Open documents in browser with zoho api - api

HI im trying to integrate zoho into my website and open a document in browser
Im using Wamp server.
This the code im trying to work with:
<html>
<head>
</head>
<body>
<form method="POST" action="http(s)://export.writer.zoho.com/remotedoc.im" target="_self"
accept-charset="UTF-8">
<input type="hidden" name="url" value="http://localhost/paper.doc">
<input type="hidden" name="apikey" value="here goes api key">
<input type="hidden" name="output" value="url">
<input type="hidden" name="mode" value="normaledit">
<input type="hidden" name="filename" value="paper.doc">
<input type="hidden" name="lang" value="en">
<input type="hidden" name="skey" value="here goes secret value">
<input type="hidden" name="id" value="12345678">
<input type="hidden" name="format" value="doc">
<input type="hidden" name="saveurl" value="http://localhost/save.php">
<input type="submit" name="submit" value="Open/Edit">
</form>
</body>
</html>
I dont know i get this error:
Forbidden
You don't have permission to access /http(s)://export.writer.zoho.com/remotedoc.im on this server.
I have entered the api key correctly and the secret key
Im just confused and stuck here.Im blocked
Here is the documentation : http://apihelp.wiki.zoho.com/Open-Document.html

You have taken the (s) out of the url right? I know it might seem like a silly question but I thought I should check in case you had overlooked it. The url resolves for me and gives an 'api key is invalid' warning.
The error given would seem to indicate the browser thinks its a relative instead of absolute url.

I dont know much more about ZOHO but i also want to implement this in my project in future. As i read in https://apihelp.wiki.zoho.com/Open-Document.html#mfs it says that saveurl must be publicly accessible and if it not accessible publicly it gives an error and localhost is not publicly accessible so it gives an error.

Related

When using boto3.client('s3').generate_presigned_post to generate an URL for a file upload via form submit an error from AWS occurs

As mentioned in this question's title, when using the boto3.client('s3').generate_presigned_post to generate an upload URL as per here and injecting the response of the function into the following form:
<form class="s3-upload" action="URL_VALUE" method="post" enctype="multipart/form-data">
<input type="hidden" name="key" value="VALUE"/>
<input type="hidden" name="AWSAccessKeyId" value="VALUE"/>
<input type="hidden" name="policy" value="VALUE"/>
<input type="hidden" name="signature" value="VALUE"/>
<input type="hidden" name="success_action_redirect" value="VALUE"/>
<input type="file" name="file" class="upload-input">
<p class="drag-text">Drag your file here or click in this area.</p>
<button id="uploadS3" type="submit" title="">Upload</button>
</form>
I receive the following error from AWS: The AWS Access Key Id you provided does not exist in our records.
The application runs inside a docker on AWS Fargate and has an AWS role attached to it. This must probably have something to do with the solution because the whole functionality works fine on my local machine. Furthermore, all other AWS related operations with S3 (also with SQS) work fine with that AWS Fargate/AWS role setting. I'm looking forward to any suggestions about what to do.

How can I send this POST request with cURL?

Here is the HTML code
<form method="POST" action="https://testnet.demo.example.org/api/v1/invoices">
<input type="hidden" name="storeId" value="LLKZz9dtP7DYvEUDq73K59EKvjMWox7nvnUhfCGMKsux" />
<input type="hidden" name="price" value="10" />
<input type="hidden" name="currency" value="USD" />
<input type="image" class="submit" name="submit">
</form>
When I click the "submit" button, it redirects me to a random url like this,
https://testnet.demo.example.org/invoice?id=KuVFG7YFmfArccjkmBPhyg
How can I send this POST request using command line using cURL and get that random invoice url?
Here is the command:
curl --verbose --request "POST" "https://testnet.demo.example.org/api/v1/invoices?storeId=LLKZz9dtP7DYvEUDq73K59EKvjMWox7nvnUhfCGMKsux&price=10&currency=USD"
You can always use tools like this curl-builder, but I highly suggest to use tools like Postman to make api calls.

