I have a private extension in the chrome web store. This extension is for users and devices who are managed via the Google Admin / GSuit system.
When in use, the extension contacts the GSuit / big data servers to log data. To tell my customers appart, I get them to type in a unique customer ID into each of their chromebooks, one ID per customer.
This was ok, but I would like to automate the system. Can I send down the customer ID instead of getting them to type it in ?
I thought of using the Asset-ID to identify the chromebook - but I cant find any way to extract the asset-id in my extension to allow the device to send it back to the server !
I thought of using one of the free text policy settings - but I can't get access to those in the app either !
I don't want to use email address as some of my smaller customers use gmail, so they would all get clumped together.
As an account administrator, you can first try retrieving a user using a userKey which can be the user's primary email address, the unique user id, or one of the user's alias email addresses. A successful Users:get request will return users resource including customerID.
Then, with the customerID, you may now get the assetID by retrieving all chrome devices for an account. Use GET request and include the authorization described in Authorize requests.
Here's the sample request:
GET https://www.googleapis.com/admin/directory/v1/customer/my_customer or customerId/
devices/chromeos?projection=basic or full&query=query
&orderBy=orderBy category&sortOrder=ascending or descending order
&pageToken=token for next results page
&maxResults=max number of results per page
Response for this request will include annotatedAssetId.
Also, View Chrome device information might also help.
Related
I am following Intuit's oAuth authentication guide in order to log users in through Quickbooks and get access/refresh tokens in order to make API calls. We make API calls in node through the node-quickbooks SDK.
I can successfully log users in through Quickbooks and exchange codes I receive for access and refresh tokens, and I can even make API calls to create invoices successfully.
The problem is, even when I use the tokens of the user I've authenticated to make API calls, the invoice is created in our Quickbooks company instead of theirs.
Is it possible to create invoices in the Quickbooks account of the other user? If not, what's the point of getting access and refresh tokens for them in the first place? For what it's worth, this is all being done in the Quickbooks developer sandbox (but with two separate accounts).
I'm quite confused as to what the methodology is supposed to be here, and any guidance would be very much appreciated -- or even just a reassurance that this is possible.
Thank you!
The QuickBooks instance that's acted on is determined by the Realm ID parameter. The Realm ID is captured when a QuickBooks Online account is selected during the authorization flow.
If we could call your Quickbooks company "Company A" and the one you're trying to create invoices in "Company B", I'd say it sounds like Company A's Realm ID is being logged and passed in subsequent requests instead of Company B's. This could be caused by things by hard-coding Company A's Realm ID and using that for the create invoices requests, selecting the wrong account during the authorization process, or something trickier like a bug in the SDK you're using.
I'd start by getting Company A and B's Company ID, which is what Intuit calls the Realm ID when you access it from the UI. You can do that while logged into a sandbox or production account by pressing Ctrl + Alt + ? in Windows or Control + Option + ? in macOS. Then you can verify the correct Realm ID is being used in the create invoice requests.
If the requests are using the value captured during authentication (as they should be), then you can —in the SDK code— log the Realm ID that's being captured during authorization and verify it's the right one for the company you selected during the OAuth flow.
I need this option to remember the device ID used when registering a new user and save it in the database, and later when logging in, if another device is used, the user needs to send a verification email to be able to log in to their account.
This is a similar feature as google uses for its Gmail.
If your application works on web than you can fetch the user-agent information and the user IP address and create a hash details using his combination. If the hash is different in the 2nd attempt of sign-in / login than you can do you desired action
I'm trying to share a document in OneDrive by providing access to specific people across orgs. While I'm able to use the /invite endpoint to provide access, sometimes I am not aware whether a given email address is entitled to receive access. For instance, let's say:
A user from org-1 is sharing a file with three email IDs
Two email IDs belong to same org-1
But the third email ID belongs to org-2, which is not entitled to receive access as per org-1's policy
When I dispatch a request to /invite with the three email IDs, the whole request fails i.e. none receive access to the file.
