I am working on a commercial application on iPhone that is using google map. I have Google map api premier client id and cryptographic key to use google map for some limited services like "directions".I generated the signature key using this code:
http://code.google.com/p/gmaps-samples/source/browse/trunk/urlsigning/urlsigner.m?spec=svn2498&r=2498
But still the WS claims "too many connections".
Is there any problem for using Google Maps API Premier in iPhone?
Please Help.
Also, you can learn more on the quota on Maps API web services for Business users, here:
https://developers.google.com/maps/documentation/business/faq#usage_limits
Most likely not related to the use of the API from iPhones.
I would suggest that you open a case with Maps API for Business Support Team (new name for Maps API Premier). You can do it under:
http://support.google.com/enterprisehelp/bin/answer.py?hl=en&answer=142858&rd=1
If you don't yet have access you can also submit a request using a form:
http://support.google.com/enterprisehelp/bin/answer.py?hl=en&answer=142246#request
Putting the error messages aside , it seems alarming that you want to use server side geocoding from an iPhone. The problem with this is that you won't be able to scale as your user base grows since your limits are set.
Instead you should try reading on client side geocoding.
There is a really good article that explains how to make this decision:
https://developers.google.com/maps/articles/geocodestrat
"too many connections" does not sound like an error message you might be getting from Google Servers, but rather something to do with the platform. If you contact support they will be able to check that for you.
I hope that helps!
Related
From the official tutorials on https://community.algolia.com/instantsearch.js/, Algolia requires you to code the key into your application and used with each api request. If someone were to dig this up, what's to prevent them from spamming search requests with your api key?
If someone were to dig this up, what's to prevent them from spamming search requests with your api key?
Do you want the cruel truth? Nothing...
Unfortunately in a web app does not exist anyway of securing secrets, be they api-keys, tokens or any other name convention that may be used.
In a web app all is needed is to use F12 or view the page source and search for them in the raw html and JavaScript.
You can try to use JavaScript obfuscation to make it hard to find but will still be easy to reverse engineer. Even in a mobile app that have their code obfuscated and released as a binary is easy to extract this secrets.
If you want to understand a little more about Mobile Api Security Techinques please read this series of articles to find how api-keys, access tokens, HMAC and other techniques can be used and bypassed. While the article was wrote in the context of a mobile API is still valid in a web app context for the security techniques used to protect the API.
Possible Solution
The best approach is to always delegate your web app access to third part API's to a backend you can control.
In this backend you can then use a User Behaviour Analytics(UBA) solution to monitor bad use of this third part access.
Once UBA can be complex and expensive to deploy you could start by using the new Google reCaptcha V3 across all pages of your web app. ReCaptcha V3 does not require direct user interaction once it works on the background to differentiate humans from bots.
So I would have the web app requesting the Agolia search to my backend that would use reCaptcha V3 protection to differentiate abuse in the search functionality by bots or attackers.
Remember that this approach has the huge benefit of never reveal your Agolia API Key, thus attackers can never directly use it.
I was just fiddling around different machine learning platforms and was planing to use Google predictive API for creating predictive chat bot.
The issue that I am facing now is each request to the API requires OAuth authentication. The fact that I will not be able to authenticate requests for processing the text entered by a client is the real concern. How will I probably respond to a text entered in the chat by a guest user in real time? Is it possible or is Google predictive API not made for this use case?
I am following Prediction API Quick Start Guide by Google and using POST MAN for making API calls.
If possible, please guide me using references or code snippet.
You can create service accounts in place of OAuth authentication tokens. You can create these through the Google Cloud Console. It will then give you the ability to create a server to server (Google) auth that you can use to interact with the API.
Does anyone know if it's legal to use Google suggestqueries in a commercial product ?
As I'm using the open stream of the ajax jsonp request https://suggestqueries.google.com/complete/search?callb.... in searchengine based product.
No - it can't be legally used and the search team changes the endpoint every now and then so apps can't abuse it , however there are wrapper services which emulate / Gather data from the endpoints through their own means - http://keywordtool.io/api is an example of that
i have an online ordering website. The users can enter their address in the site.
The address needs to be geocoded and the nearest stores are to be displayed to the user. Basically i need to get the lat and lng of the address entered by user.
Can i use bing maps javascript api for this purpose?
Does this have any licensing issue? I am thinking of a geocoding api which is free.
Any help would be appreciated.
Yes, you can use Bing Maps for this. Since this is a public facing website, this would be licensed using a transactional licensing option. Bing Maps does offer free usage of the service for these types of apps as well. I recommend generating a Bing Maps key to use with the service through Azure: https://azure.microsoft.com/en-us/marketplace/partners/bingmaps/mapapis/ This will allow you to move to a paid license if needed very easily and in much smaller increments and prices than what you will normally come across.
I digged much into internet, but being newbie, couldn't do much.
I have summed up the following :
Facebook Chat can be used via two Authentication (via Facebook Chat API official documentation) :
1> X-FACEBOOK-PLATFORM
2> DIGEST-MD5
1> X-FACEBOOK-PLATFORM Method has very less documentation, none being official, closest using pyfacebook & pyxmpp (The official facebook chat api page has a reference at the end). Implementing the both to GAE is another headache, apart from the debug problems suffered hence. The creation of apps and using its ID as stated in some resources is not a problem though. I found a nice GAE walkthrough of pyfacebook on riccomini.name/Topics/Web/GoogleAppEngine/FacebookConnect/
2> DIGEST-MD5 is the common method of username - password which can be carries out by any xmpp client. So i though i could use a XMPP python client library like xmpppy which suited me best (as i don't need advanced functions)
Coming staraight to my question : is my inference correct? I am thinking to proceed via Method 2 (Im well aware of the security risks involved in MD5 crypting of password, please don't remind me of that). I could find no refence of using xmpppy with GAE, so am I proceeding correct?
Could anyone provide me a reference of xmpppy used along with GAE ??
(I'm sorry if i was unclear. Cant help, i am no silicon valley engineer but a simple student of age 15yrs)
You can't connect to external XMPP servers using App Engine, so if Facebook requires it for chat integration, this isn't possible.
GAE has a built in XMPP service. Perhaps you can use that instead of xmpppy.
http://code.google.com/appengine/docs/python/xmpp/overview.html
You should have a look into XEP-206 (XMPP Over BOSH) for connecting to XMPP through HTTP-protocol. http://xmpp.org/extensions/xep-0206.html
I don't know if FaceBook supports BOSH though.
You need c2s-protocol to talk to FaceBook, as the s2s-protocol (federation) is not implemented by FaceBook.