!
Oh BTW, i'd like to remind you that the API is currently not officially released to fetch data in the background while you are logged in. When you use this key, they'll know your identity. You might get blocked or at least warned by AirBNB for using their API while you are maybe not allowed to. Read their terms & conditions to make sure. I am not taking any responsibility, of course ;)
You can now find your API key on the meta tags of the source code when logged in to your dashboard. Search for canonical_host and you will find:
{"canonical_host":"www.airbnb.com","api_config":{"key":"<your-api-key>"}
Just to update this set of answers, the api is on the following address but you need to request access first.
https://www.airbnb.com/partner
It offers an FAQ that informs you about the process and it will always be updated
As far as I can tell, they have shut down this service as of today.
"Unfortunately, this is no longer available" will be what the API returns.
EDIT:
It started working again after a few days. Very odd, maybe an internal problem, or we were rate limited or something.
Log into Airbnb.com, open up the web developer console, go to the network tab, filter by type json, and look at the url and find "client_id".
I found this answer here
My app is a Personal Assistant who's main job is to redirect the user to something that complies with his/her wishes. I realize, for example that AllRecipies.com has no API. My question is that can I, say open the browser app with the url as
http://allrecipes.com/search/results/?wt=QUERY>&sort=re.
Is this considered as using their API? Not just AllRecipies, but numerous other such services. If I am using this method, then do I have to request API key, etc? I am not retrieving anything. I am simply redirecting the user to their page with the query pre-written. Does this require all the licensing fees, API Key, etc?
Do I have to agree to this fees(If they ask), Request API Key, etc?
With the particular URL in question, it is simply an HTML web server URL, rather than a web API, as such. You can still get data out of it, but you'd have to parse the HTML yourself to extract what you want from the HTML response.
They may have an API that you can use to access data more directly as JSON, XML, etc, but you'll have to look into that yourself. And you will possibly require an API key to access it. But perhaps not, if it's publicly available and they don't care how many calls they get to it by anonymous users.
You may find this resource useful. It contains a lot of open APIs and code snippets to access them: http://www.programmableweb.com/
If you are simply trying to hit a URL or directing a user to this particular URL which you already know and is static meaning you always hit the same url without change in parameters, then this is not considered an API call and will not be requiring any API key.
However, if they have some APIs exposed, you will need to go through their documentation and using this API most likely requires the use of an API key(alhough this might not be true always). Usually, most platforms have a bunch of APIs available for different scenarios and these are called based on user specific parameters and requirements.
I've been looking around at various APIs, and since twitter seems to be a common discussion point, I'll use it as an example.
A lot of APIs are implementing oAuth which is great for allowing the service to authenicate and authorize the application connecting to it, however, from what I have seen there doesnt seem to be a way for the application to verify that Twitter is actually Twitter (and not a man in the middle based attack)? I would expect to see some kind of signature (using a shared / public key) of the response body which I can use to validate that twitter signed it.
Is it just because currently there isnt really a point to a man in the middle attack with twitter tweets since currently, whats the worst that can happen (and why would someone want to give me invalid tweets)
On this point, if you were to sign the response, what method would you use? Im currently considering a HMAC-SHA1 signature of the response body using a shared key.
This is what the 'trust' part of SSL does.
-- Edit
I note this has been downvoted, but it's important that other readers realise it's due to a personal disagreement, not due to incorrectness.
In the .NET world we use WCF, which has many different security models, including signing (and if desired encrypting) each message/response. This adds up to a non-trivial amount of overhead, but can give you more 'trust' in the security model. You can switch to using binary-serialized data to cut down on the bloat and message size if you desire.
I'm not sure what other Web Service APIs offer in that area, though I'm sure someone else can add further details as needed.