I wanted to integrate shopify into my software.It is a desktop application.
I had went through API Docs of shopify.
Those API's would properly bring up data from my sandbox account using API key and password.
Then i came accross 'API Authentication' in shopify.
After reading those docs i was confused.
The replies after step1(http://api.shopify.com/authentication.html) was not proper.
My question is do i really need Authentication to get API response?
If not then what is the purpose of 'API Authentication'.
Plz help me out.
Thanks in advance.
From the sounds of it you've generated a private application to get your api key and password, and are passing those credentials through basic auth (i.e. in the url). This is fine.
The authentication topic you found is for public apps that are installed into many shops. They deal with generating the auth token, which does the same job as the password you already have.
So sum up: Yes, you need to authenticate to the API in order to use it but you're already doing that by using the password from your private app. Don't worry about OAuth unless you're building a public app that will be installed into many shops.
Related
I have a question about fusionauth and its 2FA API.
we want to use 2fa in our app but only under some circumstances and not on every login.
I found that there is API to send a code via SMS but I can't seem to find an API to verify it.
can anyone help me?
I looked at the docs and there is only send and enable/disable no verify, can it be somewhere else?
The API does support a trust mode, but there is not currently a separate API for selective 2FA.
There is not an API to validate the code, instead you utilize the Two Factor Login API to complete the login process. This implicitly validates the code.
https://fusionauth.io/docs/v1/tech/apis/login#complete-two-factor-authentication
I cannot log in to shopify through an api.
I want to build a private app with a shopify api, and I just created a laravel project and connected it to shopify through an api. I am using 'ohmybrew' and wrote my api credentials in my config. I tried to log in through an api but I get an error as follows.
Oauth error invalid_request: The Shopify API application does not support oauth
I expected to go to my dashboard but it did not work. It's my first time to work with shopify, and I am baffled as to what to do. I would appreciate it if someone could tell me what I am doing wrong.
oAuth is well established. You could probably say almost all systems with a public API support oAuth. Shopify is no different from any of them, and they all follow the same pattern. So it seems your attempt to follow that pattern is incorrect. The best thing you can do then is to look up some tutorials on how to connect to an API using oAuth, with an emphasis on your scripting language so you can have some solid code examples to follow. Once you master oAuth, you'll be able to see your dashboard.
I am new to titanium and am trying to make a directory of contacts using Google Contact API. I have read up on it yet aren't seeing too many helpful examples. I know I need authentication yet I can't seem to figure out where to start. Any help is appreciated.
You may know some of this already but here's the broad strokes overview for others and an answer to your question (Any help is appreciated).
You need to create an (Google) account and register your project/application first in order to make requests for non-public user data. The request must include an access token. The token also identifies your application to Google.
In order to authenticate a user/application: You will need to Use OAuth 2.0 to authorize requests. You must register your project in the Google API Console and enable the Contacts API service in order to use OAuth 2.0.
To implement the OAuth protocol in a Titanium app you can follow along with the sample/tutorial in this blog post:
OAuth Login for Titanium
I am working with Bigcommerce api using oauth. I am currently in development phase. I have given auth callback url as
http://localhost:3000/resource_callback.
I am unable to get store hash in context. It is only sending scope, and code. What am I missing here? Just using http instead of https is the reason? Please help me with proper direction.
If you are receiving the Auth Callback Request but it only has code and scope query properties then the problem is how you are installing your app. At this time it is necessary to install an app directly through your store's Control Panel, rather than using a link to do the install (as is common with most oAuth implementations). The use of a link for the install is something that will likely be added in the future but oAuth on BC right now is geared towards public applications installed through the store.
That being said, it is possible to make oAuth credentials for a store even without making it a public application. Please follow the long answer seen on this question:
Can BigCommerce Private Apps use OAuth
This will cover the full process for generating oAuth API tokens from registering an app to installing into a store and beyond. Based on your question you should start at the Generate the Auth Callback Request section. If you follow the steps there then your Auth Callback Request will include the context property as well as the other two.
Update
You can now generate oAuth tokens in a store from Advanced Settings > API Accounts. As a result it is no longer necessary to install a draft app into a store for the sole purpose of generating oAuth tokens. You will still want to do this if you are developing an app for the BC App marketplace or developing a user interface for your app that you want to live in the Control Panel of the store.
Just went through the same thing. See here: Bigcommerce Authentication code. Let me know if you need more details. SSL is mandatory.
I've been researching PASTEBIN type API's that would enable storage of code snippets for a project I'm working on. The problem is that most if the API's I've found do not support edit/update of existing pastes.
I found that the Snipt.org API does support snippet updates. However, authentication for the snipt.org API is done using your Twitter account. The snipt.org API docs (https://code.google.com/p/snipt-org/wiki/REST_API_Docs?tm=6#Authorization) suggest using a GET '/auth' call (providing a Twitter uname/password in the URL) to obtain an API token to access the API. Is it just me or does this seem like a good way to compromise your Twitter credentials?
I have used other sites that authenticate via Twitter, but I get authenticated on the Twitter site first which in turn sends a token to the authorized app.
Well, obviously this API has some serious flaws.
But if you use https, the URLs of GET requests will get encrypted along the way. (But still get logged in the cache of your browser. do clear it.)
So if you really like snipt, you could use a new twitter account created simply for the purpose of authenticating to snipt.
It won't feel particularly good. And I have some serious doubts about the rest of their security code based on this part of the API. But I do not see how exactly your credentials could be stolen using this part of it by others than the snipt maintainers who already have access to your snipts. So if you protect only snipts with the credentials, and no tweets, you should be alright.