The latest specification for connecting to the BigCommerce API recommends using OAuth since the simple auth method will soon be deprecated.
I have been using the BigCommerce API within some PHP scripts that access the Store API for my store. These scripts do relatively simple things like update product names, update product prices, etc.
I'm confused as to how I transfer these scripts over to use the new OAuth system. Everything I am reading makes it seem like OAuth is based around developing an actual app that a user installs and authorizes to access their store. However, this is clearly not my use case, and has left me very confused.
A simple example would be a script to retrieve products from my store. I would simply run this code in a PHP file:
Bigcommerce::configure(array(
'store_url' => 'https://www.my-store.com',
'username' => 'my_username',
'api_key' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'
));
Bigcommerce::setCipher('RC4-SHA');
Bigcommerce::verifyPeer(false);
Bigcommmerce::getProducts();
How can I achieve this same thing using OAuth? Is it even possible?
I would probably create a quick "app" to get a Client ID, Client Secret & Token. Then use those credentials for authentication externally. So you would install an "authentication app" but execute your code from outside of BC.
Note that this is not that different from how an installed app that is iframed in works.
PS, I have not actually tried this but in theory it should work.
I realize this may be a bit off-topic as I see you're using PHP and my experience has been with C# but thought I'd add my comments on the issue so maybe someone will benefit:
I've been working on this same type of oauth token issue and the docs haven't been much help, but once I got going I finally managed to get the app setup by creating my SSL callback page locally on my server. Once I specified that URL in the app settings I was all set. The caveat being I had to do perform the 'install' from the server itself since it wasn't a public URL while logged into BC as the store owner. I was then able to get the temporary token from the querystring and post back to https://login.bigcommerce.com/oauth2/token and obtain the permanent token from the response stream.
One thing their API rep did mention that may be of interest is that eventually you're going to need to refresh the 'permanent' token every 60-90 days or so once they get their end in order.
#developerscott is perfectly correct, but just to add on to your question on how to achieve the same thing as your code using oAuth with the BC PHP API SDK
Once you have an oAuth access token and the client_id of an app you created, you can use them to utilize oAuth in your PHP scripts. You just need to provide those credentials into the Bigcommerce::configure() method like so, instead of the username and api_key properties:
Bigcommerce::configure(array(
'store_hash' => 'abcdef',
'client_id' => '123xxxx321',
'auth_token' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'
));
Bigcommerce::setCipher('RC4-SHA');
Bigcommerce::verifyPeer(false);
Bigcommmerce::getProducts();
Related
I would like to implement Instagram for a Wordpress plugin.
This plugin will allow user to display instagram images with comments, likes, etc... I would like to use different source like user, tags, etc... There will be no interaction with like, comment system. It's just a plugin to display an instagram grid.
However I don't understand what is the right way to use the new API. On the instagram developer guide it's mentioned that the new API will be limited for the number of connections, etc... I don't know if it can concern my case for the plugin I want to develop.
To sum up, does the access token is enough to do what I want or do I need to use the API like this wrapper class with 'api Key', 'api Secret', 'api Callback'. It seems that information can be retrieve in different way but I don't understand what I should use. Or do I need to create an APP?
Maybe these questions can seem stupid but I'm not fluent in English and the developer guide of instagram is just not clear for me about the way I should use instagram for authentication/connection with any user.
I hope someone can guide me a little bit.
There is 2 ways you can approach this problem.
1) The plugin requires each user to register their own app with Instagram.
This means each user who installs the plugin would need to go through the app review process. Plus you would need to provide away for the users to supply their client_id, client_secret and a callback. Essentially you write the code to make everything work but the complexity of configuring the OAuth flow is still up to your users.
2) You register your plugin as an app with Instagram and make requests on your users behalf.
This is the intent of OAuth and Instagrams new API updates. This will also push all the complexity to you the plugin author. Since this is open code you will need to figure out away to keep your client_secret secure. One solution could be running a service for your plugin that handles the OAuth flow. You might also have API limit concerns depending upon your plugin adoption and usage.
I am using the YouTube api v3 to retrieve a list of videos using the example at https://developers.google.com/youtube/v3/code_samples/php#retrieve_my_uploads
I open the page, the app asks for authorisation. I click the link to authorise, select my gmail account and I get the listing.
The problem is when i go back to the app even only a few seconds later, I have to authorise the app again.
I thought once the app was authorised you could exchange a token for a refresh token.
Is there anywhere that shows some code how to get a refresh token as the documentation or any reference to it online is very poor.
I really need some help getting this working as i've been trying for the last couple weeks and getting nowhere.
I have a long-winded answer, but it should be a big help. I had the same issue with the poor documentation and I am also trying to get a list of videos from a playlist for my project. The API v3 just magically started working for me after struggling for the past couple days, here is what I did.
