Apologies for my ignorance.
I am a data analyst in a small organisation (no data engineer/architect/web developer) and I am trying to set up a connection to an API with a company whose software/app we have purchased.
They have stated that for them to set up access to their API i need to create a callback url.
I don't really know where to start with this and neither does the IT manager.
I will likely be using Zapier or Power Automate to build the workflow needed but not sure how to go about setting up the callbackurl as requested. there last response was
'we would need a callback URL or local host to be able to generate API key'
any guidance would be great
Related
I am trying to use the eBay python SDK and APIs for finding listings (Finding API) and I need to make a production Key. However, when you create a production key you get the message
"Your Keyset is currently disabled
Comply with marketplace deletion/account closure notification process
or apply for an exemption"
I'm not really sure what this means and the guide I was following makes no mention of it (because it was required after the guide was made). What do I put for the Email field and the https address etc.
You can find all instructions here
Google has a Google Workspace Status Dashboard where they indicate whether any of their core services are experiencing an outage or not.
Accordingly, I would like to be able to fetch the status for a particular service. For example, I would like to check whether Gmail has one of the following statuses:
Available
Service disruption
Service outage
I would like to make an API call in Python that would retrieve the status and allow me to perform an action according to the current status.
Is there a way I can achieve this?
I found some documentation here but I'm still trying to figure out how I can do it.
The problem with the API is that it does not work directly with the Dashboard, instead it works with the information from the Google Workspace Alert Center, meaning that you need to set up an alert first in order to pull the data from this specific alert using the API and the alert will only be triggered when there is a service disruption or outage reported in the Dashboard, so it will not show any data about the service being Available but only when there is an outage.
As mentioned by Bijay Regmi and the official documentation, I think the best option would be to subscribe to the Status Dashboard RSS or use the JSON feeds.
With Python you could also create a RSS reader to pull that information in a better way, and you can use this other Stack Overflow post as a reference on how to build it.
We are building a customer application. For that, we are using accounting software (ZOHO). Items will be fetched from the accounting software and bills will be generated directly on accounting software using API. API is using JWT for authentication. To generate JWT tokens for each user then is a 'user consent page', which should be manually approved from the web browser. So, for each customer we are not going to register as a user, we are planning to create them as just customers.
What we are actually planning to do now, is create one JWT token pair (After manual approval) and use it for all customers for all API calls. My first concern, is that will be a good approach?
The second concern, the Token has an expiry of 1 hour. After that, we should use the refresh token to generate the new token. How we can efficiently handle this on the web and mobile (Customers on the web and mobile simultaneously using the same tokens for API calls and the Token change should reflect on all client devices)? Doing this is a good idea?
In this case, you can create a Connection for Server-Based Application in Zoho Books and thereby authenticate the API calls using OAuth. When you set this integration up, the communication through API will be only between Zoho Books and your third-party application, and not directly between Zoho Books and your customers. Therefore, you can validate the user interface for your customers at your end.
When you initially build the API integration, you will be creating a Refresh Token. This can be hardcoded in your script and set to generate Access Token from it every hour. Please note that the Refresh Token and Access Token have to be generated separately for Web-based and Mobile-based applications. Here is our help resource for your reference. You can store the access token and expiry time, and verify the expiry time before using the access token. If it has expired, generate a new access token. Please take extra care to ensure that the refresh tokens are not exposed.
I hope this helps. Feel free to contact us if you have further queries.
I have been asked to try and get something working in our slack environment for our campus locations to use. The goal is to have a user input the location which would initiate the API call to the other system and return some basic high level system health stats.
I am familiar with how to setup webhooks to slack, just not sure if it's possible to do this or not with slack.
The slack API (https://api.slack.com/) is fairly complex to get set up, but it will do what you want once you get there. It has a web API that you can register to receive hooks from when things appear in messages or chats, for example, and thus you can trigger things to run when people say certain things, for example.
If I understand correctly, you want a user to input a location on slack, and based on their input to make an API call to a different service.
You have several options to get the input from the user:
You can create a bot that the user can chat with
You can create a shortcut or workflow that users can use to fill some kind of form
You can allow for interactions on your application's home page
All these options will get slack to send a payload to some endpoint you define. You will have to set up some basic back end to handle this and call your external APIs from.
I'm currently working on a similar project and recommend using some serverless, fast setup. I have opted for Lambda and API gateway for this. The experience is:
The user goes to the app home page and presses a button
The user gets a form to fill
On form submission, slack sends a payload to an endpoint set via API gateway
API gateway summons a lambda function
The function parses and validates the payload, and ultimately makes a request to my external API
I am learning Django and have an idea for an app that would access data on the Microsoft Graph API for users of their outlook service.
It seems the cleanest way of doing this is by using a package like django-all-auth to handle obtaining and storing the authorisation token in the backend. There’s also an example on the Graph API website using python-social-auth.
However, I’ve been informed here that I can use a library like jQuery to make the API call directly, meaning the JSON data returned from the 3rd party API could bypass my server and go directly to the user’s browser.
With a 3rd party API requiring authorisation I’d need to get the auth token from my django back end to the front end so that it could be used in the Ajax request.
I appreciate that it would be an option to use the implicit or PKCE flows in the browser.
However, as an alternative I’d had the idea that I could use the server side OAuth flow to store the access token and refresh token in the back end and then send the auth access token from django back end to the user’s browser to be securely stored and used from there.
The benefit of this, as I see it, is that if the user’s access token expired you could make a call to the back end to use the refresh token in order to provide a new auth token, thus requiring the user to log in fewer times.
I also don’t see how this can be any less safe than the implicit flow, although me not seeing it doesn’t mean it doesn’t exist!
I know I’d have to use SSL to avoid any malicious actor snooping on the token. I’d also need to account for CSRF and XSS vulnerabilities, but thankfully django comes with solutions to both.
Would this method be a bad idea and considered bad practice?
My rationale for considering this is that it would reduce greatly the overhead of my server if I could cut out the intermediate step of rendering the JSON response in the page template before it’s sent to the user’s browser.
I think what I’m describing is addressed here, albeit with different frameworks.
If anyone else reads this and thinks of a problem with what I’m proposing please let me know.