I want to write an app for BigCommerce.
On the BigCommerce developer website, it says
"Before you begin, you’ll need a sandbox store. BigCommerce offers app developers free sandbox stores through its Technology Partner Program. To get your sandbox store, apply to become a BigCommerce Technology Partner. To be approved as a partner, you will need:
A website.
The ability to support users of your app."
I have written code to modify themes using trial stores in the past without being a partner. (That is not what I am trying to do here, I did that in the past. I am trying to write an app, ANY app. I made the statement about modifying themes with a trial store to emphasize the fact that I know that I can do that and I am assuming that the sandbox store has other capabilities like the ability to access the control panel code.) As far as I can see, an app will need to integrate with the control panel code that I cannot see from just having a store. So, I am assuming that the sandbox store issued when approved as a partner will have this capability.
I sent an email to BigCommerce asking about the approval requirements and their reply was this.
“you must prove that you are an application developer. This consists of a website where you showcase the functionality and current companies that are possibly using your app.
If you have issue with the requirement to be approved as a partner you will need to speak with the team that does the approvals. Partnersupport#bigcommerce.com”
This reply came from appstore#bigcommerce.com. Why wasn't my email forwarded to Partnersupport#bigcommerce.com to begin with so I could get a more comprehensive answer? I did forward it to them and I am still waiting for an answer.
I am confused about this requirement.
I want to write a BigCommerce app. Are they saying that I cannot write a BigCommerce app unless I have written a BigCommerce app before? Are they saying that I have to have written other apps in general? If I write a great app, why would it matter if it is my first?
After I write the app, I can set up a webpage for it and submit it for approval.
How can I "showcase the functionality and current companies that are possibly using your(my) app" when it is an app specifically written for BigCommerce?
I cannot write the app unless I understand how to integrate it with BigCommerce.
As far as I can see, I cannot understand how to integrate it with BigCommerce unless I am a partner.
Am I missing something here?
Is there some other way to approach this?
Sr Marketplace Mgr for BigCommerce here. I think there are a few items of clarification I can offer:
You do not have to have an existing BigCommerce app to be approved for a partnership. You do however need some evidence of your existing work. If you don't have a portfolio, website, or other examples of your development work, it's difficult for our Partners team to determine if you're a qualified developer.
Partner apps will not have access to modify the BC control panel or core code. Apps must use our public APIs to work with a BC user's data or settings. Any settings that are in the CP but not in our APIs can't be modified directly via an app.
Any storefront changes - such as an edit to a BC theme to display weight in two different units - would have to be done using HTML/CSS/JS in the theme itself. We don't have an API for programmatically changing a storefront theme at this time.
If any of your questions for BigCommerce involve your app or app development, you'll need to direct them to my team at appstore#bigcommerce.com. Directing questions regarding your app to partnersupport#bigcommerce.com will be forwarded to my team. That channel is primarily for questions around the Partners program in general, and won't be able to provide detailed support on the app developer program.
Hopefully this clears up some of your confusion, please reach out to me at appstore#bigcommerce.com and I'll be happy to respond myself if you need more info.
Cheers - John
An application-programming interface (API) is a set of programming instructions and standards for accessing a Web-based software application. Could someone explain to me in case of Google maps or Youtube which is the API and which is the software application? Are both visible to us and how? I know there are tons of articles out there, however I cannot clarify the above. APIs are like the waiters that transfer data among different machines. Okay, which exactly is the Google maps API and how do we call/use it? And which is the Google maps software application which is accessed by the API? When we write for example http://maps.google.co.uk/ do we call the API? My query may seem silly but I cannot find a good answer for that.
An application-programming interface (API) is a set of programming
instructions and standards for accessing a Web-based software
application.
Firstly, an API is not just for web-based software. Even your computer's OS provides APIs for hardware and software installed in the box.
For your question, an API is a method (code instructions) to connect your application to the features of another system. Allowing your application to use thay system's features as provided via the API.
Could someone explain to me in case of Google maps or Youtube which is
the API and which is the software application?
In the case of Youtube... Let's say you are making some Android video player app that you also want to be able to playback Youtube videos within that app. The software application is your own Android player code and to access the Youtube data you would use Youtube's Android API.
An example of using the API is this module : YouTubePlayer which as you can see provide API commands like loadVideo(String videoId, int timeMillis). Where videoId is the Youtube ID and timeMillis is the desired start time within the video).
When we write for example http://maps.google.co.uk/ how do we call the
API?
That's not how you would call the API. You must first visit the documentation of the API to see how it's expected to call features within your own app.
Google Maps : https://developers.google.com/maps/documentation/
Let's assume now you're coding a Javascript app, you can see the commands here as a startng point. There is also an example page showing code & result.