First was actually getting the API key. I'm sure you've been in the Google Developers Console by now, but just in case here is what to do for this step:
Create a project in Google Developers Console
Enable the YouTube Data API v3 API
Under "Credentials", if you had the same issue as me, you can create a new Client ID but not an API key.
This is a major problem because you need an API key to make simple data requests without authorization, e.g., getting a list of videos from a playlist. To get an API key, go back to the "APIs" section, click on "YouTube Data API v3", and here is the screen with the loading indicator that never loads anything. However you can click on "Quota" here and it takes you to the older version of the Developers Console.
From this older version, you can go to "API Access" and add your Simple API Access keys (the API keys work on this older version, but not on the new version of Developers Console). I could be wrong about this but I think "Create new Server key..." is for server-side languages like PHP, and "Create new Browser key..." is for client-side languages like Javascript. There are also buttons for Android and iOS keys, but I assume you don't need those. Anyway, I'm using cURL in PHP and the Server key worked for me, I have it set to allow any referrers while my project is still in development.
Once you get your Key for server apps under Simple API Access, it might be a while before any requests using the key actually work. For me, my script didn't work for about 4-5 hours (I think Google is having real issues with their servers this week, which is also why I had to "trick" it into giving me an API key. And it's probably why the "Credentials" page doesn't load anything).
Now use the tool on https://developers.google.com/apis-explorer/#p/youtube/v3/youtube.playlists.list to help create your GET request. Enter "snippet" in the part field and an integer for maxResults if necessary. Then get the ID of a playlist from the URL on Youtube. For example, Conan's "Clueless Gamer" series is https://www.youtube.com/playlist?list=PLVL8S3lUHf0RqD7TZ6hohWk8Sd3asaqnY, so the ID is PLVL8S3lUHf0RqD7TZ6hohWk8Sd3asaqnY. Then click Execute.
Now it will give you the GET Request, something like
GET https://www.googleapis.com/youtube/v3/playlists?part=snippet&id=PLVL8S3lUHf0RqD7TZ6hohWk8Sd3asaqnY&maxResults=20&key={YOUR_API_KEY}
X-JavaScript-User-Agent: Google APIs Explorer
Just take the URL after the word GET and replace {YOUR_API_KEY} with your API key.
Now you can use this URL in a cURL request, like so, where $request_url is the URL from above with your API key in it:
//http://codular.com/curl-with-php
// Get cURL resource
$curl = curl_init();
// Set some options - we are passing in a useragent too here
curl_setopt_array($curl, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => $request_url,
CURLOPT_USERAGENT => 'Codular Sample cURL Request'
));
// Send the request & save response to $resp
$resp = curl_exec($curl);
// Close request to clear up some resources
curl_close($curl);
Now $resp will hold a JSON string that you can parse through and get the data for that playlist's videos. I'll leave the JSON parsing up to you, but that's how you get data similar to the old gdata way in v2. And no authentication :)
It might report an error back that your API key isn't authorized, in which case you'll need to wait several hours. Again, I think Google has been having real server issues lately so be patient; it's not your script that doesn't work, it's Google ;)
I will note that
$resp = file_get_contents($request_url);
seems to work as well, but I honestly don't know which method is "better" between cURL and file_get_contents().
Took me ages to work this out as I couldn't find any examples on how to do this easily.
It turned out that I need to create a POST request to get an access code and refresh token and this was achieved with using Curlfrom the command line
url --data "code=AUHROISATON_CODE&client_id=CLIENT_ID.apps.googleusercontent.com&client_secret=CLINET_SECRET&redirect_uri=http://www.example.com&grant_type=authorization_code" https://accounts.google.com/o/oauth2/token
After a few errors such as 'Missing grant_type', 'Invalid code' it now works.
I revoked access to the app, ran the following GET request (taken from https://developers.google.com/accounts/docs/OAuth2WebServer#formingtheurl) to get the code and was able to use the code in the above Curl statement
https://accounts.google.com/o/oauth2/auth?
scope=https://www.googleapis.com/auth/youtube&
state=security_token%3D138r5719ru3e1%26url%3Dhttps://oa2cb.example.com/myHome&
redirect_uri=https%3A%2F%2Foauth2-login-demo.appspot.com%2Fcode&,
response_type=code&
client_id=812741506391.apps.googleusercontent.com&
approval_prompt=force
I'm trying to use the Paypal Permissions SDK: https://github.com/paypal/permissions-sdk-php
And in particular their code snippet:
// Pass in a dynamically created API credential object
$cred = new PPCertificateCredential("username", "password", "path-to-pem-file");
$cred->setThirdPartyAuthorization(new PPTokenAuthorization("accessToken", "tokenSecret"));
$response = $permissions->RequestPermissions($request, $cred);
However, I do not have an "accessToken" or "tokenSecret" and if I understand correctly, you need to use the Permissions API to retrieve those in the first place. Infinite loop???
Am I misunderstanding something?
or is there another way to call the API using dynamically set credentials?
or is their documentation incorrect?