Fastlink Landing page is not getting rendered

I am working on implementing Fastlink 2.0 integration for aggregation and IAV for my application. I am able to get the oauth token for both Aggregation and IAV but when I am using it along with the required parameters to render the Fastlink landing page I am getting the response as Cannot get resource.
The steps I followed are as below:
Logged in with Cobrand username and password and got the cobrandSessionToken (e.g. 08062013_0:26fe011eff898dc0babb8b54fad90ac522e753c6e4d29b7329eeb67e57b760975a9918d8a913c83a910199e6f1b9dd15652532011100010328dad2e6b29f49b3).
Using the demo username/password got the userSessionToken (e.g. 08062013_0:d1958fca493a02fadcad93019ba44bd3563cc4cb437331c60b3df77a4e353ed2137ba641c879a6736a112d613a146438f45fc8a5f5540ffb65ec17dee42fee46 )
Using the cobrandSession token, rsession(userSession) token and 10003600 (aggregation) as finappId got the oauth token.
Using the token generated in Step 3, rsession(userSession) token generated in Step 2 and app (i.e., finappId) invoke the Yodlee Fastlink using the following url.
https://node.developer.yodlee.com/authenticate/restserver
Complete url:
https://node.developer.yodlee.com/authenticate/restserver?app%3D10003600%26rsession%3D08062013_0%3A03cfae2bd46624e71b1306cbe9730a8f92085c28657f271f9fa84bf17ccf566428be4da399c2a995e95d1c5527442735398a49d96007826b3a2af118d7b53dc1%26token%3Db3298792d5a43473fa2434ae9c6453dffd74392b4ae0608a75b40922ca3d5325%26redirectReq%3Dtrue%26extraParams%3D
Kindly help if somebody knows how to resolve this
Thanks
You need to submit this as an HTML Form post, this is not a REST GET request. This means it will not work if you just append it to the URL and try to get it.
Here is the HTML Form you can replace the respective values-
<div class='center processText'>Processing...</div><div>
<form action='<nodeURL>' method='post' id='rsessionPost'>
RSession : <input type='text' name='rsession' placeholder='rsession' value='06142015_0:9d2817f2164ef0720282fd680c882b188b776d93e4af03155b0508a09ae8e274f0caab5d2d6819bee2ec69c85044410acb356807ba69ecd3e6e28643120dab61' id='rsession'/><br/>
FinappId : <input type='text' name='app' placeholder='FinappId' value='10003620' id='finappId'/><br/>
Redirect : <input type='text' name='redirectReq' placeholder='true/false' value='true'/><br/>
Token : <input type='text' name='token' placeholder='token' value='6ea1ef4aaa1ec923aba38b911a45cbe0019a387837b0a83738ec40a8c9a24613' id='token'/><br/>
Extra Params : <input type='text' name='extraParams' placeholer='Extra Params' value='' id='extraParams'/><br/></form></div>
<script>document.getElementById('rsessionPost').submit();</script>
As advised by Apoorv, this can only be done through HTML form post. If you set redirectReq as FALSE and do a HTTP Post you will get the FinAppURL, but the url will never work. If you need to display fastLink 2.0 inside iframe you can can achieve it by setting the form target to the iframe as shown below.
<div style="visibility: hidden">
<form action="https://auyirestnode.stage.yodleeinteractive.com/authenticate/private-ausandbox16/?channelAppName=auyirestmaster" method="post" name="rsessionPost" id="rsessionPost" target="yodleeIframe">
<input style="visibility: hidden" type="text" name="rsession" placeholder="rsession" value="#Model.RSession" id="rsession" /><br />
<input style="visibility: hidden" type="text" name="app" placeholder="FinappId" value="10003600" id="finappId" /><br />
<input style="visibility: hidden" type="text" name="redirectReq" placeholder="true/false" value="true" /><br />
<input style="visibility: hidden" type="text" name="token" placeholder="token" value="#Model.Token" id="token" /><br />
<input style="visibility: hidden" type="text" name="extraParams" placeholer="Extra Params" value="#Model.ExtraParams" id="extraParams"/>
</form>

