I am using OpenTokSDK for iPhone (using it Natively)
I have made the code for calling but just there is one problem.:-
I have to statically Add the SessionID. But i want to generate the ID Dynamically.
How can I do this ?
Please help!
Thanks In Advance
Full disclosure: I am a developer for TokBox.
The only safe way to get session ID and token credentials to the device is by developing an application server that suits the specific needs of your app. We have a number of server-side SDKs available on GitHub (link) that will interface with the OpenTok server API to generate this data.
Note well the server-side SDK is enough to get your credentials generated, but not all devices will be on the same session, so things like user management and application workflows are all considerations that cannot be easily written to an open source library.
That said, we did try to make some of these examples more clear by writing code examples on our blog (link). You can relieve much of the overhead of writing your own application server (no doubt a daunting task, especially the first time around) by leveraging one of the third party signaling services available, like Parse and Pusher, to name two.
Wobbals is correct, and In addition to what Wabbals has mentioned, generating sessions/tokens is very simple, the sample code required for each server language (PHP, NodeJS, C#, Ruby) is located in OpenTok's Github page.
Furthermore, if you choose not to have server side code and use Parse to handle your back-end, there is a wonderful writeup about how to use Parse's cloud code module for OpenTok to generate sessions and tokens.
Good Luck!
I strongly felt that the tokbox tutorial was quite basic but had steeper learning curve. So I ended up wrote out my own app-cum-tutorial.
Though late, I felt compelled to post here:
How To write your first iPhone Video Chat App using parse and opentok(tokbox)
Related
I am doing an android application, I'd like to know how to connect sensor devices/applications to Bluemix IoTF using API keys, by saying that I just want to minimize the registration task from client side(sensor devices)as much as possible. I know how to register devices with deivce Id,token and authentication manually. but I just like to know that is there any other easy way around to do it. It would be great If I got some one shed light on this from scratch. Thanks in advance.
There is a rich set of REST based APIs available at:
https://docs.internetofthings.ibmcloud.com/devices/api.html
and fully documented here:
https://docs.internetofthings.ibmcloud.com/swagger/v0002.html#/
One can use excellent REST based testing tools such as Postman for REST testing.
The reason I mention the REST APIs is that they provide a way for scripting or automating the registration of devices. There is an API called "Add device" that, when called, will register a new device instance of a specific device type against your IoT Foundation instance.
I could imagine a new device that knows it is not registered executing a self registration request to define itself as a new device type. What I would next suggest is that you read the links above and see if they make sense. If they answer your question fully, great. If not, simply post a new question that is specifically targeted at a specific areas and we'll be watching this set of tags and respond back as quickly as we can.
I have been looking for a way to protect my RESTful APIs. This appeared simple, but it seems to not be so simple. First off, I am writing an iOS app connecting to a Play Framework server. None of this has anything to do with Google, Facebook, Twitter, or LinkedIn (shocking I know). Oh, and my current plans do not require custom apps to use my APIs, its just my apps for the time being.
Basic Authentication
What appeared to be simple was a basic user/pass on a /auth method managing a cookie session. That may draw some groans as being too simple or weak but mostly it moved identity to a session key quickly verified. My initial setup was to expire the sessions every day, but that lead to the iOS app forcing a login daily proving to be an annoyance.
OAuth
I posted a question on an iOS board and received a blunt direction towards OAuth. My research of OAuth began but holy sh*t is that complicated and there does not seem to be any server side examples... just plenty of people complaining about how frustrating it is. All the client examples show connecting to Google, Facebook, Twitter, and LinkedIn. Oh Joy!
After watching Eran Hammer's rant about OAuth1 and OAuth2, it seemed fruitless to continue and his OZ idea (which looks really clean) is only at the early stages in node.js.
Question
So, my question to the broad StackOverflow community is... what do you do for securing your REST APIs?
I'd suggest to consider approach used by biggest players i.e. Amazon Web Services or Windows Azure - HMAC. Although it isn't comfortable in implementation, as you can see it's trusted technique.
