A client just reported that his website to Salesforce integration is not working properly. It appeared that Account ID which is needed for executing REST queries has changed, so that I was using a non-existent Account ID.
I've had a look in the Account history log in SF, but nothing there said anything about any updates to it's ID. I am 99% sure I was using the correct Account ID before, as I always test all features before handing out the project. Any ideas how could this happen?
Thanks.
Account IDs do not change, ever*.
* unless they are deleted, either to be brought back later (Acct Id will be different) or merged into another account. It is also plausible (I have no idea about this one, I'm just spitballing) that they could change if your data are migrated to another instance (e.g. na10 -> na11)
That said, hardcoding IDs should be avoided if at all possible -- it's virtually always possible, and if it isn't it should be documented extensively and unambiguously -- because they will be different in the sandbox, where you are presumably doing your testing. You do test in the sandbox, right?
Related
I hope you are well, i am not a developer and i wanted to draw from the massive pool of expertise in here. I have an odd ish question that i can not accept the answer that i have been given as it does not add up from a security perspective.
the situation is that our API is passing a token with reference number for payment to a card payment provider which is Payment Card Industry Data Security Standard compliant, we do not want that responsibility hence we contract them. the customer enters all the details (name, card number etc etc) on the contractors site. They have a secure reporting portal that we do the reporting of daily transactions, refunds etc, so there is no need for us to have any data other than a reference number to marry it up with the token sent from us. It transpired earlier today that their API returns not only the token with the unique reference we need but the name, last 4 digits of card, address and other identifiable information, which we do not need or we want to have sight off.
The Contractor's reply was to and i quote "just ignore the data that it is return through the API and you do not need". I asked them what happens to that data a number of times and they did not provide a direct reply they just said other organisations use it that way with no issues...which as you expect have drove me absolutely bazurke.
i have found this 5 year old answer that says that disappears to the ether. I cant accept that data just disappears, insert GDPR concerns here.
What happens to unused function return values?
Apologies for the rant
TLDR: we sent token with unidentifiable personal information to card payment provider through API, Card Providers API returns name, card, address and other identifiable data. Card Providers response just ignore the information returned from the API you do not need.
thank you in advance for all your help.
So since you use a website to contact this API I will try to break down what is occurring.
You enter in a number on your website, which in turn becomes the key reference for the API call to the payment processor. The processor receives the ref number and grabs info pertaining to that number from their database. They then send this data as a response to your API call and the data is returned to the website. Now I am just speculating here but I am guessing your website does not do anything with this data, except display it. If this is the case the data is sitting in volatile memory, on the server the website is running on. Volatile memory (RAM) is memory that is not long lived, once space is needed it will be overwritten or if the system is turned off, it will be wiped immediately. Even when this data is in volatile memory it is only used in the context of your session on the website. Once you leave the page, there is no real way(easy anyway) to get that data back. It may still exist in RAM, but it is not accessible to anyone anymore and will be destroyed or overwritten once the server realizes it is not being used anymore.
There is a chance however that your website does save the API responses you get back in your own database. It sounds like this is not the case but I cannot be sure. But to ultimately answer the question, you can ignore this data and it is not very vulnerable or accessible to the outside world, so you don't have to worry about it getting into the wrong hands in this case. I hope this helps you some! Let me know if I can clarify anything for you further!
If no one uses the data, or looks at it, or stores it -- if it's just ignored -- then, yes, it disappears.
More specifically, in the computer that receives it, it's probably written into some space in volatile memory, and then the space is reused and overwritten the next time a response come in. Conceptually, at least.
It's possible that the receiving application has some kind of logs that are writing out data that is received, regardless of whether the app uses it or not, but other than that, without knowing what the app is doing, it's impossible to guess further.
This is not exactly a programming related question but it is closely related to developing so I think it is pertinent.
I´ve been charged in my work with developing an app with access to Facebook Messenger. I needed a Facebook Account and I didn´t want to use a personal one (and I don´t use Facebook anyway) so I created a new gmail account to use it to sign up in Facebook, as user and as a developer.
After a couple of days of work, having created the page, my webhook, done some tests, etc., and investing a good deal of work hours, my account appeared as disabled.
I have to admit a didn´t use much of real info on this account (I´m kind of allergic to disclosing personal information unless mandatory), and the account was new so I thought that maybe that was the reason (they don´t give you any).
So I tried again a second time with an account I had been using for years (just for logging in some sites, not much of real information there neither, as I say I don´t really use Facebook), and after a couple of days, same results, locked account.
I can´t stress enough I don´t use the API extensively, I just send some messages to another user I have added as one of the application developers so I can test (that other account is never blocked, by the way). It´s not like I am sending hundreds of messages or anything like it. And by the way, I have never been blocked while I was doing something (so I could indentify my wrongdoing). It just happened that at some point when I was going back to work (first hour in the morning, or after lunch for example) I tried to log in again and then I got the warning.
So I have tried a third time, this time I have given all my real information, reluctantly uploaded a personal picture, given all my data to Facebook (yikes!).
And after a couple of days: damn, same result. Blocked account. Work lost. They prompt you to upload a picture to check your Id, but to no avail (no answer yet, not even a notice of any kind) and they don´t give you absolutely any reason why the have blocked you.
And if I go to https://facebook.com/help/contact/260749603972907 to fill the form where they ask you to upload an ID then it says that the email doesn´t belong to a disabled account!
