I need to provide a facility to approve a document through their mobile device.
Does Hyland Onbase provide an API that we can use in a mobile app for approver?
Hyland Software offers a Mobile Application that will allow for use in Workflow or merely document retrieval. They also have a very robust API option.
The new version of Onbase have an Rest API that let you acces workFlow functionality from your program, you will need to check the license to make it work.
Related
I developed a smart home skill for my company, I did it without using HomeGraph as final user don't care about that they just want a couple of easy traits implemented in devices. Is it required to use Homegraph in order to pass Home suit test and get the certification request accepted?
Thanks!
You can continue to develop your project and test it on your account, but in order to successfully submit for review, you need to abide by several certification policies:
All devices are expected to report state updates to Google through the HomeGraph API’s Report State, with the exception of command-only devices like IR controllers.
Developers shall report device configuration updates in your ecosystem to Google; ... This can be accomplished through the Request Sync API.
To summarize, you will need to integrate the HomeGraph APIs and pass the test suite in order to be ready for certification.
My company wants our IT department to review and approve every tool we connect to Marketo. This is a lengthy and costly approach which I do not seem to fully understand, why. For example, I would like to use the Marketo integration with LinkedIn, Contact Forms 7 (WordPress plugin), or Zoom. There are already existing integrations with Marketo which can easily set up via the API Code provided by Marketo. However, my company wants to review all these as all API integrations have to be reviewed by IT. Does this make sense from a security or functionality perspective? Are the existing Linkedin, Zoom, WordPress integrations proper API connections? What is the difference between an API and integration in Marketo?
Thank you for your help.
I think with the API integration, that would use your own daily API limit whereas the native (existing) connection in Marketo where you can connect to Linkedin or Zoom integration is via Marketo background API which does not count towards your limit. In terms of security review, you might want to discuss to get the details off your Account Manager perhaps.
From the official tutorials on https://community.algolia.com/instantsearch.js/, Algolia requires you to code the key into your application and used with each api request. If someone were to dig this up, what's to prevent them from spamming search requests with your api key?
If someone were to dig this up, what's to prevent them from spamming search requests with your api key?
Do you want the cruel truth? Nothing...
Unfortunately in a web app does not exist anyway of securing secrets, be they api-keys, tokens or any other name convention that may be used.
In a web app all is needed is to use F12 or view the page source and search for them in the raw html and JavaScript.
You can try to use JavaScript obfuscation to make it hard to find but will still be easy to reverse engineer. Even in a mobile app that have their code obfuscated and released as a binary is easy to extract this secrets.
If you want to understand a little more about Mobile Api Security Techinques please read this series of articles to find how api-keys, access tokens, HMAC and other techniques can be used and bypassed. While the article was wrote in the context of a mobile API is still valid in a web app context for the security techniques used to protect the API.
Possible Solution
The best approach is to always delegate your web app access to third part API's to a backend you can control.
In this backend you can then use a User Behaviour Analytics(UBA) solution to monitor bad use of this third part access.
Once UBA can be complex and expensive to deploy you could start by using the new Google reCaptcha V3 across all pages of your web app. ReCaptcha V3 does not require direct user interaction once it works on the background to differentiate humans from bots.
So I would have the web app requesting the Agolia search to my backend that would use reCaptcha V3 protection to differentiate abuse in the search functionality by bots or attackers.
Remember that this approach has the huge benefit of never reveal your Agolia API Key, thus attackers can never directly use it.
I have just submitted an application for access to the Uber Driver API including details of my intended use of the service for the benefit of drivers.
Uber's response was "we will let you know if we think there is a fit".
Does anyone know if this is literally true? Or is there some period of
time after which I assume that my application has been rejected?
Better still, is there a way to find out a rejection status and appeal?
Uber as of now don't provide a way to track the progress of your application to access the Driver API, If your use case is really helpful for the driver and Uber also think that is, along with other parameters like number of current user base etc., they might consider.
You can always checkout the developer support page
Does anyone know if it's legal to use Google suggestqueries in a commercial product ?
As I'm using the open stream of the ajax jsonp request https://suggestqueries.google.com/complete/search?callb.... in searchengine based product.
No - it can't be legally used and the search team changes the endpoint every now and then so apps can't abuse it , however there are wrapper services which emulate / Gather data from the endpoints through their own means - http://keywordtool.io/api is an example of that