I'm developing a mobile application that presents users with information about nearby places (combining my own information with Google Places data), but Google Places seems to have blocked my application.
Is what I'm doing out of the TOS, and if not, is there a way to whitelist my server application?
The current flow is
User on mobile app requests nearby places on their device
GPS coordinates are sent to Server (Django backend)
Server builds the Google Places request with GPS Coordinates, makes the request and then combines the returned Google Places JSON with my own data
Server returns the combined data to the User
Everything worked perfectly until out of nowhere, it seems that Google Places has blocked my application. I'm well within the request limit and have properly attributed Google within my mobile app. Requests with my API Key work as long as they don't come from my server application.
I've read the Terms of Service and don't believe I've done anything out of scope. Is there a way to whitelist my server/IP? Or a better approach to this problem?
Related
We r finally taking a leap into writing a mobile application for some of our platforms core functionality.
After spending some time - narrowed down that it is a HTML 5 application, CSS and Apache Phone gap to support different platforms mainly IOS and Android
We are writing WCF based REST services and have a question about securing the web service calls - specially ones for new user creation and login.
How can we ensure that the web service call to create a new user account or subsequently to log into the app is genuinely originating from a mobile device and not via a brute attack or someone trying to execute a service if they do discover the URL? Is there some kind of device identifier that we can depend on as part of the request (or something we embed into the app) etc or are there other more reliable techniques.
Any help would be appreciated.
Regards
Sid
Good question: I use the device plugin to get the device uuid and then hash it with the user email and the timestamp of the registration to create a key. One way hashing is your friend in this scenario. Keep all of your communication on https secure socket layer and create keys based on the UUID and you should be able to solve this problem.
I'm currently building an oAuth2 server so that external clients/devices can access data from my service without having to send over user credentials with every request. I've finally grasped how oAuth works after spending an entire day reading numerous tutorials and online documentation, however, there's still one thing that I'm rather unsure of...
When sending a request for an authorization code to an oAuth server, how should I deal with a callback to mobile devices and devices that aren't a webserver?
E.g. this request to my oAuth server will send an authorization code as a callback to a specified webserver (http://client-url.com in this case)
http://mydomainname/oauth2/?client_id=test&grant_type=authorization_code&client_details=test&redirect_uri=http://client-url.com&response_type=code
The server at http://client-url.com will receive a response containing an authorization code and the developer will be able to store a user's oAuth credentials accordingly.
Obviously a mobile device isn't a webserver, so is there a standardised way of dealing with this? I've read online that you can define something called a custom URI scheme within iOS and Android apps. But what about the other mobile platforms out there? And desktop apps? I want my API to be accessible from as many platforms and devices as possible.
The reason why I'm asking this question is because I want to add validation to my oAuth server so that users can only register apps with valid callback URL's. I wasn't sure if should allow any other type of input as a callback apart from a valid URL.
Can anyone shine any light on this? I want to avoid spending hours validating and testing this across all devices as I'm sure anyone that has developed for multiple mobile platforms in the past must have some knowledge about this.
Thanks in advance.
With very little experience designing mobile or web based systems, I really have no idea idea what sort of methods are generally used for exchanging information from an application on a phone with a web service on a server. In my scenario, the app is on Blackberry 10, and I think the web service will be run on Heroku.
I want to periodically exchange small amount of information between client apps and the server's web service. I have tried searching for how this might be done, but I have had no success in finding anything helpful. Any sort of information on how I can or should do this would be appreciated.
To clarify a little: I am particularly interested in how small amount of data are typically stored for transfer, and then what mechanisms are generally used for actually sending and receiving the information.
Typically, this is handled via HTTP calls through the mobile device's SDK. I have no idea what the objects are on blackberry, but the typical workflow looks like this:
Write a web service that does something (e.g. calculation, retrieve data, store data).
Publish web service to a web server. This web service has a URL. If you are following RESTful approaches to web services, there would be unique URLs for resources available through the web. Each function that the web service performs uses one of the common HTTP verbs, e.g. GET and POST. You use "GET" to retrieve data from the web via the URL. You use "POST" when you also want to send data to the web.
From the client SDK (e.g. iOS, Android, Windows Mobile, Blackberry), build an HTTP request through the standard objects that are components of the SDK. Sometimes there are open-source libraries that provide wrapper classes that make this process easier. This HTTP request should either just use the URL (in the event you want to make a GET request), or you should build the request via the "body" of the request with the data that you want to send to the server, in the event of a POST request.
Both types of requests typically produce a response from the server, which you then handle and parse using objects and events that are typically components of the SDK.
You then do whatever you want with the parsed response in the context of the client.
Although the specifics of the implementation of this pattern can vary, the pattern is pretty consistent across all the major platforms; it's really the only way to do it.
