So I'm using the same authorize.net account for 2 websites. Is there a way to flag where the source comes from to keep them seperated?
Yes!
You may use the customer id, invoice number, or description to add the name of the source web site.
You may also want to look into the x_customer_ip field and set this to the web site ip address.
Hope this helps.
Related
I want to publish my app but Google is telling me that the app name is against theirs Data Policy.
Based on the information you sent us, it looks like your project my-app-name doesn't show its identity to Google users when asking to access Google user data.
Specifically, there's a problem with your project's app name. This violates Google API Services: User Data Policy.
My name in Oauth contain word "YouTube"/ the project is related to YouTube.
So this is the problem? I can't use the word in my app name? So can I use something like u2b? What kind of names are allowed?
I can't find it in the TOS/data privacy.
Thanks!
my-app-name is not a valid name for your application.
You application name should clearly identifie your brand name as the company who created the application.
I would almost expect it to for example contain your domain name.
My could mean anyone again it needs to clearly identify your company or brand.
so no you can't name your app my-app-name and have it verified.
You also can't use any registered trademark names in your name unless you own the trademark
Stay away from anything remotely resembling a google product or potential google product
I'm developing a webapp(Django) that let users have an eshop just with a few clicks. I serve the shops under https://shopname.mydomain.es but then I give them the option to use a domain if they want.
For example one of my users (user1) buys "happyuser.com" in a domain provider of his choice. Then I tell them to modify their DNS to point to my server. So far so good, everything works perfectly, I use Nginx to allow access from the connected domains and everything works correctly.
Here comes my doubt. I use a middleware to detect the host, in this case "happyuser.com", I check a table in which I have the relation between user and domain name.
class UserDomain(models.Model):
user = ForeingKey(...)
domain = UrlField(...)
Then I tell Django to serve the correct shop. But what happens if another user (user2) also saves the domain "happyuser.com", how can I know which user shop should I load?. I know is unlikely that this happens, but is there a way to prevent this problem?
You need some form of activation process for the domain before you officially associate it with that user account. For example:
Ask the user to store a particular value (generated randomly for that user) in a DNS TXT record, or set a particular random CNAME subdomain (e.g. ijiqjwv87123rbbv8123.happyuser.com) to point to your domain. Then query that DNS record and see if it's as expected.
Ask the user to set up the DNS records as necessary to point to your server, then make an HTTP request to that custom domain and a specific path (e.g. happyuser.com/check) and expect to receive some specific token from your own server.
Both ways prove that the user has deliberately configured the domain, over which they apparently have control, according to instructions you gave only to them, proving that they must be the owner of the domain for all intents and purposes.
I think you're right, it's a very unlikely issue. There is not much point spending a lot of time on it. Ensure that table with customer domains have unique index on that column, stops the issue form happening and takes few moments to implement.
I read that the Admin SDK works for Google Apps resellers, but I'm having one specific problem.
I want to use the following request to get the number of user licenses in use on one of my customer's domains.
https://www.googleapis.com/admin/reports/v1/usage/dates/%s?parameters=accounts:num_users
But there's no way that I can find to specify the customer's domain name that I want to get the usage report for. Tried a few different ways.
There must be a way that is hiding from me because this was possible with the old deprecated API.
Thanks.
Using the Reports API for this is not advisable because it can be delayed by 48+ hours. It's also not possible for reseller users to run reports for customers at this time. Rather, you should use the Google Apps Reseller API to list subscription counts that should be fully up to date.
Looks like this API here will do the trick:
https://developers.google.com/admin-sdk/admin-settings/#retrieving_the_current_number_of_users_in_a_domain
I have a page where user is asked only for the payment amount, then user will be redirected to another website where the payment will be processed, I want the amount to be set on the redirected page without using querystring,cokkie, etc..
I tried to use web service but here is my challange:
user enters amount on the website.
webservice is called and set the amount to ex:400$
then user is redirected without any query string to another website.
Now:
how this payment website will know that this user is the user entered 400$ on the redirecting page?
I can count on approaches more secure than this also.
thanks
I have made some research on net and asked my experienced friends, the answer is "impossible" this way.
Because redirected website somehow identify that user and there is no solution without querystrings or browser related components,
Here is my friend's advice and i am little bit satisfied, not totally :)
He calls this approach as ticketing,
First create a datetime.now integer, with that number add id and amount of money to be processed.
Then make a complex function to encrypt data. take square of every odd digit then divide to 7 etc.
then on the other website, decrypt data and check datetime if its within 5 minutes for example,
the link is valid.
You have to pass the data to the other website somehow.
Cookies wouldn't work due to domain restrictions.
Query string or form posts could work, but you don't want to use query strings.
Alternatively, if both sites share infrastructure, you could use that to share information - for example if they both have access to the same database, you could use that to share data (though you would still need to identify the specific user to both sites).
The way the service would have to work is to give back some token, probably a GUID, that the site will then look for in the querystring of an HTTP request, to identify the owner of that pre-populated data. You then tack that token onto your redirect, and the client makes a request that causes the payment site to go pull the pre-loaded data for that client.
You still have to use a query string, but now, the query string doesn't contain any human-consumable information; they can't identify their $400 amount in the query string and change it to a different amount of money. If they change the GUID at all, the request will most likely fail as that GUID won't exist in whatever datastore of pre-populated data exists behind the payment site.
Contact the website/web service/gateway. They will provide you the API which will define parameters and methods to accept payment amount. If you are the author of such service, provide mechanism to accept such parameters from your caller application. Communication should be secure, using SSL.
For example for payment gateway Paypal, check this for ideas:
Use of the PayPal payment system in ASP.NET
Have a look on wikipedia.
Shortly the answer is impossible this way, because somehow the redirect website should identify the user, all the ways are browser related or ip ( which can cause many issues later)
I was wondering if anyone has any links to on how to implement Akamai's Edgescape solution to get the zip code? I tried scouring the web for some sort of documentation from Akamai, but couldn't find any docs online, thought I would ask here first before contacting them.
If you have an Akamai account and have access to the control panel (https://control.akamai.com/), here is a document where you will find the information you need : https://control.akamai.com/dl/customers/ESCAPE/EdgeScape_users_guide.pdf
This sounds like an apples and oranges question. If you're using a CDN, by design, a percentage of requests that would normally be directed at your web server will be offloaded by the CDN. Of the total number of requests, those that make it through can be configured to provide the "True IP" of the client if you prefer.
As of 04/12 this is configured by adding the optional "Edge Services General" feature to your config, then enabling the "True Client IP Header".
As a bonus feature, if you're a Rails shop I'd suggest changing the name of the header to "Client-IP". If you do so, Rails will automatically use this header to determine the real ip for the user. This works as of 3.2.x, as documented here in ActionDispatch:: RemoteIp
Note: Rails appends the HTTP_ to the header :)