I haven't made the permissions work 100% yet, but I have obtained the token and token_secret.
In the Permissions SDK, cd samples and do composer update. Than update your API credentials and run the samples to get the token and token_secret of third party merchant - no PEM file required there (the samples work, all code is there).
The certificate is needed later (I think, working on this now), when you need to use previously obtained permissions to create a single use authorisation in order to create a token.
BTW, I am really disappointed with PayPal documentation regarding these features. I've been having trouble setting this up for a couple of days already. And The Permissions SDK GitHub page contains bugs in samples..!
I am trying to get a list of all Google Apps users of a domain onto a public PHP website (without visitors of the site needing to login or do anything). I have a basic understanding of what needs to happen but can't quite piece it all together. It can't be as hard as it seems to me... could it?
Authentication and Authorization:
I'm pretty sure it needs to use OAuth 2.0 ... but am unsure whether it needs 2 legged or 3 legged. I got another section of the site working with ClientLogin but that won't pull in Google Apps profiles, only user's first and last names (I need the other profile fields). I have set up the API access within the account and have that side of things all set (I believe).
I have found this page, which shows how to construct a URL request to get all Profiles (in every language except PHP of course) but don't understand how to implement this.
http://code.google.com/googleapps/domain/profiles/developers_guide.html
I also tried this example but it just gives me a 401 after I enter the credentials. http://gdatatips.blogspot.com/2008/11/2-legged-oauth-in-php.html
I don't know which frameworks or includes are needed to accomplish this either. I have tried zend, OAuth.php and a whole bunch of other bootstraps... but keep getting lost as to what each is doing.
If someone could help me by outlining:
Which files/framework I need to upload and include as a bootstrap
What variables within those files I need to update with the Google credentials
How I integrate the Google Profiles "Retrieve all Profiles" request with PHP
An ELI5 (explain it like i'm 5) overview would be very much appreciated... I'm sorry for my apparent incompetence, but I have been reading articles for nearly a week and have not gotten anywhere.
Thank you in advance for any help provided.
Good question.
You'll need to implement the Google OAuth 2.0 process as it's described here (experimental?), because someone (you) will need to give your app the initial permissions to access Google Apps API. Steps are:
Register your domain with google (don't remember the link)
Redirect/send browser to an authentication url: https://accounts.google.com/o/oauth2/auth, with the appropriate request params (see the first link). You'll need access_type=offline, your scope would be https://apps-apis.google.com/a/feeds/user/
Get a code back, then exchange for a refresh_token, an access_token, and a value specifying when the access_token will expire. Store these in a database
Whenever you need to make an API call, check if your access_token has expired or not, and refresh when necessary, which is what the refresh_token is for. The refresh_token is valid as long as you don't revoke the access you gave to the app.
OAuth Playground helps a lot. Good luck.
On my company's website we have a display of 40 100px X 100px images that represent the projects that we have been involved in. We have more like 150 projects, but only 40 are displayed on the homepage and the selection of the 40 is random. See Example Here.
We also have an Update page which sorts these 40 projects by the date they were added. See Here.
In both cases the data is pulled from a PHP MySQL database and displayed as so on the website.
We are hoping to get a twitter presence as well as re-developing our website and I was wondering:
Is there a way to link twitter to the update page, so when I add a new project to the database, or update an existing project it automatically tweets about the new project?
Thanks in advance
It's definitely possible to do; however, since twitter turned off Basic Auth, you'll need to setup a twitter 'app' that you'll grant access to (oAuth) then use that to post. It adds a bit of complexity, but it shouldn't stop you.
Of course, if your CMS can provide an RSS feed of updates/additions (perhaps based on that update page), you could use one of the many RSS to Twitter posting services.
I'm a big fan of the way you can pick and chose Zend Framework's components, so I'd probably use Zend_Service_Twitter for something like this; however, the concept is similar on any Twitter library (or even just interfacing directly with Twitter, but that seems like unnecessary work).
First - as mentioned - you'll need tosetup an app on Twitter. The developer site should help there. You'll also need to **grant your new app access to the account you'll be posting to, what you need is an oAuth access token.
The access token is used for read/write, you'll use it to setup the Twitter library (again, an example from Zend's documentation, but it should be similar to other libraries):
$twitter = new Zend_Service_Twitter(array(
'username' => 'johndoe',
'accessToken' => $token
));
Then use whatever data the CMS provieds to create the 'update' post. Maybe something like this:
$status = "We just updated $projectName, check it out: $projectShortLink";
$response = $twitter->status->update($status);
Of course you'll need to make sure that's under the 140 limit.
It's pretty simple, the real overhead is setting up an 'app' and getting the oAuth token You'll need a simple one time script to request and retrieve the token (Zend's documentation gives examples) Or you could request permission for xAuth, but that seems a bit over the top for your application..
One potential benefit - since you're creating an app, you get to pick the 'via AppName' that's displayed in various clients.