Simple terms:
API = the waiter
Application Software = the chef
You order from the waiter. The waiter brings it to the chef. The chef prepares the food. The waiter then brings you your food. Then you figure out what to do with the food; eat it, take it home, throw it on the floor, let your dog eat it, give it the homeless, etc...
A website, app, etc... would send an API request (your order with the waiter) to Google Maps (the chef). If your API request is valid, Google Maps will send back an response (your cooked food with the waiter). Then the website or app takes the returned data and displays it in their custom way to you.
In the case of Google Maps, apps like Yelp and others use Google Maps' API to request specific data; routes, addresses, etc… and then they display it on their app.
To make an API request/call you have access to use the API, format it correctly, and figure out what to do when Google sends a response back : https://developers.google.com/maps/documentation/
API is a set of functions and procedures that allow the creation of applications which access the features or data of an operating system, application, or other service.
An API is like building block for your application. Multiple API's can exchange data without knowing the other's implementation. In a good design pattern , we should design API's for different independent tasks and then merge them.
Google Maps API
This is the google maps API which a developer can use to develop his own piece of software.
Whenever we use any software and it's different features, we might be using their API's without generally knowing of them.
A software application is always visible to us, but an API is visible only if the developer wants to expose it for community use.
EDIT
Using Google maps API
This link has the documentation and examples on how to use the google maps API using javascript.
Hope it helps!
When you use software, web applications included, you are in most cases using a wrapped API. Software developers took the time to take a raw back end API which executes commands on the system, and made these endpoints easy to use for a specific user in an intended universe of discourse, or domain. End users do not have direct access to everything the API has to offer all at once, so it is not "available" in the same sense that it is available to the developers, but it is available in another sense because they are using the API to execute commands on the system by virtue of the Application that was Programmed with that Interface existing and working.
The Google Maps API is used to integrate the power of Google Maps into almost any application. It provides facilities for customization and much more. When you use the Google Maps webapp, it is, to my knowledge, built using many components of the Google Maps API, as are the Google Maps apps for any other platform, such as Android. Does this mean you as a user are using the API? Only through the application; the application talks to the API for you.
“An application programming interface (API) is a set of routines, protocols, and tools for building software applications. An API expresses a software component in terms of its operations, inputs, outputs, and underlying types. An API defines functionalities that are independent of their respective implementations, which allows definitions and implementations to vary without compromising each other. A good API makes it easier to develop a program by providing all the building blocks.
APIs often come in the form of a library that includes specifications for routines, data structures, object classes, and variables. In other cases, notably SOAP and REST services, an API is simply a specification of remote calls exposed to the API consumers.
An API specification can take many forms, including an International Standard, such as POSIX, vendor documentation, such as the Microsoft Windows API, or the libraries of a programming language, e.g., the Standard Template Library in C++ or the Java APIs.
An API differs from an application binary interface (ABI) in that an API is source code-based while an ABI is a binary interface. For instance POSIX is an API, while the Linux Standard Base provides an ABI”.
To speak plainly, an API is the messenger that runs and delivers your request to the provider you’re requesting it from, and then delivers the response back to you.
To give you a familiar example, think of an API as a waiter in a restaurant.
Imagine you’re sitting at the table with a menu of choices to order from, and the kitchen is the provider who will fulfill your order.
What’s missing is the critical link to communicate your order to the kitchen and deliver your food back to your table.
That’s where the waiter (or API) comes in. ”AHEM”
The waiter takes your order, delivers it to the kitchen, and then delivers the food (or response) back to you. (Hopefully without letting your order crash if designed correctly)
Now that we’ve whetted your appetite, let’s apply this to a real API example. In keeping with our theme, let’s book a flight to a culinary capital – Paris.
You’re probably familiar with the process of searching for airline flights online. Just like at a restaurant, you have a menu of options to choose from ( a dropdown menu in this case). You choose a departure city and date, a return city and date, cabin class, and other variables (like meal or seating, baggage or pet requests)
In order to book your flight, you interact with the airline’s website to access the airline’s database to see if any seats are available on those dates, and what the cost might be based on certain variables.
But, what if you are not using the airline’s website, which has direct access to the information? What if you are using online travel service that aggregates information from many different airlines? Just like a human interacts with the airline’s website to get that information, an application interacts with the airline’s API.
The API is the interface that, like your helpful waiter, runs and and delivers the data from that online travel service to the airline’s systems over the Internet.
It also then takes the airline’s response to your request and delivers right back to the online travel service .
And through each step of the process it facilitates that interaction between the travel service and the airline’s systems - from seat selection to payment and booking.
