I am using react-leaflet with tile provider Stadia OSM bright. when I run it locally Is showing tiles but when I make build and upload to server It stops loading tiles and starts giving request 403 forbidden error. I have an API key but not finding any solution where to put it in the component. here is a code sample
render() {
const headeris = {"Authorization": "Stadia-Auth "+this.state.authkey}
return (
<LeafletMaps
center={[this.state.lat, this.state.lng]}
zoom={12}
maxZoom={17}
attributionControl={true}
zoomControl={true}
doubleClickZoom={true}
scrollWheelZoom={true}
dragging={true}
animate={true}
easeLinearity={0.5}
>
<TileLayer
url="https://tiles.stadiamaps.com/tiles/osm_bright/{z}/{x}/{y}{r}.png"
attribution= '© Stadia Maps, © OpenMapTiles © OpenStreetMap contributors'
/>
{this.state.markers.map((position, index) => (
<Marker
key={`marker-${index}`}
position={[position[0][4], position[0][5]]}
>
<Popup>
<p>{position[0][0]}</p>
<a href={`/admin/calender/${position[0][2]}`}>Book now</a>
</Popup>
</Marker>
))}
</LeafletMaps>
);
Section for other people
As mentioned you need to first register to get an API key if not developing locally. From your question I can see that you have done that and are asking where to insert the key once you have it.
Once registered you can
Add your website domain to the Stadia whitelist using the dashboard presented
However if like me you are not using a specific website, or location you may instead append the API key to the URL. NOTE: Rather than the usual ?apikey= syntax Stadia opts for the use of an underscore ?api_key= (this caught me out too!).
This means you need to change your code in the following way to get it to work:
<TileLayer
url="https://tiles.stadiamaps.com/tiles/osm_bright/
{z}/{x}/{y}{r}.png?api_key=your_api_key_goes_here"
<... rest of code ...>
Hopefully, that should solve your problem - good hacking!
general description and alternative solution (for quite complete solution regarding Api insertion see user2589273 answer below),
i've also been tricked at first but all resolved now. As Stadia Maps States in their Api keys page, "You can get started developing locally without any effort or cost. You can get started right away with a web server running on localhost or 127.0.0.1. Once you're ready to deploy, you can sign up for free". please refer to https://docs.stadiamaps.com/#api-keys ,
so you need to signup if you are using it in production, they have a free plan (up to 2500 requests per day for non commericals).
note that you don't need an api key, as they have another solution includes providing your domain name so they can track your traffic.
Stadiamaps also supports adding a domain next to API keys. When you create a property, you have the option to generate an API key or add a domain. When serving your website with javascript opt for the domain. As you generally don't want to expose your keys.
Related
I have a purchased license at fusion charts. Fusion charts document says here... https://www.fusioncharts.com/dev/upgrading/license-activation that i have to use this function call for applying license...
FusionCharts.options.license({
key: 'KEY_GOES_HERE',
creditLabel: false,
});
if i put my key in that anyone visiting my website can easily take it from view -> source of browser. how do i avoid it ? It is simple HTML website.
You can use either of the followings :
Instead of passing the keys directly in JS code, pass them via the environment, application variables. And add the env file to gitignore
Use Obfuscation for the key and JS code being used for license activation.
You can store the value of the key in your database & and fetch the data value so that the end-user is unable to access it.
If you know the domain/sub-domains where charts will be used, you can restrict the license keys to those domains by sending a request to sales#fusioncharts.com
As far as I know, there is no way to completely hide it from the frontend. The reason for this is that even if the key is hidden in some way when the request is made, the information has to exist and so the key could be found by looking at the request data.
What you wish to protect against determines how you should go about it. If you would just like to hide it from being picked up by webscrapers, then I would imagine encrypting it and then decrypting it before you send would be sufficient.
If you would like to protect against anyone stealing it, then the only way is to have a server act as a proxy. You would make a call to an API which would then use your API key on the backend, away from the prying eyes of users. Your backend API would then just return to the user the response from fusioncharts.
I'm trying to retrieve the 'estimated value' field displayed on the https://www.poppriceguide.com/ website so it can be displayed in a google sheets automatically.
Example URL: https://www.hobbydb.com/marketplaces/poppriceguide/catalog_items/iron-man-model-39
I've tried using the =IMPORTXML() function as such:
=IMPORTXML(https://www.hobbydb.com/marketplaces/poppriceguide/catalog_items/iron-man-model-39, /*[contains(concat( " ", #class, " " ), concat( " ", "value", " " ))])
with no success, seemingly to be caused because it is retrieved using Javascript.
Doing some research I found poppriceguide is using Hobbydb's API which according to Hobbydb should be available.
https://help.hobbydb.com/support/solutions/articles/36000265069-access-to-the-hobbydb-api
https://help.hobbydb.com/support/solutions/articles/36000263216-adding-estimated-values-and-other-data-to-your-own-site
Going through the network calls I found this API request, however when I do it separately it gives me an authentication failed.
https://www.hobbydb.com/api/price_guide?catalog_item_id=520170
Other API Requests do work however, for example:
https://www.hobbydb.com/api/catalog_items/323645
How would I go about retrieving the value so it can dynamically be displayed in a Google sheets?
The link you shared says
Let us know if you are interested in exploring co-operation and using the API. Please provide us with a good overview of your project.
This is likely to mean that the API requires authentication
It is also possible for the API to have certain endpoints that are free, which is why some seem to work. Yet with no publicly available documentation, there is no way to know which ones.