Google Custom Search with SEO URL

Well i have this search engine into my site
<form action="/apps/search/" name="g_search" id="cse-search-box" method="post">
<input type="hidden" name="cof" value="FORID:11;NB:1" />
<input type="hidden" name="ie" value="utf-8" />
<input type="text" autocomplete="off" name="google_seach" class="search-text" onfocus="searchtext('focus')" onblur="searchtext('blur')" />
<label style="color:#796b6b;float:left;padding:0;">|</label>
<input type="submit" style="float:right;margin-top:3px;cursor:pointer;width:16px;height:16px;background:url(/template/img/main/search-icon.jpg);border:none;" value="" alt="Αναζήτηση" title="Αναζήτηση" />
</form>
Now i want some code to results page.Somehow the post request readed from a file called search.php
This file have access to $_POST[] array..
The file initializes $selector variable (for template use).
What we want to echo into contentarea div must put into $body variable..
Any help?
<?php
$selector="search";
$body="<div id=\"cse-search-form\" style=\"width: 100%;\">Loading</div>";
?>
I have a similar issue, just use GCS code provide by Google as it easy, make sure in the option in GSE you select to visualize the search result on your page and not an Iframe

using paypals html api is safe?

im trying out paypals html api where you specify price, item_name, customer information and so on in the html:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" id="payPalForm">
<input type="hidden" name="cmd" value="_cart" />
<input type="hidden" name="upload" value="1" />
<input type="hidden" name="no_note" value="1" />
<input type="hidden" name="business" value="your#paypalaccount.com" />
<input type="hidden" name="currency_code" value="SEK" />
<input type="hidden" name="return" value="http://freelanceswitch.com/payment-complete/" />
<input type="hidden" name="tax_rate" value="25" />
<input type="hidden" name="item_name_1" value="Apple Macpro" />
<input type="hidden" name="item_number_1" value="01 - Product 1" />
<input type="hidden" name="amount_1" value="25000" />
<input type="hidden" name="item_name_2" value="Apple Macbook" />
<input type="hidden" name="item_number_2" value="02 - Product 2" />
<input type="hidden" name="amount_2" value="12500" />
<input type="hidden" name="item_name_3" value="Apple Macbook Air" />
<input type="hidden" name="item_number_3" value="03 - Product 3" />
<input type="hidden" name="amount_3" value="12500" />
<input type="submit" name="Submit" value="Submit" />
</form>
when the user clicks submit it takes him/her to paypals payment page.
but doesn't this mean that a hacker could change the order by manipulating the html code?
i can´t figure out how paypal prevents this security problem.
Of course, it does appear as if someone could just change the HTML and re-submit the form.
I'm not sure about PayPal, but Google Checkout handles this by instead of setting HTML, it gets you to create XML, encrypt it using your merchant key, and use the encrypted string in your HTML to pass across to Google. Google then decrypts it using your merchant key and voila - tamper-free.
Have a look in PayPal's documentation for something along the lines of "cart signing" or "request encryption." They may also do a callback to your server, telling you what was sent and you can compare it to your database to see if the prices are still correct.
If this is anything like other html integrations, there should be a callback directly from Paypal to your server with all the fields that were entered. You can compare these to see if any have changed. There are usually various security mechanisms such as a shared hidden key so that you can validate that the callback is genuine.
It doesn't seem like it is safe by itself. On Paypal's Securing Your Website Payments Standard Buttons page, they talk about being able to create protected payment buttons. However further on they indicate that it doesn't work if Javascript is disabled which makes the protection useless! Then they talk about other manual processes that can be performed including reconciliation and instant notifications which should occur in any sound accounting process anyway.
Encrypted website payments really seems like the only secure option to me.