What is the unusual activity they have detected? What have I done wrong? Has someone experienced the same problem? Has someone got any clue of what it is that I could be doing wrong?
Because I don´t want to go through the whole process once again only to get blocked in a couple of days.
Thanks.
EDIT 1:
Ok, after checking again now it recognizes the account as a disabled one. I have gone to https://facebook.com/help/contact/260749603972907 to fill the form and I have uploaded my ID (even though I completely disagree with disclosing that kind of information).
Honestly, I don´t know what it means by "shortly". It´s been two days now and I have not received any kind of notification yet.
By the way, I haven´t received any kind of notification (mail, sms, anything) during any step of the process EVER. No one. Nothing. Not even an automatic email response. Plain absolute silence.
Honestly, if Facebook uses a security system like this, that lets hackers in while blocks legitimate users, creating false positives and making us lose many hours of work, without any reason or notification or explanation, then Facebook security is plain wrecked.
And I cannot do anything less than to strongly discourage any developer to use it if they can avoid it (what unfortunately I can´t).
EDIT 2:
After some days I regained access to my account again. Without any notification, I just tried again and now it worked (really good communication policy, Facebook, congratulations).
My App had disappeared, so I had to go through the whole process again. And after sending ONE message to the API, this again:
And once again the asked me to upload a picture of myself (I think they already have enough pictures of me to make an album).
This is just plain crazy.
I am trying to set up a Paypal Dev App by first creating the two (personal and business) Sandbox Accounts. However it only displays the -facilitator.. business account with the following error message when I click on its Profile
We experienced some issues on our end while creating this Sandbox account. Please delete it and try again.
Unfortunately the check-box next to the account is grayed out and I cannot delete it. When I go to create an APP it says:
There are no sandbox business accounts associated, please create one and try again.
So I have also tried creating NEW Sandbox business accounts. When I click save I see that it has updated the Total Records by one, but it still shows the same amount of accounts (the facilitator and any personal accounts I created).
Anyone have any idea on what I can/should do? Can I re-create the whole developer account somehow?
I got this randomly all weekend and never really figured out what caused it... It did work for me though when I went back to it a day or two later.
gave me a really weird feeling about using paypal at all to be honest. good luck.
Exactly the same for me since 3 days. Getting pretty nuts about it. Yesterday the problem was different an error message was displaying on the page as : We’re sorry, but something went wrong. Please try again.
Today when I logged in I found all the test account that I have created yesterday but with no money on the account. So I have deleted them and when I recreate I get the same behavior mentionned above.
This is the notification for the first issue, didnt' find new one but guess they are working on it.
https://www.paypal-notify.com/eventnotification/event_details?eventId=5775
I had this issue as well, and threads all over the internet going back to 2013 which is even more frustrating. Here is what solved it; you need to fill in ALL the fields even the ones that say 'Optional' (First Name, Last Name, Funding, Notes). Then it works fine. Just someone on their end who never did use-case testing I think. In any event I am now making test accounts without issue.
Here's my problem. When I create my transaction with the classic api, I find myself giving them a unique tracking id (https://developer.paypal.com/webapps/developer/docs/classic/api/adaptive-payments/Pay_API_Operation/) that match the one I store in my DB.
But after 8 months of devellopement, I have some problem. I reset my DB, so on my end, the tracking id can be used, but on Paypal end, it can't.
So I was wondering if there's any way to delete the transactions I've made so far? That way I could re-use theses tracking ID and make sure that this time I don't delete the one I've used, but instead store them in another collection.
Thanks a lot guys!
What I finally did was to make a simple function that generate another ID if the id was refuse by paypal, and add the refused one in my DB. That way, at some point, I caught up with the paypal transactions ids and was good to go!
What we did was to just create another app in our Paypal developer dashboard.
I am using the GA Data Export API to interact with Google Analytics and I'm making a lot of progress, I am using this URL Endpoint initially to pull all the profiles under an account:
https://www.google.com/analytics/feeds/accounts/default
This URL retrieves each GA ID (profile) and each UA. One thing I've realized is one account can contain multiple UAs and when this happens, this request pulls all profiles. We have a client who has about 115 profiles under like 10 different UAs, and the request takes about 30 seconds for the initial request (and then I believe it must be cached, because it speeds up considerably after this, but then the next day the same thing occurs).
Is there a way to get a list of UA's without pulling the profiles? This way I can query the UA specifically for the profiles instead of pulling each one.
Any advice on this would be really helpful!
Thanks
UPDATE: Here's some documentation on the specific call I am using right now:
http://code.google.com/apis/analytics/docs/gdata/gdataReferenceAccountFeed.html
UPDATE 1: I have found some interesting information in the docs
Once your application has verified
that the user has Analytics access,
its next step is to find out which
Analytics accounts the user has access
to. Remember, users can have access to
many different accounts, and within
them, many different profiles. For
this reason, your application cannot
access any report information without
first requesting the list of accounts
available to the user. The resulting
accounts feed returns that list, but
most importantly, the list also
contains the account profiles that the
user can view.
So this means that you have to use the default accounts call to get these back? Surely, somebody has had this issue before?
So apparently, you can query the account if you know the UA-ID, however there is no way to get back a list of only UA IDs.
One way you can do it is have the user enter their own UA ID instead of having them choose one; not as user-friendly as it could be but better than making the user wait 30 seconds!