I want to develop a personal finance software in windows8, users can login by facebook or twitter account, where can I store users' data? Should I have a server or some other safe place can store the personal finance data?
I'd suggest you use the Azure cloud service, it looks very simple to add to windows store apps http://www.windowsazure.com/en-us/develop/mobile/tutorials/get-started/.
Also data security is MUCH harder than you first think, I'd consider making sure the data is encrypted wherever its stored as this is so sensitive.
Related
We are working on a system which retrieves data from customers' Shopify shops and provides some services based on this data. In order to make it as convenient as possible for an end-user we would like to update this data on a daily\weekly\monthly basis.
For now we only came up with a solution of implementing unlisted app, prompt a user to provide all necessary permissions for the app to access their shops and fetch the data. But the token we get doesn't seem to be valid for a long time and we probably won't be able to reuse it a day later.
We appreciate it if you can share any success cases of implementing this kind of approach.
You provide an App to the merchant they can install using oAuth. When the merchant is prompted to approve the App, Shopify will then provide your App with a long-lived access token you can use as much as you want, for as long as you want. I use a custom App from my Partner App dashboard to create these kinds of one-off Apps. It is superior to the one where the merchant has to tick off scopes and permissions IMO.
There are two kinds of token you can ask for and receive. One is considered for offline access, or long-lived. It works for everything. It is for webhooks as an example, or other access where no person is involved. But, there is also, online access tokens! Say a person clicks into the App from Shopify to do some work. You can request an online token for them to do their thing, and that token is only good for say 24 hours.
So you have options!
I'm new to Xero API's and I'm trying to understand a thing.
In my Company we currently have various different “organisations” within Xero, and this number will be growing in the near future.
We also have a 3rd party web application we use for technical and management data – to which we now would like to add financial data, mostly in the form of exported Xero reports.
We had been looking at the API functionality – however as I understand it Xero is unable to grant a subset of permissions to API calls – i.e. anyone with API access would have the same level of access a standard user – so aside from being able to pull the reports we require, they would also have access to all other data, such as transactional data, account numbers, creation and deletion of invoices etc. etc. Please can you confirm whether this would be the case?
In short terms: we need to restrict the API calls to the reports only, is this possible?
If not, does Xero have a functionality where reports can be automatically exported to an external location – such as a cloud service or an FTP site or similar?
Many thanks in advance
You're correct. Once you connect an app to the API it has access to all the accounting endpoints. Payroll endpoints are the only ones that require additional scopes.
And no, unfortunately there's no way to schedule report exports either. Sorry!
I have a web application backend for my clients web site. Authorised staff can log in to the backend and view data.
I want to pull some data from Google Analytics to be viewed in the backend, but GA seems to insist that the user is logged in to their Google account themselves using OAuth2
I want to be able to authenticate the server not the user. They already have permission and it seems unnecessary and possibly intrusive to ask them to link their Google accounts to the GA account and possibly even have to create one first.
The server already has to supply a client id, client secret and an api key, so it's not as if there isn't already an authenticated connection.
I'm guessing that there must be a way to pass the Google Analytics account credentials to OAuth2 somehow but I am not that familiar with OAuth2
Is this possible and how would it be done. A simple example or a nudge in the right direction would be appreciated
There are similar questions around but the ones I have found do not answer my question in the way I need.
Yes you need to store the authentication, but you may be able to use Google Analytics Super Proxy for your needs. At the very least you can see its code on how it stores the authentication.
You authenticate once, input the data you need scheduled from the GA Reporting API, then take the data feed and use it to build charts in your intranet. Any user can view those charts without needing to login to GA themselves.
I am building an app using the ESPN API and I have run through all of the APIs, using all that I can. It's going to be a big, deep app, with relational connections between stories.
What I'm wondering is if there is anyway to allow the users to log in to their espn.go.com accounts via OAuth or the like?
This would be really convenient so that users can access their sports preferences, etc.. If not I can always use another backend provided to store user accounts / preferences. But I'd really like to be able to sync with their actual ESPN accounts.
Looking forward to the answer!
Cheers,
//MD
There currently is no public OAuth implementation for the ESPN API platform.
We're building a multi-tenant SAAS web-application. Our tenants want the option to accept credit card payments for the various products that we allow them to market through our application. To support this we will require that the tenant has their own Braintree account. The tenant provides us with their Braintree API keys through our app. We then use those API keys to interact with their Braintree account on their behalf (card storage, card verification and basic transactions).
This model is the same as the model used by the existing Braintree customers WooThemes, Goodsie, TutorTrove and many more.
We need to record the tenant's API info (merchant ID, public API key and private API key) for this all to work.
My questions are:
Can we simply store this information in our application database?
Does storing this information affect the PCI/DSS scope of us or our tenants?
If we can't store the information in raw form, what is an appropriate storage form?
Note: we have contacted Braintree directly with this same question, but we didn't think it would hurt to get other opinions as well :).
Cheers,
Sam
IMHO, Please note that you will be [if not, should be] having tenant based crypt keys [each tenant can configure their own crytographic algorithm and the keys => SAAS Cusomization], Please do encrypt the AuthorizationId using the tenant specific keys and then persist in the database. These kind of sensitive data should be secured and you should have a note stating that you are maintaining these keys in the database so that the tenant's can opt out if not required and manually enter the key whenever required. This will ensure safety. By the way is your application using SSL.
Please do share your thoughts on this suggestion
So Braintree responded to this question with:
So long as your system is PCI compliant, and your merchants are aware
that their API keys are stored on your server, then you should be
fine. How you store the integration API keys is completely up to you,
and [we] don’t really have any best practices to offer.
So, it doesn't seem like this case affects the PCI/DSS scope of our product, and it seems we are free to choose an appropriate way to store the private API keys that we obtain (saravanan's suggestion is one possible option).