I have a web app in which I need to use the google translation and language detection API. Following the docs I can consume the API using my service account. However, I have different clients (users) who use my service and each one should be billed separately, so I need a way to calculate the pricing for each user separately.
I read on other SO questions that making a service account per client is a bad idea. Also, I need a way to allow each user to enable/disable the translation feature programatically (my web app is a service on the cloud, so for example if the solution was to create a service acc/user, then I need a programmatic way to do that). Any ideas about the best available way to handle this?
Related
I was going through the amazon quicksight documentation for embedding analytics into my application. Is it really required to have more than one user/reader in your account?
Since most embedded solutions have native web app authentication, can we not authenticate logins to quicksight with just a single reader account and generate the embedding URL and insert it into the iframe in my application?
S
o, we would need only one reader for how many users login to the site. Is this right or am i grossly missing something?
Short answer: no, you wont need more than one quicksight user to serve your users.
We use one account to serve all our users embedded dashboards.
We implement our own authorization layer to determine who can see what.
Broadly speaking, you'll need to federate cognito user pools to quicksight identities.
I'd advise you to have a look at this step by step tutorial (step 6) and this aws sample repo to get a better idea of how it can be done.
I'm building a desktop client app (win/linux/mac) with a backend hosted in GCP (I'm considering other cloud platforms too). The desktop app should be minimalistic and provide access to local machine resources to the backend. And I'm looking for a way to invoke my app from the server (when some event occurs) and then the app would do some work on a local machine. Here's what I've tried so far.
Google Cloud Pub/Sub. Seems like it does what I need, but to make it work I have to create a service account, generate JSON key and store it locally, which is not good. I can restrict the service account access permissions, of course, but still it doesn't look good to me. Maybe there are other ways to auth my app running at the end user machine? I want to keep my desktop app minimal (ideally without UI, just an "agent" console process / Windows service). Maybe I could consider a login screen to connect the app with the backend, if that solves the problem, but I don't want to overcomplicate.
Google Cloud Run + SignalR / WebSockets. This solution also looks good, but it has one significant disadvantage. As long as there's at least one open WebSocket the Cloud Run instance is considered active and therefore billed. There are other difficulties related to scalability and container instances synchronization too.
What do you think about the options above, and what are the other possibilities? Am I left with REST API and polling for updates? I'm quite new to the cloud stuff so any help is appreciated. Thanks!
If you want to be able to invoke your local app from Google Cloud, you need 2 things
The first one, to register your app on Google Cloud, with, preferably, a auth mecanism (can be an API key for example). Like this, the GCP backend know where to call you app (which IP/port) and how (the auth mechanism)
The second is to have your app up and running and listen external communication. HTTP is the easiest way. Wait a HTTP call on the IP/port defined during the registration, check the auth and perform the process.
You can store the data (location and the auth) in firestore for example, and use Cloud Run to perform the HTTP call.
You can also inverse the solution and to poll (long polling or regular poll) the backend from the local app when it is running.
The 2 approach are possible, the second one slightly easier but can be challenging to manage the security.
We would like to develop an app which can be used by multiple customers (of ours). Each app will be customized to each customer of ours.
What we are unsure about is how to handle authentication keys and API keys? Do we create one set of these for each of our customers or do we just have one account and all our customers use the one set of API keys. The latter approach makes me nervous because if one customer is banned (for what ever reason) then all my customers will suffer since they all share the same API key.
Any guidance from Postmates development team would be appreciated.
Currently, we do not support provisioning multiple API keys for a single account.
I recommend having each client create an API key. This also would allow your customers to use their own payment method, versus a single payment method for every customer.
Hope this helps, let me know if you have any more questions!
I cannot found some examples how to create a single account system for all services. For example, Google and Microsoft are use these structure. I have site and some services and I need to user registers at once and can use all service and site. But I never made this earlier and don't know even how to build so services.
Now I think make an auth service with OAuth 2 support. And my services connect to this service and authenticate in it. After the connected service gets a user ID and creates a local account with more details (which needed only for this service) and global user ID. But maybe someone know another solution. Just I don't sure that is the best solution.
P.S. I don't ask for examples of code or something else. I just need to understand the principle of operation of such related services as they interact.
Some time ago I was browsing the web, when I found a service that allowed to access multiple API's using single, unified interface and single login.
I remember that I browsed the catalog of API's and check OCR services to see what features they offer.
I don't remember if it was a free service or paid one. I didn't bookmark it and now I can't find it. I have found only API's catalog on Programmable Web.
Is anyone knows the name of this service?
Well, after getting one vote down I decided to google more. No results. I reviewed bookmarks and... bingo!
It's called mashape.com and what I have had in mind was this catalogue.
Disclaimer: I have no connection to this service. I just liked the idea.
Edit:
I have just found API search:
{API}Search.
It does not allow to access mutiple API's using single credentials, but might be usefull for API's discovery.