So unfortunately you will not be able to use Apps Script for this, you could look into some other web scraping software, maybe Puppeteer. Or try and apply for an API key from HobbyDB.
In golang, is there a way to pipe a variable to part of a web form?
For example, sending "123 Random St." to the Street address part of https://www.dominos.com/en/pages/order/#/locations/search/ and so on? I found pizza_party*, but the GUI used is no longer available, I have also found pizzadash**, but this uses a credit card where I want to use cash. I even found a list of golang ones, but the links that they use doesn't work anymore.***
Therefore, my goal is so: order a pizza in golang through the dominos website API!
NOTE: Please suggest a package or function with example!
NOTE: I do not want to make a web scraper/data getter.
NOTE: Your answer must work on at least one box of my linked website.
NOTE: I want to fill out links similar to the provided link from the linux command line.
*https://github.com/coryarcangel/Pizza-Party-0.1.b
**https://github.com/bhberson/pizzadash
***https://golanglibs.com/top?q=pizza
This is how you post any form values onto an online form. Provided you know the POST endpoint of the service.
func main():
resp, err := http.PostForm(targetPostUrlHere,
url.Values{"Service_Type": {"Delivery"},
"Address_Type_Select": {"House"},
"Street": {"123 E 24th St"},
"Address_Line_2": {"4D"},
"City": {"New York"},
"Region": {"NY"},
"Postal_Code": {"10027"}})
}
**Note: The field keys and values are guesstimates. You must inspect the actual key names expected in the form.
In your case, https://www.dominos.com/en/pages/order/ is an endpoint for the form page. Once the form is filled and submitted, the information is submitted using POST method akin to the code afore-mentioned to a dedicated CREATE endpoint (C in the CRUD), which normally can be found in the <form> html tag.
<form action="posttargetendpoint" method="POST">...</form>
Once the POST operation is successful, usually a web service would redirect you to another page. In your case, it is https://www.dominos.com/en/pages/order/#/section/Food/category/AllEntrees/
However, any good web service wouldn't expose the POST endpoint in the clear since it is the vulnerable point of attack. You're welcome to find out by inspect he Domino's page source and adjust the field values in the Go code accordingly.
Now to make a command line prompt to wrap around the PostForm code, I suggest you look into https://github.com/codegangsta/cli which is a very nice package for creating quick command line app.
I assume you mean pipe information originating from your backend to another site on behalf of a user?
The standard way of passing information between domains is via HTTP params, usually via a GET request, but this capability would need to be supported by established protocols the remote site. You can also use an iframe to embed the page of another site onto your page, however, you wouldn't be able to remotely interact, call JS code, or even query the page at all. Cross-domain security safeguards justifiably prohibit such capability, and generally speaking, interacting on behalf of the user via their browser is also restricted for security reasons.
However, if you're looking to emulate user behavior such as with a bot or web scraper from your own host or browser then that's a different story. There are tons of frameworks provide rich capability for interacting with a page. I'd recommend checking out Selenium, which acts as a virtual browser. There are also tons of libraries in Python for processing data from HTML and structured data. You might want to check out Beatiful Soup and Scrapy.
Hope this helps.
We have been using a MapQuest API key for a few years now but at some point in the last 24hrs or so the maps have stopped working and we are getting an error: "This key is not authorized for this service."
I logged in and it appeared our old key was removed and automatically generated a new key for the new Open Maps API.
I have since waited over an hour and still this new API key is giving this error message.
Does anyone know what the story is?
It seems like they have changed the URL for their API and failed to keep the old one operational. -Even in the AppKey manager they still reference the old URL yet looking in the new SDK documentation the API url has changed to a new subdomain.
To resolve my issue, I changed the URL for the MapQuest Javascript library from http(s)://mapquestapi.com/ to http(s)://open.mapquestapi.com/
You can use either http:// or https:// depending on whether you prefer performance or security.
The end result, at least for their Javascript SDK, should look something like this:
<script src="https://open.mapquestapi.com/sdk/js/v7.2.s/mqa.toolkit.js?key=<%= APIKey %>" type="text/javascript"></script>
EDIT: I also needed to use the new API key that was so kindly 'given' to me to replace the old one. Seems like they didn't pull all the old API keys accross and simply issued new ones to everone in response to their licensing changes.
i am using Bing map tiles in my Android application. I download tiles from http://h0.ortho.tiles.virtualearth.net/tiles/h<quadkey>.jpeg?g=131 and it works fine, but i understand that i need to append a token to this URL in order to make this operation legal (and ask some kind of special permission from Microsoft). It is all well explained here: http://blogs.msdn.com/b/virtualearth/archive/2008/04/29/tracking-virtual-earth-tile-usage.aspx. But this post is from 2008 and i found on msdn site that in 2012, token-auth system will be replaced with key auth system.
Does anybody know how can i perform the direct tile access with this new auth system?
Thanks in advance
Accessing tiles directly with key-based authentication can be accomplished like so:
Using the REST ‘Get Imagery Metadata’ service to obtain the tile URL format for the type of tiles you wish to display:
http://msdn.microsoft.com/en-us/library/ff701716.aspx
- For example, if you wish to display Road tiles, the following request could be used (taken from the above documentation): http://dev.virtualearth.net/REST/V1/Imagery/Metadata/Road?mapVersion=v1&output=xml&key=BingMapsKey
Within the response, the URL for tiles is returned, with a placeholder for the tile quadkey.
A new REST request should be issued each time the map viewer in the application is instantiated, or whenever the map type is changed (eg. You wish to switch to aerial or hybrid map style)
Your platform usage can then be tracked based on the calls to the REST service.