I'm trying to get access tokens from outside for bitrix24 and get information, but I need to do this within the business processes, how can I go about this.
I tried to run php in the server and pull data information that way, but I couldn't get any results.
Related
I'm using the LinkedIn api and would like to access companies but I'm running into a vague error that I haven't been able to figure out.
I'm using php and the php libracy 'Happyr\LinkedIn\LinkedIn' to access the API. My current application also has the 'rw_company_admin' permission attached to it.
When I make a call to the api endpoint '/v1/people/~:(id,first-name,last-name)', I get the correct response.
But when I make a call to the '/v1/companies?format=json&is-company-admin=true' endpoint I get the following error:
"Invalid company query request"
When I perform the exact same query in the LinkedIn Rest Console, I get the response I'm looking for. Any ideas?
Figured it out after hours of debugging.
The issue will probably be specific to the php package mentioned in the question. The LinkedIn library in use was automatically appending 'format=json' to the query call which sparked an error.
By removing the default output setting in the library, the call worked fine.
In my case, it was related to permissions of the application.
If you want to retrieve company list of the user, you should check rw_company_admin permission in the settings page of the application or give it to scope parameter. Then, you should get a new access token and make requests with it.
Using PHP and Curl, I've successfully gotten through the OAuth process to gain a token using the Linkedin API. When making an API call to get a listing of a specific company's job listings I get truncated and incorrect information back. I'm only getting 5 of the 7 job listings and one of them doesn't even exist when looking at the job listings on linkedin.com.
I've determined that this is not some caching issue on my side because my application data matches the data given by this tool: https://apigee.com/console/linkedin
This is the API call I'm making:
https://api.linkedin.com/v1/companies/{COMPANY_ID}/updates?event-type=job-posting&format=json
I think I may be using the wrong API call as it looks like I'm only getting updates and not the complete list of jobs. I can't find any other way to query for jobs though.
I want to make an app for this website: https://my.iusd.org/LoginParent.aspx
I wanted someone to just list the steps that I need to take to make an app that will let the user enter a username, password on the iDevice, and then pass those variables from the iDevice to that site ,so that if the authentication is correct, I can parse the data once the user logs in to show his or her grades.
If I need to make a separate php script to modify/pass variables to the site, how can I run the script for free without having to manage a server?
Thanks in advance.
I have a site that allow users to check their statistics (number of file uploaded, how many files they have, quotas, type of access etc...)
I create a section on my site: api.domain.com
This can be access via curl or a web browser since I am returning a json object or xml (depending on the user prefs)
My question is this: should I restrict the access using a user/pass or should I create a hash of the user file?
for example:
scenario 1:
The user create a php curl that sends user and pass via post or the curl auth and get back the results, parse it etc...
For me this is secure but the user has to maintain his script if they change their pass
scenario 2
The user access a file like: api.domain.com/j355HGssgf3HESAjh45jusf4325GSj5hbsHhdh5HGHFS3732he4548475wbe3447nSNe5XfgjhGJ and then access the data
This one, nothing to maintain
Here's my thoughts on this.
If you return a page not found or an error message (with a good 200 OK status) when a request is made to your page, it might send to bots or UN-trustable people a clue on what can they get and try again and again and again ...
On the other hand, if you send a access denied, like a 401, or better a 500 error code to simulate a server error, these bots or UN-trustable people might go away for good.
I will say the user/password method is a little more secure in this case.
Now, would you trust simply entering a big string (like scenario 2) when you check your mail? or your bank account information?
If it was me I would give each account the ability to create a unique api key,
api.domain.com/?key=<API.KEY>
for more security measure you could make it only accept connection via the post method with the api key. If contacted via get then show an error etc.
Then if they change their pass/username it won't affect their api key
I have made a custom ajax script to parse the JSON returned from the facebook graph API feed.
I have come to terms with the fact that the access token expires, so in order to get another one I can make a request to
https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id=APP_ID&client_secret=APP_SECURITY
where APP_ID is the app id and APP_SECURITY is the app security values registered with my facebook app development account.
However I'm worried, because I'm making these requests via ajax, therefore anybody with basic chrome/firebug knowledge could access my app_id, app_security and access_token variables (from now on known as 'The Variables') held within my javascript file.
I am unsure as to what users can do this this kind of information?
Does the access token provide purely a read-only JSON output of my facebook page? Or can this information be used for more malicious purposes?
Now: before anybody replies saying that I should use php to get fetch the JSON and parse etc... I cannot, because the customer requirement is to use ajax, for the obvious asynchronous benefits.
If the variables pose no threat to my facebook account and can be only used for read only purposes, then I'll get on with my programming!
If however they must be kept secure... How can I securely pass the variables to javascript in order to keep the variable hidden?
PS. I already have pre-written php scripts to attain the variables. Just after a method to keep them secure when passing to the javascript (if necessary)
Thanks
Alex
As Commented, Never Display APP_ID and APP_SECRET publicly.
Read This. You will find out a way to automatically find your access token using php.
Using this php file, make an ajax call to it, and it will return your new access token.