Currently sending emails with Django, and was wondering if there was any way to periodically check my inbox with Django (or ideally somehow alert the server upon receipt of a new email), and have Django extract the message and save it in the database.
You could use an email service such as SendMail or Mandrill (latter definitely has free accounts, former may have).
Each of these services provide inbound email support via webhooks. You provide them an endpoint to hit (make sure to use HTTPS) and when they receive an email to an address you have registered they will send the data via HTTP POST to you.
It is then just a simple case of storing this data to the database. There are a number of 3rd party packages that can help you with this:
http://djrill.readthedocs.org/en/v1.4/usage/webhooks/
https://github.com/yunojuno/django-inbound-email
https://github.com/jpadilla/mandrill-inbound-python
https://github.com/michaelhelmick/python-mailsnake
Although it's rather simple to roll your own should need be.
Related
I'm currently trying to make an account signup page for a small project I'm working on and I don't know how to send data back to the server (I'm using the Flask framework) without also allowing everyone to send data. Let's say that I've set up an API endpoint on /createAccount. I can then send POST requests to that endpoint: {"username": "test", "password": "test"}. The web server will then handle that request by inserting that data into a database and responding with 201. The problem is, anybody would be able to send these requests, and I only want users to be able to register through the login page, and not by making an API call. Is there any way of doing this?
Edit: I've given this problem a bit more thought and I think that the only API that is difficult to secure is the signup API. When a user has created an account, I can just assign them an API key, which they will send to the API every time they want to make a request, which means that an account is required to make API calls. If a certain key is making too many requests, they can be rate limited or temporarily banned from making further requests. The problem with the signup API however, is that there is no information by witch a request sender could be identified. I could use the IP address, but that can be changed and wouldn't really help if multiple IPs are spamming the API at the same time. Is there a way I can identify non-registered users?
Short answer: no.
You have to check data to make sure the account being created is something legit and not trash data to fill your database or any other malicious intents.
This is the reason you usually have to confirm an account clicking on a confirmation link sent to your mail: this way the app is sure that your account is legit.
You could also check info on the front end, but that is never as secure as back end checking, because of your concern in the question: in the end, anyone who gets to know your endpoints could potentially send direct requests to your server with whatever data they wanted.
Assuming you have a trusted source of registrations, an if that source can make an ssh connection to the server where your Flask app is running, an alternative to trying to lock down a registration API is to provide a command line script to do the registration.
The trusted source does something like
ssh someuser#youripaddress /path/to/register.py "username" "password" "other info"
If you use a Flask custom command you can share model definitions db configuration.
I am working on django and sending emails to multiple users at once. in the given scenario it only tells me that if it has sent or not.
I want to display the report of same page that how many emails has sent to user successfully and how many not. more if i want to get details why email has failed to sent.
How would i do such things via SENDGRID APIs.
There are two options that I know of:
Connect to SendGrid Event Webhooks and start parsing events for every email to flag ones that were not sent. I believe you can configure SendGrid to only send certain events, so if you're interested in bounces you don't need to worry about handling all events.
The second option is to use a service like sendwithus which will connect to your SendGrid account on your behalf and track all bounces/opens/clicks for you and provide a simpler API/UI to view the data. I believe they do this via SendGrid's webhooks, so it's effectively the same solution but written for you.
Happy to elaborate on either, I've used both before.
My company is working with the amazon MWS api, and we are receiving a lot of messages from the customers about their orders.
Is there any way to get these messages using the web services and reply to them?
As #joshubrown pointed out correctly, there currently is no API to get customer messages or send replies. You can, however set up a separate mail account for that purpose, which (depending on your own server architecture) gives you a whole set of protocols like POP3, IMAP, SMTP or even MAPI. Regular emails sent to the "scrambled" customer email addresses will be relayed to the consumer and will shown up as replies in your Seller Central.
No, there isn't a public API for that.
How I was planning to do this (in the absence of an API) was to set up the email account (that would receive the emails from customers) such that it pipes the email content into a script. The script would then write the content to the database (or do whatever you want with it).
I'm using qmail for mail, and if you edit the .qmail file within an email account's folder you can set where to pipe the email content eg
| php /pathtoscript/emailHandlingScript.php
Other email systems will have a different syntax for this.
Then in your PHP code (if you're using PHP), you can grab the content from the stdin stream:
$fh = fopen('php://stdin')
I'll probably use PHP's mailparse functions (eg mailparse_msg_parse_file, mailparse_msg_get_part etc) to properly extract the data from the stream.
As #Hazzit points out, when you reply to the anonymised email address (eg qwugwquigduwqgiqwdgiuwqdg#amazon.co.uk), Amazon will pass it on to the customer.
I created users on my account, redirected mails and made a script to read and reply.
I'm currently designing a solution with this pretty standard pattern:
1 web-app using Django (it hosts the one and only DB)
1 client mobile app using AngularJS
This client app uses a REST API (implemented on the Django Server with Tastypie) to get and set data.
As a beginner in these architectures, I'm just asking myself where the logic should go and I'd like to use a simple example case to answer my concerns:
On the mobile client App, a client is asked to subscribe by entering only an email address in a form.
a) If the address is unused, inscription is done (stuff is written on the DB).
b) If the address is used, an error is raised, and the user is asked to try again.
What is the workflow to perform these simple operations?
I'm asking for example how to compare the entered e-mail address in the mobile app with the existing e-mail adresses in my DB:
Should I GET the list of all email adresses from the server, then perform the logic in my client app to state if the entered address already exists ? This seems really a bad way to do because getting lots of elements isn't performant with web services, and client should not be able to see all email adresses.
Should I send the entered e-mail address to the server and let it make the comparison? But if yes, how am I supposed to send the data? As far as I know, PUT/POST are made to write in the DB, not to just send data to server to analyse it and proceed some logic.
I have the feeling I am clearly missing something here...
Thanks a lot for help.
PUT and POST are designed to be used to create and update resources. The server may or may not have a database behind it. It might use a local filesystem, or it might handle anything in memory. It's none of the client's business. It is certainly common to have business logic on most servers which provide APIs.
Use PUT/POST to send up the email address to the server. The server checks to see if the email address is (a) valid, and (b) allowed. If it fails either check, return a relevant response to the client as documented in the RFC. I would go with 403 Forbidden, which indicates a problem with the data being sent up to the server. Use the entity in the response to detail what the problem was with the request.
I had done similar thing in a angular web app,
I have disabled the submit button, and added a check availability button beside the email field.
I have send the email to server and checked if it already exist and got the result to client,
then asked the user to enter an alternate email if not valid or enable the form's submit button
Alternatively
when the user leaves the email field, You can send the email to a service that validates the email, and get the response, and show a message that this email already exist and disable the submit, or enable the submit button otherwise
I have a Slicehost slice running django through nginx and apache. This is for a project in which email marketing is a key component. We will need to be able to send up to 10,000 emails in a day from this Django app. We need to recieve email as well, however, that can simply be a forwarder.
What would be your recommended solution? would you setup a postfix mail server on the slice or try to use some 3rd party mail service with an API like MailChimp or constant contact?
Sending thousands of emails from your own machine in a reliable way is very hard.
I would recommend you to use SendGrid. You can use them as a smtp server, so there's no need to code against APIs. They can also receive email and POST the data to a URL on your server.