So now you can see that it’s APIs that make it possible for us all to use travel sites. They interface with with airlines’ APIs to gather information in order to present options back to us
The same goes for all interactions between applications, data and devices - they all have API’s that allow computers to operate them, and that's what ultimately creates connectivity.
API’s provide a standard way of accessing any application, data or device whether it is shopping from your phone, or accessing cloud applications at work.
So, whenever you think of an API, just think of it as your waiter running back and forth between applications, databases and devices to deliver data and create the connectivity that puts the world at our fingertips. And whenever you think of creating an API,
--MuleSoft
I am building a Web application, and Web API. The Web application will do ajax call to the server and receive JSON results. The same will happen to the Web API.
I am planing to ask developers to use keys to access the Web API so that I can charge for their uses of it.
The problem is the Web API will be use by the Web application to get the content for the web pages. Is there a way to know if it is my Web application using the Web API or someone trying to highjack the API so that they don't have to pay for it?
I am using PHP on my server.
It's difficult to protect completely but there are techniques that help. ApiAxle (disclaimer: my company) gives you the option of using short lived keys. These will be impossible for a leecher to generate without knowing your secret key. Paired with rate limiting you're getting somewhat closer to where you want to be.
Not foolproof but a start.
When trying to secure something on the web, it might be useful to think about how you want to protect the information that you provide by the api before you try to find a technique for protecting the api.
An example:
Say that your api provides the current weather in London and your web application is an open web page that provides this information while also showing some web ads. You don't want someone else to use the api and show the Lonodn weather somewhere else without showing the web ad because that would ruin your sole income from this service.
You could limit access to the api by providing i.e. short time keys or another complicated protocol, but the problem here is that the information you provides, the London weather, is available to anyone on the web page anyway. If someone wants to "steal" your information and provide the London weather on a different web site they can just write a script that loads your web application, reads the information from the web page and display this in their own web application.
If a person is able to access the information, then he can also write a script that reads this information and display the information somewhere else.
Securing information is actually more about limiting who you want to give access and not so much about how they should get access. If you or your clients makes this information freely available on the net in one form or another, then you cannot (technically) prevent someone else from picking it up and redistribute it.
Twitter offers 'web intents' that are an alternative to OAuth access to their API. Basically, this provides a less feature rich experience, but can still be quite handy. User clicks on 3rd parts websites can create popup windows that check whether the user is logged in to twitter and if they are, allows them to us some Twitter features such as tweeting, retweeting, or following users.
My question is, how could I go about implementing an API like this? Are there tutorials or libraries? I'm not sure what technologie(s) power web intents or where I should start searching.
Thanks.
You can read more about web intents at webintents.org and read the W3C's draft spec. As far as I know, web intents are still somewhat of a new beast on the web and they have not been standardized.
Still, you may want to read this blog which contains a few examples of registering web intents and check out Paul Kinlan's git repo https://github.com/PaulKinlan/WebIntents
Hope that helps you get started.
I have a website that revolves around transactions between two users. Each user needs to agree to the same terms. If I want an API so other websites can implement this into their own website, then I want to make sure that the other websites cannot mess with the process by including more fields in between or things that are irrelevant to my application. Is this possible?
If I was to implement such a thing, I would allow other websites to use tokens/URLs/widgets that would link them to my website. So, for example, website X wants to use my service to agree user A and B on the same terms. Their page will have an embedded form/frame which would be generated from my website and user B will also receive an email with link to my website's page (or a page of website X with a form/frame generated from my server).
Consider how different sites use eBay to enable users to pay. You buy everything on the site but when you are paying, either you are taken to ebay page and come back after payment, or the website has a small form/frame that is directly linked to ebay.
But this is my solution, one way of doing it. Hope this helps.
It depends on how your API is implemented. It takes considerably more work, thought, and engineering to build an API that can literally take any kind of data or to build an API that can take additional, named, key/value pairs as fields.
If you have implemented your API in this manner, then it's quite possible that users of this API could use it to extend functionality or build something slightly different by passing in additional data.
However, if your API is built to where specific values must be passed and these fields are required, then it becomes much more difficult for your API to be used in a manner that differs from what you originally intended.
For example, Google has many different API's for different purposes, and each API has a very specific number of required parameters that a developer must use in order to make a successful HTTP request. While the goal of these API's are to allow developers to extend functionality, they do allow access to only very specific pieces of data.
Lastly, you can use authentication to prevent unauthorized access to your API. The specific implementation details depend largely on the platform you're working with as well as how the API will be used. For instance, if users must login to use services provided by your API, then a form of OAuth may suffice. However, if other servers will consume your API, then the authorization will have to take place in the HTTP headers.
For more information on API best practices, see 7 Rules of Thumb When You Build an API, and a slideshow from a Google Engineer titled How to Design a Good API and Why That Matters.