I have a web app built on React, and backend on NestJs. I want to integrate email platforms to my app.
Let's say a user signed up in my app and then he uses other functionalities in the app.
Then he wants to receive and send emails using my app and for that, he must integrate his email account (whether Gmail, Hotmail or any other email provider) with my app.
How can I provide such functionality? and What does it call?
I have tried to research a bit on it on Google and found some options like Nylas and MailGun. But I'm not sure if they are according to my case scenario.
Any lead and suggestion is appreciated.
Thanks
You will need an IMAP client to retrieve received emails from the remote servers (of Google, Microsoft etc.) you should be able to use IMAP Simple package.
Additionally you will also need an SMTP client to send emails and for this, you would need SMTP Client.
This would require the users to disclose their SMTP/IMAP details or in some cases their actual login details which might make them uncomfortable; however this approach is universal with almost all mail service providers/servers.
Alternatively if you are just targeting Gmail you can use the Gmail API where users would grant your app the permissions to send and access their mails.
You can also use the Microsoft Graph interface to access their Mail API to both send and receive emails from Hotmail / Outlook.
Nylas absolutely fits this use case: the primary purpose is to enable developers to integrate their user's email accounts into an app. You can connect your own email account via the dashboard for testing purposes, or use the hosted auth service to automatically detect email providers and provide the appropriate login flow to connect the user email accounts. Once an account is connected, you can use the Threads and Messages endpoints to ingest email content and the Send and Outbox endpoints to send emails.
Mailgun, on the other hand, is a transactional email API service that is intended primarily for things like mass marketing emails, account management (password reset, email verification), etc. Afaik, it doesn't connect to your user's email accounts, even when it's being used to send emails from a specific user (the emails come from Mailgun's SMTP servers, not the user's provider). You can learn more about the difference between transactional email APIs (Mailgun) and contextual email APIs (Nylas) here.
Related
Here's my question. To access our app, the users must be invited.
This means, we use an admin web app to create the user account in Firebase and we send him an invite to download the app and use it.
Now the next phase, how can we send to the newly created user his credentials?
Our first idea was to use a temporary password. We could send the password by email to the user and ask him to redefine his password at his first logging.
His this a good idea? I guess it's not
Is there a better way?
Thanks for the help.
T
There is no way to prevent users from authenticating with Firebase Authentication. So instead of depending on pre-creating of the accounts, you should ensure that only authorized users have access to the data.
For example, when using the Firebase Database, you could keep a list of authorized users in the database:
/authorizedEmails
t4ncr3d3#hisdomain,com: true
puf#hisdomain,com: true
And then you'd check the auth.email variable against this list in the database's security rules.
Instead of pre-creating the account, you could then simply email the user an invite to the app. E.g. an email with a link like http://myapp.mydomain.com/signup.html?email=t4ncr3d3#hisdomain.com
Then when they click the link, pre-populate the sign-up form with the email address you sent the message to and call createUserWithEmailAndPassword().
You could use the new (as of Nov 2016) firebase-admin library (java or node) to programmatically create users from your server side - see this link for details.
After that, you could send the email and password to the user via email, and allow only email based password logins. Unfortunately, you can't force uninvited people to stop authenticating with your app, as they could manually invoke the APIs used to create a new account on their own, as you see on the same page. However, you are under no obligation to provide a login mechanism via your UI. They would have to use their browser to type and invoke the JS needed to create the account.
If you are OK with people forcibly creating accounts, but you would like to lock down their access, you could do something similar to what Frank mentions in another answer by using admin control of the database to restrict access to those users you have created and invited with a special flag in the database (that only you can modify using the admin SDK) that acts as a gateway into your app. If you perform the security properly, that should prevent those whom you didn't invite from using the app, even if they can effectively authenticate with it.
I have set up Sandbox account and successfully created integrator keys for my apps REST API calls. I have docusign header (X-DocuSign-Authentication) on my code that requires username/password/integrator key for api connections. I used DocuSign ApiClient & AuthenticationApi to set it up in code. Looks good on sandbox. My question is when we go live, on production, the admin account is an individual user credential (not a generic admin account). So how can we have that set -up in every application for the REST api connections header?
For "User Applications" -- where an individual logs in and later sends envelopes -- it is vastly preferred that you use OAuth to authenticate the users. See the docs. See a recipe example of using OAuth.
If you want to use Legacy Authentication (the X-DocuSign header) for a user application, then your app needs to request (and securely store) the user's DocuSign email and password. These days, this is a not a good plan.
As you know, you must include the username and pw in each call to DocuSign if you use the Legacy Authentication scheme. The data is secure since it is within an https conversation. But requesting and storing the pw from your users is problematic.
These days, Legacy Auth should only be used for "Service Integrations" -- DocuSign integrations where there is no human involved, just an autonomous / batch process that sends out the signing requests.
I want to create a envelope on DocuSign by integrating my application.
I know about the SOBO concept but due to some limitation, can't create a generic account.
So what i am asking here "Is it possible that with, only sender username + certified integration key info, the application can make an API call to create envelopes?"
One more thing, DocuSign production SSO is enabled for all the users I want. So is there a way that I can get any help from SSO?
Any help around this is greatly appreciated.
Yes, you can use the new DocuSign OAuth support to enable your app's users to authorize your app to make API calls on their behalf.
DocuSign OAuth docs
Some notes about this:
Each of your users will need to authorize your app to make API calls on their behalf.
There are different ways to set up the OAuth capability depending on whether your app is a local/mobile app or a server-based app. The latter can protect its client secret, the former can't. Both are supported. See the docs for more info.
The new OAuth capability is not yet available for a "system account" that autonomously makes API calls on its own behalf (this doesn't apply to your question.)
Also, you say there is "some limitation" preventing you from setting up a generic (system) account to use the API on behalf of the account holders (this is the SOBO use case). I suggest that you push a little on the "limitation." Trying to get 10 or 10,000 individuals to separately authorize an app to act on their behalf is not easy. The goal of SOBO is to make it easy for authorized system apps to send on behalf of others.
The nodemailer module (allows to send emails in a node.js app) supports XOAUTH2 authentication against Gmail accounts. Why would one want to use this for general purpose email notifications as opposed to just specifying the user: and pass: parameters in auth? I understand that the password is then stored in plain text, but it's never propagated anywhere. Also, the XOAUTH2 method seems to require a clientSecret: parameter, which should also probably not be made public. So what are the advantages here?
Similar question: how can I include authentication information in the app without pushing it into the remote repo? Is there a way to just ignore those lines with Git?
Using XOAUTH is useful when you want to send e-mails on behalf of your users (eg. as if the sender would be the user, not your application) - instead of asking their passwords, you can ask them to authorize your application through the OAuth mechanism. The resulting client secrets are known only to you, valid only for accessing the e-mail of the user, nothing more and the user can revoke these client tokens any time they wish.
If you do not want to send mail on behalf your users but with your own credentials, then there is no point of using XOAUTH.
Given the user credentials (username+password or OAuth tokens), what are the effective ways to programmatically send and receive mail (and notifications) on behalf of that user?
I searched around and saw:
using IMAP programmatically ( Programmaticly use Gmail to receive e-mail? )
OAuth
I am intimidated by the first method and I am unsure of the capabilities the OAuth API has.
Is there some (fourth party!) service that makes it easier by offering an API?
Gmail's IMAP supports OAuth and the JavaMail API -- see here
Try Context.io a service which gives a RESTful API to email services