Is there any way to add Venue/Tip to Foursquare without creating appID in developer.foursquare.com?
I need to confirm whether is there any provision for sharing content to foursquare by using a public url like Facebook share.php.
Basically you will need an app-id or authed user, due to the fact that every tip is from a user or linked to.
But they make exceptions when it comes to adding venues.
At least you will need an app-id for that.
Adding Venues Without Authenticating Users First
This endpoint generally requires you to authenticate Foursquare users
before you can add venues on their behalf. In some cases, we’ll make
exceptions and allow applications to create new venues without
authenticating any users. If you’re interested in this feature, please
contact api#foursquare.com.
https://developer.foursquare.com/docs/venues/add
Related
I am creating a flask app to be used internally in my company. I would like to restrict what a user can do it based on its login ID. I read a lot about using LDAP3 but I don't think I can do what want which send the login ID to the server. There I would have a table which will register which part of the system has the permition to edit. If it try to change somenthing not permited the app will retrieve a warning message.
I won't to do that to avoid having to create a separate login functionality just for this app. I read that I should use AD authentication but I am not very familiarized with that and I would also like to avoid having to ask our IT department to create user groups there for each part of my system.
I know that I can do that using ASP .NET (at least I did once).
Any guidance will be apreciated.
I think you are looking for Role-based Authorization.
In order to use this functionality you will need to implement roles on your model file per the Data-models documentation.
This will allow you to assign users a role when they are created, and you can use a decorator on your routes to 'require' the user to have the role you want them to have before they access the endpoint.
I'm trying to create an App which has a log in page where user should be authenticated using azure AD. Basically the App has a log in form where user puts his id and password from ad and django should check with ad and allow him in or not. Later on ofc would like to add permission depending on AD group.
So far I searched a lot on the internet and found nothing. Could you guys help with some example or link to documentation what I could use.
First of all, I'd like to suggest that you don't do that.
What you are asking for is ROPC flow: https://joonasw.net/view/ropc-grant-flow-in-azure-ad.
Usage of this flow is not recommended unless this is for migrating a legacy application (which is the original purpose of ROPC).
It also won't work if the user has MFA, an expired password etc.
There is usually no reason why you'd want to handle user passwords when using a federated identity provider.
I have an application allowing users to sign in using their Facebook and Twitter accounts. I only need a very basic information like their email address and full name. Everything works fine and as planned.
Accounts.ui.config({
requestPermissions: {
facebook: ['email'],
github: ['user:email']
}
});
But, now I need to implement a feature posting to a Facebook page and Twitter on behalf of the admin users only. So, I need to get additional permissions from specific users only.
Admin users are eligible to manage our page at Facebook. The app needs to request additional permissions to be able to post to the page. I wan't to keep those basic permissions for regular users.
How can I accomplish that?
One way you can do is,
If you know that logged in user is Admin, put the re-authenticate button in user-dashboard (or somewhere which makes sense) that will do authentication user of user for whatever permissions as required by application.
This will basically do, oauth with social service like usual and upon completion you will get aceess code and against this code get the re-newed access token from social service. (This is normal , how you basically do the oauth manually) Now, use this access token to post to social services.
For this, you will need to use node modules such as for facebook -fb_graph , for twitter- twiiter
Hope this helps
So I was going through Instagram's API and I implemented it. However it isn't as useful as I thought it would be because when trying to get and OAuth2 token a user is taken to a page to authorize them in what looks to be and effort of insuring that the user realizes that they are about to view and share Instagram content with my application. This all makes sense to me although not ideal. You can find it in detail here(Step One: Direct your user to our authorization URL).
Then I saw this press release from a company called Celtra who says they can pull the the most recent images off any Instagram feed and put them in an Ad. I checked it out and somehow they are pulling the images of other companies without this authorization page I am encountering. Basically without page scrapping I don't know how to do this with Instagrams API, and I realize scraping violates Instagrams terms of service. Does anyone have this functionality, where I can pull down images from Instagram and not take a user to an authentication page working legally as I am assuming Celtra is doing? Guidance or documentation on how to achieve this would be ideal.
Instagram recently added an endpoint that will allow you to any instagram account's photos without oauth or needing access_token, you can specify client_id and make API call to get photos.
Just register for an app account at here and add the client_id to this endpoint and make call:
https://api.instagram.com/v1/users/3/media/recent/?client_id=YOUR-CLIENT_ID
You only need access_token to get users' likes, follower feed and to like/comment/follow.
update: you need to have access_token with the new API changes, cannot
access API with just client_id anymore
To do this simply, you could authenticate your app from a dummy profile or your own personal profile and then use the access_token to request the feeds of any account. Then, when an end user goes to use your product, instead of authenticating them, you can just pull content from the Instagram API using your access_token.
I am new to this but I will try my best to explain what I am trying to do.
I have a catalog of products and various private information that my users want to be able to access via their website.
For example:
User-a has an e-commerce site and they want to sell my merchandise. They will be able to access a certain products details via a web service. They will also be able to see the negotiated rate that I've given them along with some other private details.
How should the API handle authenticating the request that comes from User-a's website?
I've been reading all day about different authentication methods but they all seem to revolve around the idea of a third party accessing specific user information. An example is if you let http://randomtwitterapp.com access your twitter profile. In that case, the third party site must manage multiple different users and auth tokens. In our case, my users website is interacting on behalf of the user. I hope this makes sense.
Let's call user A "Alice" because calling her User-A is cumbersome.
Treat Alice's web site as if it were Alice herself. The special pricing and such IS specific to the web site in question, so have it log into your site. Issue credentials that the person developing that site would use to authenticate with, and then use those credentials to determine the pricing and products you show.
As for actual authentication mechanisms, it really depends on your needs. If all you need to do is serve different data to different people, you could do something as simple as an API token passed in the query string: http://api.example.com/products?key=9af4d8381781baccb0f915e554f8798d
Or if Alice already has a username and password for your site, you could have her use those in her API requests with Basic Auth.
If Alice is going to need to enter her account information on various sites that she doesn't control, then oAuth comes in very handy. With that, you can essentially give her an API key for every site she needs to access your API from. And you give her the ability to delete those API keys and deny those sites access.