What URL should be used for the App and for redirect for the Smartsheet new app registration form?
I'm attempting to build a small app so I can learn about the smartsheet API, but I'm stuck at step 1. Should I just use the smartsheet developer portal?
I was thinking about using Postman for this purpose, but I don't know how to use postman. I will be working with Python and just want to code a small tool to GET smartsheet data. So which rabbithole do I go down?
If you're just wanting to explore the Smartsheet API and test out some API operations by sending requests and viewing the responses, then using Postman would be the easiest route to do that. Using Postman only requires that you assemble the API requests properly (i.e., correct headers, URIs, parameters, request body) -- it doesn't require you to do any actual coding (e.g., Python). Looks like the Postman Learning Center contains some info that'll help you get started with Postman.
Regarding app registration within Smartsheet -- if you're just creating a sample app that you're going to use to explore simple API requests (and not a real app that you're ever going to actually deploy to production), I think you can use any URL for App URL and App Redirect URL (e.g., you could get by with just using https://www.google.com). However, keep in mind that building an app is a lot more work than just using Postman to explore the API -- if you're only wanting to explore the API for now, I'd recommend starting with Postman. Then once you're familiar with the API, you can use that knowledge to build an app that submits API requests and processes the responses.
Related
Hi, I have a question concerning the implementation of Facebook Conversions API via Google Tag Manager Server-Side.
We are using DNN /EVOQ CMS which is a .net application.
Everything else is in place concerning Facebook Pixel and Business manager.
I also tested it on the Graph API and it worked fine.
It’s just the last step that is missing.
I know one way to implement the Facebook Conversions API is with Node.js Business SDK.
https://developers.facebook.com/docs/marketing-api/conversions-api/using-the-api
My Question:
If you use Google Tag Manager Server-Side, do you still need to add the Node.js Business SDK ?
Thanks in advance
The Node sdk is to send FB conversions directly to FB.
In your case, you send all the FB conversion info with the hit to your GTM endpoint and then you make a custom http request tag and retranslate all the info you've got from your backend into a proper FB conversion request.
That's pretty much it.
I need to call smartsheet api inside my web application. Browser is blocking request to smartsheet api with Access-Control-Allow-Origin error. what should I do?
Does smartsheet provide any way to call api inside another application?
Edit:
So I need to use node js module "smartsheet". After using that I am getting timeout error. If I call API using postman it works.
what should I do?
The Smartsheet API doesn't have support for CORS which is required to be able to reach out to the API directly from a browser. To be able to reach the Smartsheet API instead you would need to make a request from the backend of your web application on a server. The Javascript SDK is written in Node.js and is meant to be used on a server. It cannot be used directly in a browser. You could setup your own Node.js server with the Smartsheet Javascript SDK and have your application reach out from the browser back to your server. Then your server can make requests as needed to Smartsheet and return back the necessary data to the application running in the browser to present the dta to the user.
I have hosted my REST services on API management and consuming those in the Azure Web app service which consists of only HTML pages, javascript files and CSS files.
I would like to know how to restrict accessing the REST endpoints of the API management only from the web app without Azure AD and OAuth setup.
Client side application sources are by design available in clear text to anyone using it. Any user can open developer tools in browser and look at code you've written to make app work. So even if you secure your REST API with some secret and use it in app code to talk to that REST API anyone in the world will be able to take that secret our of the app and call your REST API directly, and you would have no way to distinguish their calls from calls made by your app.
OAuth and AAD would work to a certain extent but even they allow you to authenticate user, not the app. Same user can easily trace calls made by your app to REST API and reproduce them in any other app, and you again would have to way of figuring that out.
I think your best bet is to throttle calls made by a certain user identifying it any way you want (even if by IP address).
You can use Certificate authentication from web app to api management. The ssl certficate thumbprint on you web app you can validate in api management policy.
Documentation on the net seems to be VERY scarce. The only option I can think of at the moment
is to have my SPA app break convention and to have the (initial) logged out page be different to the logged in one (eg my app).
My app is built using Durandal 2.0.0.
In one of my OAuth tests app's I've managed to implement this link successfully. But as Durandal does not work in the same way (Server-side controller, & razor views), I'm thoroughly confused in how to achieve what I want to.
I'd like to have my app remain a single page app. But I've got little to no experience with the OAuth SDK
My only requirement is that the user log into my app using his FB account.
I've had an initial stab at this using the FB java script API, and got it working, but after discussions with another developer this side, it doesn't seem like the purpose of the java script API is to facilitate secure application login's? As the way we had it, would allow any user to pass a valid fb userId, then he would be logged into our app. :/
How would I go about achieving this process flow in a Durandal/Web API Single Page App?
User logs in using fb ->
then on the server we get his fb userId ->
retrieve our internal appID
I'm not asking for a complete answer/for someone to do my work....
But any documentation to get me started/less confused would be greatly appreciated.
Here is a sample project which demonstrates how to use OAuth with Durandal and Web API:
DurandalAuth.
However there are some modifications in viewmodels needed, since router changed in Durandal 2.0.0.
I'm implementing server-side interactions with YouTube and I'm a bit lost with the kind of Product/App you need to create in order to publish videos via the API for example.
Looking at the OAuth2 doc, it says that I need to register my app with the API Console (looks good so far, very similar to creating a Facebook App).
But then, I looked at the Google .NET library and here it says that a Product needs to be registered in the YouTube dashboard... Not sure to understand how these are complementary. If anyone has a synthetic explanation (which I didn't found in the docs), I would be grateful.
Thanks
I'm not 100% sure but I believe:
The YouTube Dashboard was originally setup prior to the announcement of YouTube API v3, which is yet to be released. You use the Dashboard to register your application and get a YT Dev Key. You can also use the Dashboard for some extremely low level application statistics.
The API Console is Google's attempt to form one administrative console for ALL of their APIs. Since Google is transistioning to oAuth 2 authorization, you will need to use the API console as well in order to apply for a clientID, redirectURI, and clientSecret if you want to authorize with oAuth 2.
At this time, if you do not want to use oAuth2 you do not need access to the API Console. However, know that in February of next year YouTube is going to kill all other forms of authorization (sub, clientLogin, oAuth1).
So to try and simplify things:
Use the API Console to get your oAuth2 in order
Use the YT Dashboard to get a YT Dev Key
In the future, when Google goes lives with YouTube API v3, you will probably want to switch to a new Dev Key from the API Console and leave the Dashboard all together.