Lets have an example scenario:
Client opens a web site and finds the sum of two numbers which he enters from the textboxes.Then clicks on the ADD button.Two parameters are HTTP GET'ed to server where PHP code is written to add the numbers and result is echo'ed.
Based on this scenario could anybody explain the difference between Web services and application?
In your case if you have User Interface for providing two numbers and then getting the result, it should be called a web application. But if you have an API exposed to receive two numbers and return result over http , then it should be called a web service.
At low level, both Web application and web service are kind of same thing. But the main point is that web services are for machine/program to machine/program communication whereas Web application is for Users.
I'd say that web applications are intended for users and web services are intended for other applications. That's the most important difference. Web applications usually present data in HTML which looks nice to the user and web services usually present data in XML which easy to parse by other applications.
A person drives a car. That car could be powered by an internal combustion engine, electric motor, or nuclear reactor. The power source doesn't matter to the driver though, as all they need to see are the controls and the road ahead.
The application is the car. Web services are the nuclear reactor.
To add 2 no.s we write a web service, to subtract we write a diffrent web service, however calculator is an web application that uses add,subtract and many other webservices in combine.
Lets take an example of Google search.
We can use Google search in two ways. First, we can visit http://www.google.com and put out query for search. Google the returns the result. Second, we can integrate Google Search in our websites with custom search API.
In first case Google Search is acting as web application while in second example it is acting as web service.
Here we can point out few differences,
User interacts with web application while machine interacts with web service.
To access web application, one must visit application. While web service can be access from anywhere (from any application which integrated it). We don't need to visit the service explicitly.
A webservice is equivalent to a method in java that has a web wrapper around it. It lives on the server and it can be sent data / queried etc. and may or may not return a result. It does not have any front end it can only be accessed via http get, put, delete etc.
A web Application is a fully functional piece of software that lives on a sever that is designed to help people achieve a task. This would have a front end that would allow users to interact with it / enter data etc.
A web application could use multiple webservices to achieve its goal / end result
There is little difference between web application and web services.
Web Application: In web application when user request any data then the server embeds the response into some HTML and forward it to the user and on browser the HTML is rendered.
While in web services it's done differently that when some user requests for some data then the server returns it a json or XML array of objects and the data can be displayed by anyway the web designers wants.
Thanks Hope it resolves the matter.
Web service is for application consumption , invoked through web application
To communicate with webservice data should be sent as SOAP message or as REST i.e XML over HTTP
Most of the times web service is not part of application because to facilitate the use by other web applications and it is not for direct consumption to end users
Web application is for human consumption invoked directly by GUI which may or may not use web service for giving response
Can anybody explain exactly how a web beacon works? I know they're generally used by advertising platforms but i can't really find a good explanation on how they're working.
I know that cookies aren't accessible cross-domain. A web beacon is an image that sends a request to the server, and the server adds a cookie to the response, right? So how can it be accessed on different domains?
Thanks!
When an HTML page is downloaded the browser parses the page and looks for additional resources needed to display the page, such as images. For each image it finds the browser makes another request to a server in the background. When servers receive requests, they usually log the request to monitor load on the server, and record information about who sent the request and where it came from. A web beacon is a tiny invisible graphic that generates a request to the tracking firm's server. They record the request in their logs and then analyze their logs to see who went where and did what and when.
When returning the image from their servers to the browser, they can also send down information to be added to a cookie. There are third-party cookies that can be tracked across domains. If you come back to the site, and the beacon request is made again, that cookie will also be sent up in the request to the server and the tracking firm will have more information about you.
Think about this. Even though you are visiting myfavoritesite.com the web beacon image is being requested from trackers.com. The cookie they create is assigned/locked to their domain, trackers.com. But if you then surf over to myotherfavoritesite.com, and they too are sending web beacons to trackers.com, the cookie will essentially be shared between the two sites. There are more considerations here, but that is the basic premise.
Bug bug (also known as Web beacon) is very important tools commonly used by online advertiser as marketing or advertisement analysis tool for tracking and monitoring the activity of users on a website or marketing content i.e: blog or email. An expert advertiser inserts web bug in his content (usually on website and email) in order track how many people opened a particular content, on which application and country his content is being viewed. So, whenever advertisement display by third-party just know that you are being tracked for marketing analysis purpose.
Bug bug tools are provided freely or premium mostly by CRM service providers like Hubspot CRM, Freshsales CRM, Salesforce CRM, etc. However, a Web bug PHP code can also be used for this if tracking service by CRM provider is not available. Continue reading
And instead of going off and creating one using Php and Apache redirects, my vote is that you go to http://webbeak.com and create one, use it, and track it. No cost either.