Implementing API for captcha while calling a public URL? - rest

I am trying to implement REST API for a form(Let's say booking a ticket). That is a public URL . In Web the public URLs are protected with Captcha to avoid spammers. So do I need to implement an REST API for providing a captcha and get back the captcha input along with the other inputs while adding details to the form ??
Thanks In Advance

Related

How to consume a spring rest api which is protected by OAuth2Sso?

Good afternoon everyone.
I have a dilemma.
Recently I have been assigned to create an API Documentation with Swagger 2, version 2.6.1 using SpringFox and the #EnableSwagger2 annotation. After doing so, I was given the task to "secure" it, preferably with Oauth2. At the beginning I have researched how to do it, and after many trials and errors I gave up and came up with the idea of securing the whole package and apis. My method of doing it was the following. I created a basic Oauth2 server and client folowing some tutorials on the web and I've added the swagger and the rest methods in the client. The client works in the following manner. After i enter on the site http://localhost:8082/ui/index.html, it prompts me to login. I press on login, it redirects me to the login form on the auth server at http://localhost:8081/auth/login where I enter my credentials, and after that it redirects me to my swagger. If i enter any of the links from the client in the browser url, it forwards me to the index.html if i haven't logged in previously.
My problem is that right now, Swagger works, is secured and all, but if try to call my methods from postman It displays my login page in html. I am a beginner in rest apis, can you give me some indications?
I have used the following code to do the redirects.
#Override
public void addViewControllers(ViewControllerRegistry registry) {
super.addViewControllers(registry);
registry.addViewController("/")
.setViewName("forward:/index");
registry.addViewController("/index");
registry.addRedirectViewController("/ui/v2/api-docs", "/v2/api-docs").setKeepQueryParams(true);
registry.addRedirectViewController("/ui/swagger-resources/configuration/ui","/swagger-resources/configuration/ui");
registry.addRedirectViewController("/ui/swagger-resources/configuration/security","/swagger-resources/configuration/security");
registry.addRedirectViewController("/ui/swagger-resources", "/swagger-resources");
registry.addViewController("/api");
}
#Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/**")
.addResourceLocations("/resources/").addResourceLocations("/ui");
registry.addResourceHandler("/ui/**").addResourceLocations("classpath:/META-INF/resources/");
}
For example, if I acces http://localhost:8082/ui/api2/getConf, one of the methods for the api, if I am not logged in, I redirects me to the login.
If i have to test the api with postman, how can I integrate the login into it?
The login is based on a user and password.
Thank you.

Infusionsoft Form Submission API

I have been using Infusionsoft form embedded in html page but now I want to send data to Infusionsoft form using their API. I checked their APIs but could not figure out which one should be used to submit data to the Infusionsoft form. Can someone please help me with this?
https://developer.infusionsoft.com/docs/xml-rpc/
Thanks for looking into this.
Thank you, Naresh
Try to use REST API instead of XML RPC. Developer center already marked XML RPC to "legacy" module, and I guess they will replace "XML RPC" sooner or later.
Regarding to your question, you will need to define what data set you want to update.
For example, if your form is going to insert a new contact, you will need 2 things from your code.
First, prepare the parameters such like "email_addresses", "phone_numbers" and "given_name".
Second, POST request with parameters to this URL "https://api.infusionsoft.com/crm/rest/v1/contact?access_token=123abc" after authentication.
Ways to test:
Try REST API calls on page https://developer.infusionsoft.com/docs/rest/
Good luck.
To pull Webformvia API you will have to use following method, this will pull the HTML form:
Retrieve a Form's HTML
to submit a data to Infusionsoft via API
You will have to use Create contact and update contact API:
Create Contact
Update COntact
XML RPC is still in use but Infusionsoft suggests to use REST API methods
Create a Contact
Update a Contact
Single API call for two methods: Create or Update a Contact

how to redirect/map to externalregistration page from AuthenticateExternalAsync to angular page

I am using external providers to login to my web app. (for example Google). In my custom userservice I get to AuthenticateExternalAsync and from there I want (if need to) redirect to Angular page.
public override Task AuthenticateExternalAsync(ExternalAuthenticationContext context)
{
...
...
context.AuthenticateResult = new AuthenticateResult("~/externalregistration", user.Subject, name, identityProvider: user.Provider);
return Task.FromResult(0);
}
i have html page
at https://localhost:44300/Content/app/externalregistration.html
How do I map externalregistration to this page?
At the moment I get an error
https://localhost:44300/identity/externalregistration#
HTTP Error 404.0 - Not Found
thank you
Mark
The page for the partial login has to be with IdentityServer - see that it's looking for it at /identity/ and not /Content/app/.
If from your user service you issue a partial login, then that web page is entirely up to you to serve up from the server. If that partial login page needs to know the identity of the user, then it needs to be hosted in the same path as IdentityServer so the partial login cookie can be read on the server. If you then want that page to be a SPA, then you'd have to have some server side code issue something into the browser for your SPA to know the identity of the user. If you want that page to be a SPA and make Ajax calls back to the server, you need to include some XSRF protection.
All in all, custom partial pages are easiest implemented as standard server-rendered MVC pages.

how to get HTTP request object in class implementing jackrabbit ExternalIdentityProvider

I am implementing custom external identity provider and to do this I need to implement ExternalIdentityProvider class from jackrabbit.
http://jackrabbit.apache.org/oak/docs/security/authentication/externalloginmodule.html
In normal case you would need to pass j_username and j_password and you can get these from values SimpleCredentials object
My question is that since I need to pass additional form parameter say for instance linkedin ID in my case, how do I achieve that?
#Component(
policy = ConfigurationPolicy.REQUIRE
)
#Service
public class RDBMSIdentityProvider implements ExternalIdentityProvider {
#Override
public ExternalUser authenticate(Credentials credentials)
throws ExternalIdentityException, LoginException {
//i can get username / password from credentials object
//how to get additional parameters from http request object?
}
Any input is highly appreciated.
Thanks!
The correct way to handle this is to have a custom AuthenticationHandler which creates an instance of a specific Credentials object with whatever parameters you need in it.
That said, if you are integrating with LinkedIn (and this is in AEM), you would be better served by integrating with the existing OAuth AuthenticationHandler. There is OOTB support for Facebook and Twitter, but the OAuth provider is designed to be pluggable for different OAuth Service Providers.

Facebook Graph API: find all public pages I like in a single request

I would like to know which objects returned from /me/likes are public ie. don't require authorization.
So far, I haven't found a better solution than making another request to /?ids=<IDs> without the access token, where <IDs> is a comma-separated list of IDs obtained from the previous request.
Is there any field indicating whether an object is public? Any help will be highly appreciated!
This is a matter of what you're asking for when you get the auth toke. If you have all boxes unchecked you will get just public information from the request. You'll know this by the pop-up asking for authorization saying
"Graph API Explorer will receive the following info: your public profile."
How ever if you have the box checked that says "user_likes" you'll get a list of all the likes. The authorization will say.
"Graph API Explorer will receive the following info: your public profile and likes."
If you just want to return the id of the things you like you can use this.
me?fields=likes{id}