The general idea is to sign the request's parts (i.e. headers) in the iOS with secret key and try to recalculate it on the Play app to verify that request is authentic and not manipulated. If it won't fail, you can be (almost) sure, that was sent from somebody, who uses valid secret key.
Take a look into Windows' document to get the concept (I think that for common task, you can use the less number of elements used for signing).
There is also other interesting post (based on AWS authentication) which describes whole process even better.
Edit
Of course you should realize that authentication in iOS and securing API requests are different things, even if you'll expire your session every 15 minutes, you can't be sure that somebody won't overhear it and then will be able to send a fake request from the outside. Signing every request should minimize the risk.
On the other hand, if you'll prepare clear rules for signing the requests and will write short doc (which I recommend even for yourself), you can deliver it to the other developer and he'll be able to implement it in (almost) any platform supporting SHA256, so you will have API ready for using from 3-rd party apps - if you'll decide to publish it in the future.
Since Play Framework is in Java, you could use Apache Shiro
I haven't used it yet.. (I am planning to though) So I don't know if it's the best option.
Just do something simple, send the authorization code / password in a custom header over HTTPS .
So the only problem with the Basic Authentication approach was that the user has to login every day? Why not offer the user an option to save his username/password on the device? That way he can choose between security and convenience.
I'm currently working on a Project that uses Three20 as the base framework, but I found out that ASIHTTPRequest handles Form Requests so easily so that's why I incorporated it in my Project.. And then I also found out that I need to cache my Session Key so that when my application terminates I can still check that my user is Logged in when the application launches back (and then again I'll be implementing it using basic Core Data)
As you can see there's a lot of Caching functionality in my Project, and I can't find out what is the best way, or which is the best way?
I don't know also how caching works in both Three20 and ASIHTTPRequest..
I really wanted to use their caching functionalities because I'll be caching also feeds and more
If you're looking to store user credentials, it's best to store them in the Keychain. You can do this via the Keychain Services API. There are plenty of examples out there that show how to use this API. Example 1. Example 2.
I'm writing a very simple iPhone app, basically a dropbox where people can submit ideas and then view what's in the dropbox. I need to write a server that will respond to my iPhone's (HTTP?) requests. Are there any good tutorials on the web that will show me how to do this? Thanks.
Well it really depends on what kind of platform are you trying to write your server.
If it's going to be linux, apache, mysql and PHP (LAPM) then probably this question would answer some of your questions: Serving a json file for IPHONE app
Also this one might be helpful: http://www.sencha.com/learn/Tutorial:Creating_JSON_Data_in_PHP
You could server your data in various formats: binary, XML, JSON, etc. However if I were you i would definitely choose JSON ...
You also can use ruby, .net or anything else for building your web server, however probably php is going to be the one with the most examples.
Hope this helps.
For communicating with the server take a look at ASIHttpRequest, which has some good documentation and example code included http://allseeing-i.com/ASIHTTPRequest/How-to-use
i recomment using the ASIHttpRequest Classes.
On the serverside just use a simple JSON API and probably oAuth or HTTP Authentication to submit and receive Data from a Database.
I want to connect to a remote database(MySQL or SQL Server or Oracle) via internet from my native iphone app. I can't find any API or Framework in System to add. does any one know how to connect to a remote Database? pleased help me. Thank you very much
I'm not an iPhone programmer, but I would suspect you want some abstraction going on.
Instead of trying to make a native database connection work, consider writing some service layer that talks to the database on the back-end, and speaks HTTP to your client application.
Plenty of very good reasons for this. Security concerns chief among them.
One way to do it would be to setup an HTTPS server that wraps your requests. Submit your queries via HTTPS POST. The server setup would be pretty basic and it gives you the chance to do any post-processing before sending it over the wire.
The best alternative is to use webservices to access the information stored remotely.
Bye.
Disclaimer : Shamelessly plugging my own product :)
We've built an online system called Kumulos that allows iOS and OSX developers to build and host online databases in the cloud, while easily creating custom API methods for accessing it. It even builds all the Objective-C bindings for you.
Its really really easy to use and its free while in Beta. We'd love some honest developer feedback :)
Check it out here