I know Facebook has the Graph API that does this work, but now there is now a problem. To access this kind of information you should go through verification process and it is now suspended for individuals, as the say in developers site:
"Individual Verification Paused
Due to coronavirus (COVID-19), we have temporarily paused Individual Verification to focus our reviewers on efforts that help keep people informed and safe. We know this review step is important and will resume it as soon as we can"
Is there any way (not manual, but via software) to do this check without the Graph API for a public group? Also fetching the full list of the group members could be a possible solution, but I can't figure out a way to do this without their API
Related
I received an email indicating that my Google Cloud Project have been suspended because I was supposedly mining cryptocurrencies.
My project is a tool like a Calculator and that issue surely isn't possible.
What could be happen?
In order to create a function I hired a programmer on UpWork and give him access to the GCP.
Well, it seems this developer has abused our trust and did something wrong.
What can I do?
Now the project is suspended and any section I try to go in the form "Appeal" appears.
I appealed but I have to wait Google to reply.
How can I check if my project have been used for these bad usages?
I want to cut services the developer could be used or so.
Unfortunately, you must wait for Google’s reply.
AS a recommendation you could review this information to determine if it is intended, Cryptocurrency mining is often an indication of the use of fraudulent accounts and payment instruments, and requires verification in order to mine cryptocurrency in the Cloud Security Help Center.
If you believe your project has been compromised, I recommend that you secure all your instances, which may require uninstalling and then reinstalling your project, you could follow the steps.
To better protect your organization from misconfiguration and access the best of Google's threat detection, you may consider enabling Security Command Center (SCC) for your organization. To learn more about SCC visit.
I have seen some solutions for capturing client-side errors and reporting them to Stackdriver.
Does anybody know if it's possible to utilize Stackdriver in some way to collect page load timing metrics and report those? I couldn't find any example of how I might be able to do that in the documentation.
I believe a better approach is to send these information to your back end and have it forward them to stackdriver.
Otherwise, you have to either share credentials to the client to allow them to hit the stackdriver endpoint or open them as public. These are both horrible as someone could start hammering our logging and hide info/increase cost for you.
If you still want to go the "client logging directly" way, it's simply hitting the monitoring.googleapis.com endpoint with authenticated calls (here the auth is the hard part).
I'm building a website to allow people to donate to a local charity quickly and easily. The charity allows direct donations, but it's primary function is to do "per mile" style donations, but with pull ups. In that past, they have collected the pledges ("I'll pay $1 per pull up"), then manual contacted people for payment after the event. This isn't very slick and very time consuming.
What I'd like to be able to do is collect a pledge and payment information, then charge people automatically after the event. From what I've seen, I should put a hold/authorization on their account, then capture it with the appropriate amount after the event. But reauthorizing will only allow up to 115% of the original, and I can't very well just authorize a large amount and let it sit for two months before reauthorizing and capturing it.
I know this can be done, but I haven't messed with this side of things before, and the REST API from paypal doesn't have an obvious solution. Is there something I'm missing? Should I be going about this a different way?
You can use reference transactions. I would recommend sticking with the Classic API for now, though. REST isn't as mature yet and doesn't have all the same functionality quite yet.
So in the classic API you would use Express Checkout and/or Payments Pro. You can process an original authorization and then simply void it, or use the card verification process with Payments Pro.
You won't need to capture an original amount, so you won't need to worry about the 115% cap on the capture.
Instead, you'll use the DoReferenceTransaction API to process any amount you need to at any time from that user's account account.
With Express Checkout you have to be sure to include a billing agreement in the setup. This guide outlines that whole process.
With Payments Pro you just do the original card verification / auth and then pass that auth ID into the DoReferenceTransaction API.
In either case, if you're working with PHP this PayPal PHP SDK will make all of the API calls very quick and easy for you.
I have a .Net application that uses list of names/email addresses and finds there match on Facebook using the graph API. During testing, my list had 900 names...I was checking facebook matches for each name in in a loop...The process completed...After that when I opened my Facebook page...it gave me message that my account has been suspended due to suspicious activities?
What am I doing wrong here? Doesn't facebook allow to search large number requests to their server? And 900 doesn't seem to be a big number either..
per the platform policies: https://developers.facebook.com/policy/ this may be the a suspected breach of their "Principals" section.
See Policies I.5
If you exceed, or plan to exceed, any of the following thresholds
please contact us by creating confidential bug report with the
"threshold policy" tag as you may be subject to additional terms: (>5M
MAU) or (>100M API calls per day) or (>50M impressions per day).
Also IV.5
Facebook messaging (i.e., email sent to an #facebook.com address) is
designed for communication between users, and not a channel for
applications to communicate directly with users.
Then the biggie, V. Enforcement. No surprise, it's both automated and also monitored by humans. So maybe seeing 900+ requests coming from your app.
What I'd recommend doing:
Storing what you can client side (in a cache or data store) so you make fewer calls to the API.
Put logging on your API calls so you, the developer, can see exactly what is happening. You might be surprise at what you find there.
I am trying to set up a (for now) really simple web service. By simple, I mean it only has a small amount of actual work to do on the code-side. It only really has one method/function: the client sends a user login, and the service responds with an otherwise very secure detail about the user (for the purposes of this question, let's say the user's birthday).
I have a lot of questions, but for now I'm wondering:
I am considering having two versions of this method. In version one, the client can only make a generic request with no variable information. The service will respond with birthday of whoever is authenticated in the client's session. In version two, the client is allowed to query any user name (so really, anything they want) and get back either the birthday or "Nothing found", etc.
The application of offering both would be so that most developers would get the birthdate of the current user so that it can be applied to that session. To extend my example: A user logs in, the developer wants to be able to have "Happy Birthday" if it is applicable. The owners of the service/data don't want the developer's client to have any access, real or conceptual, to anything about the user, even their log in, they just want to accommodate the developer's goal, as it is really nice. The developer doesn't want to be responsible for potentially having access to anything, he just wants to be nice.
Version two is available for some user-support groups. They actually need to look up birthdates of users who call in so that they can confirm that the user's are old enough to, let's say, rent a car. They may even have to look up multiple user's to see who is most eligible out of the group to get the best deal.
So I guess the big question, finally, is whether or not these two methods can exist in the same service?
The protocol, at this point, is more likely to be SOAP-based, then RESTful, so simply having URLs that both resolve to the same service but simply offer different methods is probably not an option.
What I need, ideally, is a way to reveal operations in the WSDL based on role. Obviously the documentation given to either group would reflect only the operation appropriate for the role, but ideally the developer/client would a) not see any operations they shouldn't and b) receive the same type of response for trying to use a forbidden response as they would a non-existent one and c) most ideally, receive the former-mentioned error because for their role the operation really DOESN'T exist, not because the service took extra precaution in case the client did try (which it will, FYI, but I don't want that to be the first and only level of obfuscation).
Am I dreaming the impossible dream?
Quick Addendum
I should have been more specific about this, I realize. When I say "role-based" I am referring to service-accounts, not user-accounts. So in my hypothetical situation above, the user-service app that would all for querying any user ID would be using one service-account with the privs to do so, not checking the role of the agent logged in to the session (which would be done to get to the app, obviously, but not to the service).
Why not have two methods:
GetMyBirthday();
GetBirthday(string userName);
Any user can call the first method; only privileged users can call the second method. You use role-based authorization and reject calls to the second method from unauthorized users.
I don't see why you'd want to hide methods in the WSDL based on roles. In many cases you'll be accessing the WSDL only to build a proxy in a development environment, and won't need it at runtime.