I've built a CRM webapp with Django for a specific lead heavy industry. It's working for both gmail and outlook users. Through MsGraph and Google API, the user is able to give authorization via Oath2 to the app to access their inboxes. The app then grabs and parses emails from various sources.
Each lead source always sends the lead emails with same subject. This makes the lead emails easy to identify from the users inbox. Unfortunately, the subject of EVERY email that comes in has to be searched to find the desired lead emails. Unfortunately, Identifying by sender isn't an option, and wouldn't change the issue. Each email would still have to be searched.
I have a couple of colleagues beta testing right now.
As I think about taking on new users that may be outside of my colleagues, I am starting to think the webapps unrestricted access to a user's inbox via the available scopes isn't the best approach for trying to attract new users. I would be suspicious of any 3rd party program wanting to access all of my emails, even if just searching for specific emails.
I use Google's watch() and MsGraphs subscriptions to do this while the user is offline. It doesn't appear that Google or Microsoft allow for any kind of message change filter based on what's in the subject line.
Are there any methods that I have not been able to find in either Google API or MsGraph documentation that would limit access to only the emails that meet the subject search criteria?
Would this even pass either of their security checks to get 'Published Status.'
Reading through the Google docs, it looks like you can set authorization scopes that limit access to just labels and basic settings. This should allow you to filter messages by subject and apply labels to those filters.
Of course, the subject filtering doesn't have anything to do with authorization. But fine tuning the authorization is better than allowing write access to an entire mailbox.
I would say in general, the more open the permissions are, the less likely you are to get approved. Google wants you to only have access to what you need to achieve the product's purpose, nothing more.
https://developers.google.com/gmail/api/auth/scopes
There definitely isn't a way to set custom permissions based on subject. In fact, I don't know many APIs in general that allow you to define custom permissions that granularly.
That said, it doesn't seem like you even need read access to message headers, let alone message body content, to achieve what you want to do in Gmail.
I assume Microsoft has similar scoping, but I'm not sure.
Related
I have a FB page that is a member of about 10 groups (all related to the same topic), and sometimes when I post I share the post to these groups.
Since it's so tedious to manually share the post to each group, I thought maybe using the API could be a better way to share my post into these specific groups my page is a member of. But FB seems to require that I enter some business details for a business that doesn't exist.
I don't own a business, this is a page to share educational tips and such. So I created an app (kept it in dev mode) and I'm the only administrator. I don't plan to make my app public, create an interface or have anyone else use it, and I don't intend to use it with any pages other than mine. Plus, I've already provided my personal ID so I am verified as an individual:
But still, if I want to get manage_pages permission I'm required to go through some business verification and show FB how I'll use the API in a video, when I don't have any of this. In the verification page I'm requested to upload an icon, a privacy policy link and confirm commercial use:
Should I just make up some fake business information so I can give them what they want? Is there not a way to use the API for personal use?
I'd be happy with just being able to send a couple cURLs to share my post through a terminal instead of having to do it via the FB GUI.
The only requirement to complete review by business verification is to manage more than 3 pages per user, otherwise you can complete via individual verification. However you say pages and groups so it's not clear if you refer to publishing to a page feed or to a group (which requires additional permissions/features besides only manage_pages). And no, you shouldn't fake official documents just to complete business verification if you don't have a business...
I would like to access other users public data to show in my website when they configure the page by their username/id.
It means I will create an app on FB/Instagram side and with the help of this app's access token I would like to fetch public data of other user.
Is this scenario valid now? Earlier it was possible but I am not sure now with changes in policies. Even the documents are not clear enough which can say it's possible or not?
Has anyone tried this out recently?
Users: Only data of users who specifically authorized your App is available, depending on the authorized permissions. It does not matter if data of user profiles is public or not, you have to get permission from each user separately.
Pages: If you want to get data of pages you don´t own, you have to go through a review process with your App to get access to "Page Public Content": https://developers.facebook.com/docs/apps/review/feature/#reference-PAGES_ACCESS
That´s for Facebook, about Instagram you can just hit the docs (as well): https://developers.facebook.com/docs/instagram-api/business-discovery
My number one recommendation, in this case, is Facebook API or Instagram API from Data365. I may be considered biased since it is the tool I work for, but it is really a reliable tool you can get public profile data by users ID or username.
Of course, you can use the official Facebook/Instagram APIs for searching all public objects (post, user, page, event, group, place, check-in). But note, the official API has a number of restrictions. Andyrandy has already described them in his answer. Compared with official APIs, we do not have such restrictions.
Besides, our APIs provide such unique features as gender and age recognition (via face photos) along with identification of post reactions that give a competitive advantage in obtained analytics. Data365 APIs also enable developers to create monitoring tasks for a one-time or auto data update. And above all, we do not break the law but only provide web scraping within the legal framework.
I have two applications which have a different server and using one authorize.net account. I have to put two silent URL in the one authorize.net account. how can i do it ?
You can't have more than one Silent Post URL. In fact, you probably shouldn't be using the same Authorize.Net and merchant account for different sites, but that's on you if you get caught.
You will need to make your Silent Post code smart enough to know which site the payment applies to and then act accordingly. This would probably mean utilizing the description field in the transaction to identify which site it came from. Then your code and use that to determine the originating site and perform whatever actions are necessary.
You also may want to look into Webhooks which offers more flexibility than Silent Post although it is more complicated to implement.
first time on stackoverflow. Was wondering about this problem I am having as mentioned in the title, my application cannot retrieve any data via the API for any profiles that are non-related in anyway (no mutual friends either). Is this a known thing due to privacy settings or permissions?
Thanks!
This is the rules you have to know, for example 100007110730790 is a non-friend id:
Rule 1. If the user turn platform Off:
Facebook API wouldn't work at all:
Rule 2. If the platform is ON and user 100007110730790 does not provide user_status permission for your app, you can get the feed with have tagged with you:
Updates:
if you are using your apps(not graph API explorer default app, this app wouldn't include activity feed!), you can also get public activity feed(add life event, change language, so on, even though he/she doesn't use the app at all!):
Update 10 jan 2014:
shared_story is included on this rule.
Rule 3. If the platform is ON and user 100007110730790 does provide user_status permission for your app, you can get the status feed even though non-friend!:
And using FQL:
So, for albums/photos is the same, the non friend need to grant user_photos permission to the same APP.
Yes, I guess. In any ways you shouldn't be able to retrieve something that is not normally visible to you. Looking aroudn Stackoverflow there are multiple threads with similar queries, so it seems like a known limitation.
We are considering running a contest/drawing for users who check-in to our client's business. The Checkin Deals (PDF) feature looks really cool but it doesn't seem like you can programmatically access data on users who have checked in for a deal.
You can however get access to Checkins in general, using the Graph API. So I guess I just want to confirm that it would be possible for us to run a drawing/contest for users who check in to a place, before talking about it with our client.
Thanks!
You can't get information about who checked into a deal or checked into a place. The only information like this available via the Graph API is places an individual user has checked in, if they granted your application access to read that. It's similar to how Facebook doesn't provide who likes a page via the API, mainly due to privacy.