I'm trying to use the UberEats Api, but I can't make the authentication, the error I'm receiving is invalid_scope.
How can I enable the scopes eats.store and eats.order for my apps??
I'll really appreciate your help.
These are not generally available scopes. There is no public application process. There is not any generally available Uber Eats API.
They forgot an 's' in the documentation.
Try scopes=eats.order instead of scope=eats.order
Related
I'm new using REST api and I understood that OAuth 2.0 is a greate way to handle authentication security but: Is there a standard/best-practice to return only the authenticated user's datas ?
For example,
User 1 authenticated try to access (GET) the url .#/myBooks that doesn't give the same result as if the User 2 is logged in.
Is it possible using Firebase ?
What is the server guideline using Sails or Express on Nodejs ?
Any good tutorial (because I could not find any) would also be appreciate! ;-)
Many thanks...
You can secure your data in Firebase using its security rules. With the correct .read rules in place, a user can only see their own data.
Did you read this quick start? https://www.firebase.com/docs/security/quickstart.html
There is also a nice tool to simplify creating advanced security rules. I don't think you'll need it for the use-case you described, but it may come in handy later: https://github.com/firebase/blaze_compiler
Maybe this is what you're looking for? http://passportjs.org/
In my current work, I have to develop an intern REST API engine.
I have read the Roy Fielding thesis, documented myself, and I finally got something that works great easy to use, with high performance, corresponding to the Fielding REST spec.
There is only one point that I dont really know how to overcome : the security problem.
Again, I documented myself, and I wanted to use OAuth2.0 in my engine.
The problem is that I dont understand nothing at all how to use this protocol.
I dont understand how the consumer can connect himself and be recognized by the server.
I dont understand if I have to provide API key to my consumer(like Facebook, Twitter and Google make it) or if a token will automatically be generated if I send a login / password to the server
I dont know if I have to create my own OAuth2.0 server that provides keys, or if OAuth2.0 libraries are sufficient to provide security.
In fact, I dont understand nothing at all with OAuth2.0, and I need to learn. The problem is, every documentation that I try to read is like chinese, I didn't find an easy one, step by step that will help me with this.
That's why I post here, can you help me understanding a bit more OAuth2.0 and the secured authentication for API ?
I willingly didn't speak about the technologies, because I want to understand OAuth2.0 before applying it technically.
Thanks for all
The main problem with OAuth (both versions) is that you'll see a lot of talk about the three legged version. That is when you have user, a data-providing service and a consuming service, let's say a service that will create physical copies of your flickr photos. In this case the OAuth flow allows the user to tell flickr that the third party can access their data. This is not the scenario you are after, you are interested in 2-legged OAuth, see here for a description.
Of course you could look at other methods too. I've used HAWK in a number of REST/Hypermedia APIs and found it to be great to use in both nodejs and .NET server stacks.
Thank you for your answer, I studied a bit more OAUth2 en tried to implement it with 3 stragery : basic, clientPassword, bearer.
I created a new thread for an other problem, if you want to take part of it :
OAuth2 server creation with nodejs
I want to call external rest resource from within confluence atlassian wiki .
Any examples ?
Can this be achieved via CLI in the backend ?
Please kindly share your thoughts.
The fact that you need this is a warning sign about the design of your app. The plugin api is way more powerful than the REST api and you should lern to use it.
Technically, what you want is possible, but you may have a problem with authentication. When you try to reach the web interface from the backend, you have to log in as a user, you will not be automatically logged in as the backend user. You also need to have access to the url, which is not automatic in corporte environment with all kinds of complex networks solutions.
If the rest service is unauthenticated then you could look to Enable the html-include macro.
Which would allow you to do an html include of the GET REST service call within the page.
Would look like this once enabled:
{html-include:url=http://www.example.com/rest/myservice?param1=1}
However, I suggest looking to use their whitelist feature if you do this.
This also only works for self hosted instances and not for on-demand.
Is there a way to recreate WCToken and WCTrustedToken in websphere commerce by using cookies?
Considering a scenario where search and browse uses websphere commerce and checkout in a different technology leveraging REST api's of websphere commerce.
The WCToken and WCTrustedToken are composed of a subset of the data used to create the USER_ACTIVITY and AUTHENTICATION cookies. It is therefore possible to recreate them from cookies. However, to do so, you would need to use internal WCS APIs. IBM will not support customization that use those APIs.
Note that the commerce team is looking at improving this area in the future to avoid this type of problem.
Following APAR would help I guess
http://www-01.ibm.com/support/docview.wss?uid=swg1JR45670
https://www.ibm.com/developerworks/community/forums/html/topic?id=0b75439b-b305-4916-bdd0-73ff487acbf3
FEP 7 which due for release END of Feb-2014 will have this feature supported. While invoking the api just send the cookies along. If cookies are available then no need for WCToken and WCTrusted tokens in header
You can use CommerceTokenHelper OOB class which has the method generateCommerceTokens. This will use the user Id and generate the WcToken and WcTrustedToken.
As far as I can tell, the Graph API doesn't provide support for creating new messages and replying to existing ones. It is my understanding that this feature has been disabled because of abuse. However, there are applications which definitely require such a feature and which are "good citizens". Is there any way that an application can be whitelisted to use such an API method?
I still don't think it's possible. Check the thread and message API's. It only seems to provide read access:
https://developers.facebook.com/docs/reference/api/thread/
https://developers.facebook.com/docs/reference/api/message/