Is it possible to have partial fulfilment? i.e. the entitled users of org-1 are given access but the user from org-2 is denied access, while the response returned is 200?
Also is this possible in Sharepoint as well?
No, you cannot make it partially success on the server side but you can validate if the given accounts are from your organization on your side(writing code) and then remove that and send the request. If you want to send it to other organizations as well you need to configure it on the tenant or site where you want to share data with.
We are using the EnvelopeView: CreateSender endpoint on the server side and are authenticated under a service account we have dedicated for this process. Ultimately, we send a URL such as https://demo.docusign.net/Member/StartInSession.aspx?StartConsole=1&t=<GUID>&DocuEnvelope=<ENVELOPEID>&send=1 back to the end user to pick the signers, and populate tags.
All works fantastically, however, we were hoping to make it so the user can only see and populate the information for this single document. Currently, once the user clicks the link they are essentially authenticated as our backend service account and if they open another tab in their browser and go to (https://demo.docusign.net) they can see all documents and even change the password of the account if they wanted.
Is there a way to restrict this in any way? Would the experience be different if purchased an “API” account not tried to use an actual user account on the backend? Yes, we know about OAuth, but we don’t really want to impersonate the sender and prefer to keep a dedicated service account.
An "API" account would give you the same issues as dedicating one of your current users as a "Services Account," so I don't think that's a solution.
Instead, I suggest that you move all of the functionality that's needed upstream into your app. That way you will not need to present the Sender view to your users.
Your app can enable your users to:
choose who the envelope will be sent to
choose/edit the email messages, etc
choose the documents that will be sent
etc
If you have preset templates that include the document tabs/fields for the signers then there is no reason for the sender to deal with the sending screen for picking the tab/field locations on the documents.
This type of app will also give a smoother user experience to your users since they'll stay in your app rather than bouncing over to DocuSign for part of the task.
I am a bit shaky on how to use the venues API in forusquare. My main question is related to OAuth. I want to be able to do venue searches on the server side of the system, and i need the server to login into foursquare automatically. It says on the website that foursquare doesn't require user authentication to use some of the venue functions, however whenever i try to do a call to: venues/categories without specifying an oath_token I get a permission error.
How can i do venue calls without having to use a user login?
Thanks in advance.
It would help if you had given the exact url you are trying to call, but in general:
The userless requests to Foursquare still require the client id and client secret that you get when you register the OAuth Consumer in foursquare.
Using the id + secret you can access Venue API endpoints without authenticating with a user.
So if I got to the Venues Categories endpoint you can see that it does not require and acting user and thus accessing:
https://api.foursquare.com/v2/venues/categories?client_id={0}&client_secret={1}&v={2}
Will get the categories list.
In that example, replace {0} with your client id, {1} with your client secret and {2} with whatever version date you feel comfortable with, today would be 20111218
More can be found here https://developer.foursquare.com/overview/auth#userless
you can use https://developer.foursquare.com/docs/explore#req=/venues/categories and in the view box use /venues/categories to see a list of all of the venue codes to use. then simply use:
https://api.foursquare.com/v2/venues/search?ll="+ ll+"&radius=10000&limit=50&categoryId="+catID+"&client_secret=xxx&client_id=xxx
in your call to load the url based upon ll which is long and lat and it will create a response of json object to parse. The App/Web site does not need to be authorized for such a search, and the limit goes to 5000 calls per hour, and you can increase this by emailing Foursquare with the application information and screen image of the app showing you credit Foursquare with the info, like a Foursquare button, etc. - Hope this helps.
Visit https://foursquare.com/developers/apps to get your API keys. Once you click "Create A New App", your Client ID and Client Secret should be visible.
Once you have your keys, try plugging them into this search:
https://api.foursquare.com/v2/venues/search?near=seattle,wa&query=coffee&v=20150214&m=foursquare&client_secret=xxx&client_id=xxx