Does the docusign base uri change for a specific user? Can I fetch it just once in my application and use it for all subsequent docusign API calls? Also can we use same access token for multiple API calls until it expires after an hour?
Base URIs may change when calling different accounts. All users on the same account will have the same base URI, but keep in mind that some users are members of multiple accounts.
In practice, yes, you can fetch the base URI once and use it for all subsequent API calls against the same account.
Yes, tokens generated through the JWT Grant workflow last for an hour and should be reused whenever possible. As a best practice, consider requesting a token at around 50 minutes into the hour so that you have a brief window of overlap to ensure a smooth transition.
Related
My users using AAM API endpoint for a third-party service that requires a webhook - and I need to show usage of this endpoint in User Reports
Third-party API does not support headers and I can't pass Ocp-Apim-Subscription-Key user subscription key to it, and the request will be called anonymously.
As far as I understand that will not allow counting that request in User Reports.
But I can use a token URI parameter to manually get subscription-id and keys for it, with send-request policy.
If I do this is there a way to add the Ocp-Apim-Subscription-Key header to (running?) request in order to perform it on behalf of user subscription?
So far, I can only think about wrapping the required request in another AAM request which will use send-request and set-header policies like that
> POST /endpoint/telegram/public/token123
>> <send-request>GET /token123/keys/primary</send-request>
> POST /endpoint/telegram/token123 +H 'Ocp-Apim-Subscription-Key:key123'
I returned to this question after a couple of days and feel extremely embarrassing now.
To perform a request on behalf of the User I can use the API key in the query instead of the header, there are literally separate setting for that
That solves everything.
You may try to integrate with Application insight to monitor details : How to integrate Azure API Management with Azure Application Insights
Also, you can leverage the metrices to analyze the request pattern.
Based on any condition you may create alert to notify you as well : https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-use-azure-monitor
I'm developing a system to get buyers data from a sales website and send it to the business' CRM as a contact, all through REST API using 0Auth 2.0 on both sides. So far so good, but the thing is multiple businesses could be using the server at the same time, so I would need to handle multiple access tokens.
I thought of maybe storing the access tokens, with the user id and the refresh tokens on an external database but I don't know how secure and efficient that would be, since it would need to query the user id every time it needs to get access to either API.
Is there a way to actually handle this in a more elegant way?
Is OAuth API call counted as API request? As you know, the number of API request call is limited to 1,000/account/hour. My customer would like to know whether OAuth API call is included into its limit or not. I coudn't find out any information regarding this topic.
Their developing application now can't keep holding access token after an envelope process is completed. It will be fixed later but at present, OAuth API call happens whenever end-user sends an envelope through their application.
Therefore, they want to confirm this point.
I don't know offhand if OAuth API calls count against the limit. If they don't currently then they will in the future.
All software stacks for web apps include a session storage feature which should be used to store the access token returned from the OAuth process.
In addition, note that your understanding of the API usage limits is not correct. The limit is 1,000 API calls per Integration Key per account per user per hour.
For example, if Joe and Susan are using the same Integration Key (same application) and they both use the same account on DocuSign then each of them can make 1,000 API calls per hour.
As I understand it, Instagram may expire our access tokens after an arbitrary period of time, in which case 'API responses will contain an “error_type=OAuthAccessTokenError”'.
Is the only way around this to get users to log in again?
I'm building an Instagram service which helps brands manage their following, and every day at a set time we request for their pictures and comments to run data analysis on engagement rates. Does that mean that we might arbitrarily lose access at any time and not be able to restart our service to our clients till they log in to authenticate again manually?
Any help with renewing Access Tokens would be appreciated!
You should verify if the initial grant included a refresh token in the authentication response. If not you may need to reauthenticate after expiration I think.
How to increase following limit per hour on Instagram? is there any other ways to increase following peoples more than its limit.
Can we increase by using multiple application?
If you ask your users to log into their Instagram account, and authorize your app, then you can make 5000 requests per hour per user:
http://instagram.com/developer/limits/
If you just use your key, you are limited to 5000 requests per hour, no matter how many users you have.
But I'm worried, what if this token expires?
AFAIK, Instagram accesstokens don't expire currently.
Note: From Instagram documents.
Note that we do not include an expiry time. Our access_tokens have no explicit expiry, though your app should handle the case that either the user revokes access or we expire the token after some period of time. In this case, your response’s meta will contain an “error_type=OAuthAccessTokenError”. In other words: do do not assume your access_token is valid forever.
Should I authorize the app each time the token expires?
At the moment, you do not need to do that, as token does not expire. As and when the token expires in future, a corresponding warning or error code and message will be sent to you, which you need to handle.
what can I do to have my app always pulling data from account without
my participation?
You can try following:
Use sharedpreference to store the accesstoken.
First time when you try to fetch data that needs accesstoken(Authenticated requests), first check in the sharedpreference whether the accesstoken is stored or not.
if yes then you don't need to login, just use that accesstoken. If you don't have the accesstoken in preference then do the login using instagram credentials, get the accesstoken and then share it in shared preference and use that for subsequent requests.
You can provide instagram logout option in which you just need to clear the accesstoken from sharedprefernce.
Hope this is helpful to you.