Uber Eats API scopes - uber-api

I'm following the Uber Eats API documentation and i'm having trouble with it. I want it to work with my point of sale web app.
The documentation say:
To generate a client credentials token, retrieve your client_id and client_secret for your app from the developer dashboard...
But when trying to generate client credentials it shows:
Sorry, Can't generate an access token, make sure you have checked at least one scope which is allowed to generate access token using client credentials.
But there are no items available for selection in the developers dashboard.
Documentation: https://developer.uber.com/docs/eats/guides/authentication#example-request
Dashboard: https://developer.uber.com/dashboard/

You have to contact the person who provided the accounts to activate them. I think only they can do it.

Related

Graph API: Using client_credential grant type to read my or another signed-in user profile

I thought it would be simple to use Graph API to read my own user profile or another signed-in user profile but no luck so far.
I created an Azure app with only the following:
a) Client Secret
b) Delegated API permission of User.Read only
I then used the following simple code to try to read my own profile but it returned (400) Bad Request even though I can see that a token was returned successfully.
I was wondering if I could use the same Azure app to read another user's profile provided that a sign-in prompt could be created to switch account.
Any thoughts?
The me endpoint requires a user context. You're using the client credentials grant type, which is for client apps to use in an app-only context. The app has no awareness of who "me" is, or what "your" profile is because you haven't provided a user.
For the app to read the profiles of other users in the client credentials flow, you need to add one of the MS Graph application-type permissions, and send a request to the https://graph.microsoft.com/v1.0/users enpoint
Get user API endpoint

How oAuth is related to user account

I went through the documentation of smartsheet api third party authentication.
Steps are :
1. Register into developer tool.
2. Create an app.
3. note down client id.
4. From the application code call "authorize" api with client id.
5. smart sheet will redirect to consent page.
Now here I am confused. as to the API we will be called using Application's client id, how it is related to user who is access my web application. Because the app which I created in developer tool has access, api will works. Doesn't matter who is logged into my web application and has access to work sheet or not.
How smartsheet will know which user is trying to access the sheets because in the API we are just passing Developer App client id.
Or How Developer App can access logged in user's sheet.
Am I missing something?
The consent page will urge the user to login the system if the user has not logged in the system yet. Then, the system will ask the user whether he grants permissions to the client application or not. If permissions are granted, the system will issue a token which denotes "The user has granted the permissions to the client application". This is a basic concept of OAuth. Please read "The Simplest Guide to OAuth 2.0".
I recommend reading this section of the documentation: https://smartsheet-platform.github.io/api-docs/#third-party-app-development
Essentially, your application grants user access-scopes on a per-user basis. Your app needs a developer account. Your users need some kind of Smartsheet plan. Does that help?

How to generate Facebook Marketing API access token to use it in Windows application

I am using Facebook as advertising platform to promote my application on Apple and Google stores. I would like to make windows service which will download daily report(s) about advertising status of my marketing campaign running one Facebook, preferably using 60 day token, or some permanent solution so that token is retrieved when required. I think that i understand everything to do this except how to generate access token to use it with Facebook Graph API. Which token for which Facebook account do I need and how to obtain it?
You'll need a Facebook app and to grant that app the ads_read permission in order to retrieve reports about your advertising efforts via the API (source).
You'll want a long-lived token so that you don't have to re-authenticate very often. The access token documentation details the steps to exchange a short-lived token for a long-lived one.
You may also want to consider managing the app, ad account, and access tokens (via a business system user) with the FB Business Manager.
Create a facebook app.
Go to the Graph API Explorer in Facebook's Tools & Support section.
Pick your app from the drop down.
Hit Get Token > Get User Access Token.
In Select Permissions choose required permissions or select them from extended permissions.
Use the user access token that will be presented to you in the access token form input field.

How do you generate a access token to retrieve Facebook Ads report stats?

I am trying to retrieve the ads report stats, outlined here:
https://developers.facebook.com/docs/reference/ads-api/adreportstats/
But I am currently stuck with generating an access token. I was going through here: https://developers.facebook.com/docs/reference/ads-api/overview/ ,
And it looks like the only way to generate an access token is to generate it by using live web app.
Is there any other way to generate an access token?
Yes, the only way to get a User access token is to have a user authorise your app via the documented login methods: full documentation here: https://developers.facebook.com/docs/facebook-login/overview/
No.
At least not as far as I can tell. It appears that you need 3 things to generate the token:
App Id, App Secret, Url
https://developers.facebook.com/docs/reference/ads-api/overview/
in the Provide Authorization section.
I'm having a similar issue.
You don't want a client token, you need to generate an access token for the ads reporting.
I've found the Facebook API somewhat confusing because they seem to blur the lines of Access Tokens for accessing user information, and Access Tokens for accessing reporting information.

Is using the Facebook access token a secure way to validate a user?

On my app the user can sign to Facebook and the app then has the user's access token (say it's 'abc'), I want to use this token to create a user on my own server.
Is it safe to send this access token to my server (using SSL), then get the user's username and ID using https://graph.facebook.com/me?access_token=abc on my server and check that the application the token belongs to is mine with https://graph.facebook.com/app?access_token=abc. If it is my application I then store the user in my user's database and/or log them in.
Can this system be fooled? Can you think of a way someone could log in as someone else?
You should check out all of the Authentication documentation and the Oauth spec to see the different auth flows available
Broadly speaking, you can create a user on your server based on the access token, and be reasonably certain that when you get an access token from Facebook for the same user ID that it's the same person.
If you require very high security for the app you can take steps to ensure the user's access token wasn't produced via malware or the Facebook user being tricked, there's an example showing protection against CSRF in the Server Side Authentication documentation, and there's also a reauthentication flow you can use
I assume that you are using facebook sdk for this, if so the facebook sdk takes care of the security for you and you don't have to worry about a thing.Supposing that you are accessing the api without the sdk then there are two things that must be noted:
1) Auth token expires frequently(facebook has taken great pains to ensure that the user is protected)
2)Making a request with just auth token is not enough there are some other parameters that are needed that can't be faked especially if you are doing this server side since an extra layer is added that fb calls server flow authentication
3)On top of that there are a lot of permissions that are in place that the user has to give in order for an application to access some data.The link below provides a nice article on authentication you can take a look
https://developers.facebook.com/docs/authentication/
So long story short it is safe.