We are calling apis which are hosted in a private network from the actions/ dialogue flow console.
The apis are getting 403 as Actions on google/ dialog flow is not whitelisted.
To whitelist the same I need an ASN
(IP range is not going to work as Google has a dynamic IP range not a static one)
I require the steps to identify the ASN.
I have tried searching on the internet as well as the google documentation, was unable to find anything on it.
I wrote to support#dialogflow.com and they weren't able to help me out
Related
I wonder if there is a way of restricting the access to your restful service running in a GitHub code space? Like a whitelist of ip addresses and if there is a way of requiring an auth token?
I have been looking at a bunch of tutorials and trying to read up upon it in Github docks but cannot seem to find a clear answer.
BR Jan
I build an ionic app using version 1 some year ago, the app is public no authentication is required.
How can i enable api consume only from the android smartphone ?
If someone decompile the apk they can see the api and consume data from the api
How can i prevent this ?
At the end of the day, there isn't much you can do to completely prevent someone from accessing or scraping data via your public API.
However, here are some ideas that can help mitigate it:
API Key
Store an API Key in your app, and validate the key on the server side before processing the request. This suggestion isn't too helpful if they decompile your app, but at least it's a start in preventing the API from being exposed by just using the app (especially if you make all your HTTP requests over SSL).
IP Address Logging
Setup some code within your mobile app that logs the IP address of the user. Then, when a call is made to your public API - it compares the IP address from the request with the list of IP addresses that have been logged from the mobile app. You can even use timestamps to limit the time frame in which the API will be accessible.
Rate Limits/Usage Quotas
You can put some general rate-limits on your API. Only allow a certain number of requests within a specified time frame from any given IP address, user, device ID, etc.
Hope this helps. I would love to hear more thoughts from other people in the community as well!
I want to build a Conversation Action for Google Home device and control its access. Only certain devices can invoke some actions. How can this be done, once the agent is publicly deployed?
Think of Google Home the same way you would think about a web browser and an Action the same as a web page or site. If you wanted to limit what web browsers can access a public site on the Internet, you're somewhat limited.
You could restrict access to certain IP addresses, and this will work in some cases - but it means that access via non-static IP addresses aren't possible, and if (ie - when) a machine gets a new static IP address, you have a lot of work to do. Similarly, the Google Home device can send a random user_id string for each unique user, and you can use this to limit who has access. But this string can change by the user resetting their Google Home device, and when it does, you will have to deal with that.
A better solution on the web is to allow people to log into your site. This way you can have a public facing web page, but only people with accounts can access. You can determine how to hand out accounts, so this is very flexible. The equivalent with Google Home is Account Linking where you will maintain an account as part of an OAuth2 system that you control. Google Home will ask for permission to access your system, and you will issue OAuth2 tokens to Actions - these tokens will be passed back to you for each request, and you can verify that the user has access.
I strongly suggest going with the Authorization Code Flow since this seems to be where Google is focusing on providing additional features - such as signing up to your service through Google Home.
I apologize to come before you with such a rudimentary question, but Google apps is giving me a hard time simply verifying the domain from which I want to make server side YouTube search API calls.
Google is insisting on using the DNS text verification method (even though it provides a link to alternate methods that are not recognized by Google apps). But my registrar (GoDaddy) is not my authoritative DNS provider. That honor goes to DynDNS. So, I'm not sure I can even use Google's automated tool to set up the TXT record. In fact, it makes me nervous that they want me to grant their app to make changes to the DNS at GoDaddy.
I'm assuming this is a requirement to make server side api calls and retrieve results. Can someone point me in the right direction? Either how to fulfill the TXT record requirement under this scenario, or how to force Google Apps to accept an alternate verification method?
Thanks
Paul G
If Godaddy isn't managing your DNS, you won't be able to follow the automated flow in the Admin console. You're going to need to manually create the record with DynDNS to accomplish this.
Your host doesn't have specific steps on Google Support site (here) so you'll need to follow the generic one. Support for your host should be able to help but you can also contact Google Support via the Support section in your Admin console.
Here is my problem.
I have a client that uses the plug-in powerview through Excel2013 .
At the beginning my client hadn't at all access as our firewall was blocking the access to the office365 IP and Bing.com.
Once the flow authorized on the firewall, he don't have any error message but nothing happens.
When he try to access bing.com/maps the map cannot be displayed at the same moment I did verify my firewall and I see that his machine tries to access an AKAMAI IP(same thing when he goes through powerview) . Every time that he tries to access bing maps we have a random AKAMAI ip adress and so it is blocked by the firewall.
The idea is to authorize only the flow towards bing maps and not to ANY destination.
So my question is, is there any way to learn what URL uses powerview so to authorize them on my firewall? Do you ever had such problem?
PS The only solution that I can imagine for the moment, but it is impossible for our Datacenter provider, is to implement a proxy server.
Bing Maps has a long list of IP address ranges which need to be allowed through the firewall. Contact the support team using the online form under the developer support section here: http://www.microsoft.com/maps/Licensing/licensing.aspx They will be able to provide you with the list you need.