I heard that in order to restrict push notifications (from notification HUB) so that only authenticated users will receive messages, I have to check in the "Only Authenticated Users" checkbox. But I am not able to find it, I can see only "AUTHENTICATION REQUIRED" but that option is only if I need to add custom tags, in order to filter who is getting the message.
Could someone please direct me to a tutorial or something?
Please refer this. This explains how to setup.
https://adrianhall.github.io/develop-mobile-apps-with-csharp-and-azure/chapter5/concepts/
Related
I want to send web push notifications to registered users, are there any best practices on how to implement the cases when multiple users have access to the same device and one should not see the message of another user.
Thanks in advance.
A web push notification subscription is tied to the browser, not the device.
What you need to do is, map this id with your registered user when he logs in from a particular browser. Also, you need to remove the subscription id mapping with any other users in the system.
In the case of multiple users using the same browser, the above logic will make sure that at a time, a particular browser subscription id is linked only to a single user.
And when you want to send a notification to a registered user, you can retrieve all push subscription IDs linked to this user in your database, and trigger notifications to those subscription IDs.
And don't forget to unmap a subscription id when the user logs out from a browser. Otherwise, he will continue to receive all notifications even if he has logged out.
The webhooks endpoint is visible by the group member. If the group member share the webhooks endpoint to other. If someone with malicious intent got that URL, he/she could send Actionable Message with form and send the contents of that form to endpoint that is beyond your control.
Is that will caused outsider to send many junk message to Teams?
How can I solve this problem?
Can I set the webhooks endpoint only visible by the group admin?
By definition webhooks are un-authenticated. Anyone who has the URL can send to it...just like an email message.
If the webhook is compromised, delete it. It can no longer be used once it's deleted.
I am trying to implement a Bot which can get all the Direct Message Channels, all the workspace Users and send Direct Messages to them.
If I work with my development workspace everything works as expected but when I try with my company workspace, my Bot is only capable to retrieve the Direct Message Channel it is belonging to.
Any idea on how to fix by production Bot.
You can't. Due to the security architecture of Slack one can only see the messages of channels he is part of. Its the same even for the "super admin" of a Slack team (the primary owner). Bots and apps inherit that right from the user who installed it (= authed the access token).
The reason it works on your development Slack, is that your user has probably created all private channels on Slack, and/or is the same that authed the access token your app uses.
Thanks to Slack support I got my answer:
The OAuth Token issued is specific to the user who has installed your app and represents the permission(s) to perform actions on behalf of the user. More detailed information here - https://api.slack.com/docs/oauth.
The token can only perform the same actions as the user who installed the app i.e If the user can’t view or post in the channel, they can’t grant permission to something they do not have.
I need to add push notification in my web site
If a user has made payment for something... we show them alert in their account page on the website that you are now successfully connected to this community
If a user has done payment by check... we clear the payments by check through a cron job... once the job runs and payment is cleared... we show a notification to user whenever they log in saying that their check payment is cleared
A user sends a request to connect to an organisation... that organisation's admin should get an alert in their system saying that so and so person is pending approval from you.
Something similar to alerts that we get in our net banking might be... that your credit card payment is pending... something like that
Like we also get notifications on Facebook... the difference will be that instead of notifications we want to show alerts or messages directly displayed in their account
So, you want notifications in your system about payments.
In its simplest form, you could do it manually with emails, and/or popups in your application, that are loaded from DB when they login. This is sort of a manual system, and the Minimum Viable Feature could be quite easy to build yourself.
If you want it more advanced, like you mentioned, similar to Facebook's notifications button and feed. Then, yes, it might be easier to use getstream.io. It also has websocket integrations so you can get those notifications pushed in real-time. You can then also push other types of notifications in there, like for example: a notification when the user has logged in from a different browser (for security reasons).
I hope this answers your question.
We are doing an integration with DocuSign where users can submit documents stored in our system to DocuSign to get the documents signed. We have the DocuSign Connect feature working in our demo account. We can process messages from DocuSign successfully.
We were concerned that getting users to add a Connect Configuration themselves may be too challenging for some and it will be error-prone.
I see now in the documentation that it is possible to automatically get DocuSign to push notifications by passing the information in the EventNotification attribute when we call createEnvelope. Is this an acceptable way to get push notifications from DocuSign? Will this cause issues with getting the integration certified?
Is there any other way to get Connect configured easily in customer accounts?
This is an old question, but I wanted, for the record to have answers, since it's important to anyone who may be reading this.
We see now in the documentation that it is possible to automatically
get DocuSign to push notifications by passing the information in the
EventNotification attribute when we call createEnvelope. Is this an
acceptable way to get push notifications from DocuSign?
Yes, it is. It's a very good way in fact, to reduce polling and make your app better. We highly recommend that you use EvenNotification and sign-up for events going through a webhook to your app such that you can handle them in your code only when they occur, instead of polling DocuSign APIs repeatedly.
Will this cause issues with getting the integration certified?
The opposite is true. If you use polling you may have issues being certified. Using connect events with a webhook is one way to avoid the need for excessive polling which could cause issues with the certification.
Is there any other way to get Connect configured easily in customer
accounts?
You can configure connect like you suggested using EventNotification at the envelope level. This approach works well for ISVs since you don't need your customers to have admin access to their accounts.
The other option is account-level connect configuration, which does require admin level access and there are some other limitations. This approach adds the connect webhook for all envelopes in the account. So it may or may not be better, depending on your scenario.