I have created a webservice by implementing the web connector callback methods and I have 2 apps running in webconnector for 2 usecases: invoices and customers.
I want to determine which app is triggering my web service so that I can decide whether to push customers or invoices to QB. How do I do it? I was hoping to do it through 'AppID' field but its not returned in every SendRequestXML call. In fact, not even in the first SendRequestXML call. Has anyone implemented these scenarious?
If you have two apps in the Web Connector, then each app should be using a different username, and pointing to a different URL.
If they're using the same URL or the same username... then you did something wrong and you should fix your implementation.
With that said... it sounds like you have sort of a wonky implementation anyway. Why do you have two apps for two different use-cases? Why not just send BOTH customers and invoices through the same app...?
Related
Throughout my career, I've relied on and used various API services in my project. I saw multiple mechanisms of how these APIs are secured, but most common one seems to be via API Keys.
I am now planning to build out my own API service and being unfamiliar with security part of this I had few questions:
So far, what I gathered is to do the following: Create API key, store it's hash in db, only show api key to user 1 time, check for api key in requests and rate-limit based on it.
But above raises one concern, if someone was to inspect customer website they could easily get this api key (if customer is calling api directly from their front end) and abuse it, correct? This can be done in form of constantly hitting rate-limits or sending bad data to customers dashboard.
I feel like I am missing few key parts here and would appreciate if someone could outline best practices of how this is done nowadays in NodeJS. Thank you.
EDIT: Users of such service would be developers utalizing this API in their product
Use Case -
We are an origanization who helps universities manage the sport activities and contract of their students. We are planning to integrate docusign in our system both web and mobile app. One feature that we need is the information regarding the created templates, is there a way to get notified about templates via webhooks(like when it was last used, or created).
So, webhooks may not be suitable to know when a new template is created, because currently the webhook is tied to an existing object, and the object is not yet there, so it's a catch22.
What you can use instead is the DocuSign Monitor API. It's a different approach, but using this API, you can get data about anything that happens in the DocuSign account, including templates.
You can make raw API calls, or use the Monitor SDKs for one of six languages.
I'm not 100% on this but one approach would be to use folders. Put your templates in a named folder and use the listStatusChanges API with a folder id as a query parameter (https://developers.docusign.com/docs/esign-rest-api/how-to/list-envelope-status-changes/)
You can also select "Folders" in the "Include Data:" section of your DocuSign Connect webhook and filter for the folder(s) you're looking for.
Is it possible to have different webhook endpoints for different apps in docusign? I don't seem to be able to set the app in the configurations for webhook
I think, you can try using DocuSign connect, where you can give two different webhook links for different apps. Docusign connect is also more secured.
https://support.docusign.com/en/guides/ndse-admin-guide-connect
Not through the web console - Account-level Connect configs are mostly all-or-nothing (although you can enable/disable them by sending user).
If you want one application's envelopes to write to one endpoint and another's to another, you need to set up both applications to include EventNotifications in the envelope definition.
EventNotifications are effectively a Connect configuration embedded into the envelope. They are documented in the schema of the CreateEnvelope call (https://developers.docusign.com/docs/esign-rest-api/reference/Envelopes/Envelopes/create/) and code examples are available here: https://www.docusign.com/blog/dsdev-common-api-tasks-add-a-connect-webhook-to-your-envelopes
You can create two or more webhook "subscriptions" for a single account. One subscribing URL can be used for one of the apps, the other for a second app.
However, both URLs will receive all the notifications (for both apps).
So you need a way for both URLs' servers to only pay attention to the notifications for their own application. Easiest way is to set a metadata envelope-level field in the envelopes. This can be done either via the Envelopes:create method or set within a template.
We are currently looking into implementing Stripe Connect to process payments on a multi-tenant platform. On this platform, each tenant has an own instance of our web application with their own database and their own domain. The deployment is triggered by the client’s online registration and fully automated, so we don’t know in advance when there will be a new application instance.
While this setup doesn’t seem to be a problem in general, we are facing problems with Stripe’s requirement to hardcode several URLs into Stripe’s dashboard, especially the webhook URLs and the return URL for the onboarding workflow. This does obviously not work for us, as we would add the URLs for each domain of our clients.
Is there a way to set these URLs through an API for each tenant or (in regard to webhooks) for a single transaction? Or is there some other way that might work in our scenario?
There is no way set these dynamically but there are workarounds if your instance separation allows it.
For the OAuth flow and the redirect URL you can have a generic URL in your own domain that handles the connection and then redirect to their domain afterwards based on a parameter or the session.
For the webhooks since you're using Connect you can actually receive all the events of the connected accounts in your platform directly:
https://stripe.com/docs/connect/webhooks
The drawback is that you'd need a way to notify their instances that something happened if you need the data stored in their separate databases (or you could handle it locally since you own the full server)
My client has two Companies on the same QBES (Enterprise), in other words, two Company files.
We are creating a Web Application (Angular + Web Api 2) to automatically generate Purchase Orders based on new Sales Receipts created by their ecommerce integration plug-in (probably SkuVault), we need then to create the Sales Order in Company B based on this PO, and after that, the Bills and Invoices respectively. I found all the calls I should be calling on the SDK documents, but since this architecture requires us to use Web Connector, will I be able to make all the calls listed on the SDK using the Web Connector?
What are the calls allowed by QuickBooks Web Connector?
All of them.
will I be able to make all the calls listed on the SDK using the Web Connector?
Yes.
More details:
The Web Connector is just a SOAP wrapper around the normal QuickBooks SDK calls. It's nothing special or magical or even very technical in nature, it's just a simple SOAP wrapper around the rest of the XML-based COM SDK. So, anything you can feed to QuickBooks normally, you can feed via the Web Connector.