I'm researching in behalf of my company to implement shopify or big commerce to support our store while we still use our admin and cloud services for the rest.
Shopify offer Multipass to allow a web to redirect to the store and keep the user logged plus API and webhooks which could allow me to user's created in the store be reflected in our cloud DB.
But I can't find nothing remotely similar in Big Commerce. Am I right and Big Commerce doesn't any mechanism to integrate existing services with their stores?
BigCommerce offers three methods for accessing store data and functionality:
The web interface - This is your standard browser based control panel, where you would view data and perform functions using their UI.
The Stores API - You can develop an application (or connect an existing service using a plugin) to connect to the API using Basic Authentication or OAuth. This method could be used to poll for new users and replicate them in your remote database.
Webhooks - You can subscribe to events (like customer create or update) and parse the response object to replicate the object on your remote database.
Related
We want to integrate into many different APIs so that our users can import their data on other apps into our app or do actions on their other apps when triggered on our app.
Plain API integration.
However, integration process takes too long for many services and you have to fill lots of forms. You have to submit a request to that platform, they check it, then publish in a few weeks or months. Doing this with many different apps can take months.
I just want to delegate the authorization process to another service. For example, https://auth0.com/ can authenticate users on their platform. This way, you can just use Auth0 and users can sign up to your app from hundreds of different apps. I need something similar to that but I need the access token.
Whenever a user wants to integrate another app to our app, I will redirect the user to that intermediary service and it will handle authorization and return us the access token.
Is there a service that can do that? Is this allowed by services like Google or Microsoft?
One platform I found is apideck.com
Handles authorization process instead of you, your users can see which apps they integrated over their panel or widget.
Allows you to quickly connect to tens of api services.
I have a niche market that would benefit from having access to some custom Podio applications. I believe this group of people would pay for this access and that I would enjoy working with them to continue customizing this platform for them. I need some compensation for this development work and am trying to determine the best way to ensure the clients would pay.
My question is whether there is any way to enable/disable access to a Podio app once downloaded by the client. I realize I could develop a custom website that logged into Podio to get data for the interface and could push the data back to Podio. This approach would severely limit what customization the end user could do to the application once deployed.
Is there any way to have the Podio App make an external call that would contact my web server API to determine if the logged in user has access?
Richard
Iam a student and i making my internship. Sorry for my bad englis
The situation
2 people are building an backend for an message system. There are actual and passed messages. The main backend contains all the data from all the messages. This backend pushes only actual messages to and database from an mini backend which only contains the actual alerts. These actual alerts are provided by an api to multiple front ends such as an app.
I need to do research about api gateways which can make the data in the mini backend accesable for external developers. These developers only need to register or request an account so we know which application/developer connects with our api. We don't have end users with user accounts.
The API need to be scalable because in the future (over a couple of months) this system wil replace an old system. The current system needs to be handle more then 5.000.000 requests in a couple of minutes when sending out an emergency message/alert.
My problem
I googled a lot about authentication methods and i read about OAuth2. This is only necessary for authenticate end users with an user account? I dont have that so OAuth is to complex for my situation i think. But when i look in the documentation of several API Gateways like Mulesoft, Amazon API Gateway and some more i always come back by OAuth and not by an simple authentication token system or something.
See this link and then Creating a client registration flow. This uses OAuth or do i understand this incorrectly?
So now my questions
Is there an default method such as google or facebook uses for authenticate external applications by an API key? and how is this method/framwork/idunno caled?
Is it posible that i can/need to do this with OAuth?
Some example API gateways that can fill in my wishes will be great!
Amazon Api Gateway team here.
Our service supports native API keys which satisfy simple use cases. Are you interested in a simple mechanism to authenticate clients when they access your API? Some limitations would be that it's harder to manage a large number of keys, and there wouldn't really be any authorization to specific backend resources, only authentication to access the API in general.
http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-api-keys.html
OAuth is better for dynamic user bases where new users register and you want to be able to control access for existing users over time. It is also useful when users have personal data that only they should be able to access.
Jack
I am developing a REST based application using Web Api 2. On the project, I elected to use the individual user accounts option when I created my project. On the frontend, I am using a combination of angularjs and ios interfaces to interact with web api. I would like a user to enter their credentials and upon successful authentication, receive a jwt token(SSL) that they can use as long as the ticket hasn't expired. I read an article outlining how to create a custom storage provider, which I need as my user schema is different from asp.net identity.
What is the recommended approach to this scenario?
Can someone provide an example of how to setup .net individual accounts for authenticating users trying to access web api action methods? As stated above, the user interface is angularjs.
I recently started a new project using different carefully-chosen technologies, my project is built as follow :
The approach is API-Centric, which means I'm building a website and an iOS app communicating with an API written using Symfony2. I've successfully managed to write my API, and it is perfectly working.
To gain access to the services provided by the API, the main actors (the website users, the iOS app users and the developers) can authenticate theirself in several ways :
Clients can gain access with a login/password couple through the website interface which is communicating directly with the API through AJAX to validate the provided credentials and set a session. So, when someones logs in our website, they have automatically access to the API as well.
Developers can authenticate theirself through the API using HTTP-Basic over SSL, which will as well generate a session and give them access to the services they are authorized to call.
Also, Developers and clients can gain access to the website and the API using their facebook account through the Facebook Connect functionality. This deletes the step where each actor has to create an account on our website.
So basically, the credentials are provided either through HTTP-Basic or using the Facebook Login functionality.
Now that my authentication system is working and that my clients are able to access the website, I would like them to connect to a real-time server when they log in. Like in Facebook or Google+ if you want where the real-time server manages chat and push informations.
In this case i'm using Node.js and the powerfull socket.io library to manage everything that deals with the real-time side.
Of course, the real-time service will need some credentials to authenticate the user since he is authenticated to the Symfony security system with a session but is not authenticated against the real-time server.
A solution I've been thinking about would be to use the PdoSessionStorage in my API (Symfony side) and store all the active sessions in a database such as MySQL or PostgreSQL. Doing so, I would be able to send to my real-time server the session id generated by symfony and check on the database if the session id provided is correct or not. If he is I'll let the user access the services provided by my real-time server and associate his session with an identity.
But I really don;t know if this is a good solution and I would like some more experienced advices on this and on how to deal with this issue.
Note : For some reasons, I cannot implement OAuth even if it could be a solution to solve this issue using a Single Sign On approach.