I am in the middle of the review process for Instagrams new API permissions. We have followed all of their guidelines and fall into one of their valid use cases. Unfortunately we have been denied now 3 times with the only explanation that we don't fall under a valid use case. I would be ok with this response if our software wasn't exactly what they say is a valid use case. So far I am unable to find anyway to contact them or talk about this issue. It would be a lot more helpful if we didn't get a blanket response when getting denied. Anyone else having these issues or have been able to contact their review team?
Perhaps this helps. I have tried two times but our app was declined. I will write the submission text one more time. I also want to go more into detail as the new FAQ says that Instagram expects a very detailed submision.
Cheers,
Christian
FAQ
My submission was rejected but it was a valid use case. What should I do?
A common reason for rejecting a submission is that we do not have enough information to make an assessment of your app. This can happen if your submission was too short, if it missed important information, if you did not provide a good screencast, your website is not working, etc. Before you submit for review again, make sure to provide a long and clear explanation of what your app does and how you use every permission. Make sure also to provide a video screencast and to follow all our Platform Policies.
What should I write in the submission?
The submission should be long enough for us to understand exactly what your app does and why you need the permissions you are asking for. If your submission is too short or does not explain all parts of your integration, then we may not be able to understand and approve your app. For example, your submission should explain what does your app or company do, which of the approved use cases your integration falls into, who will be using your app, how do your user authenticate with your app, how you use the API to power your integration, how does your product use the data acquired from Instagram, etc.
What should I show in the video screencast?
The video screencast is a very important part of a submission and cannot be omitted. Please make sure that the video clearly shows how your application works, including any Instagram login experience and the usage of every permission you are requesting. Since your app may still be in sandbox mode, you can use data from sandbox users to showcase the integration.
My company is working with multiple clients, should I submit one app per project?
No, we do not approve apps that are created for one-off projects (e.g. a hashtag campaign, an event, a website). You should use a single client_id across all your integrations.
Can I revoke a submission if I made a mistake?
You can't cancel a submission that is in progress. You will need to wait until the submission has been reviewed before you can start a new one.
I also have just been denied in the same way. I gave them 20minutes of video and demonstrated everything my app does. I wrote about each action possible in the context of use case 2 and I clearly stated which calls I was making. Short of supplying the source I am not sure what else to tell them.
Related
Hello we are a small team looking to implement a Gupshup/Whatsapp bot.
We are wondering how long does it take for this kind of bot to setup and have in working order?
apologies if is not a technichal question, but we are not sure where else to ask.
You can ask Gupshup directly and they will be able to help better. From WhatsApp's perspective, once you create your account on Facebook Business Manager and add your WhatsApp number, it goes through an account review which typically takes around 2-3 days and once that is approved, you can start sending messages right away. However, some of these businesses like Gupshup have sandbox experiences at times that give you this experience within minutes without having to go through the entire flow.
There are two parts to the implementation. One is business registration with Whatsapp linked with vendor like Gupshup and the other is coding implementation.
These both can be achieved anywhere from one to two months depending on the use case.
I am developing an eshop website based on Nuxt.js (Vue) for the frontend and Laravel for the backend.
I am at the stage where the payment is being done and thinking what my options are.
My payments provider offers two options: Redirect and Native.
The first option basically redirects the user from my spa to the payments provider page to fill in their card details and perform the transaction. Afterwards it redirects back to a predefined page. This option although it is really common (pretty much every company uses it) it also has the disadvantage that the spa loses its state.
The second option is to have a form inside my spa that sends the information to my api which finally performs the request to the payment provider and completes the transaction.
I believe the second option is the best in terms of ux but I am mostly writing this question to ask for your thoughts on this mostly related to law terms and security in general.
Note that I won't store any card details in the second case but even then, can this process be a bad thing for my company?
Quick disclosure: I'm new to stackoverflow and don't have the points to add comments.
Are you currently integrated with Braintree? The Drop-in UI is an excellent way to complete a transaction in a Single Page Application without worrying about page re-directs.
Full disclosure: I work at Braintree. If you have any further questions, feel free to contact Braintree Support.
I am developing a website and it accepts payments for membership, paid using Google Wallet.
The DEV environment works. The call back function is intercepted, authorised, and the membership is automatically extended as expected.
The remotely hosted environment which should go live soon doesn't want to know.
When the user clicks on buy, an error message immediately pops up. It is ok for the user, but it doesn't say much else, making it useless for the developer. Maybe it's just me not finding the error code, or something similarly useful?
Anyway, the originated JWT String is valid ( the decoder here http://openidtest.uninett.no/jwt decodes it correctly, and the data in it is right ).
Any suggestions on how to fix?
I don't know if this is necessary at this stage or not, and possibly the cause, but the bank account hasn't been verified yet. ( For the developing I used the standard provided US sandbox account, I really hope that Google Wallet accepts UK bank accounts too, can anybody out there confirm? )
I found the cause of the problem, as mentioned above. I wasn't able to pick my own post as an answer before now. Best is to follow the steps above in case you do have problems caused by a missing one, different from mine. A big thank you to EdSF for his help! :)
Like a lot of businesses my employer is dealing with the new world of PCI compliance by avoiding the hard stuff and redirecting our customers to a third-party payment service. The process will entail the customer entering order details into our system but then being redirected to the merchant bank's payment service for the entry of those all important card details.
We wish to retain the services of some business that periodically fills in stages 1 and 2 of our order form with some dummy data, presses place order and sees that the URL it ends up at is in fact the one we're expecting, a bit like a bot or a web spider.
If it finds we've been clickjacked it would alert us by text message or twitter feed or whatever the cool kids are using these days.
Does anyone know of a service that performs this function?
No, I don't believe that there is a service like this. Usually companies with specific testing needs like this will use QuickTest Pro.
I'm still in the process of going through some suggestions and hammering out what exactly we're going to do but almost all the info I've gained has come from:
http://www.softwareqatest.com/index.html
A devastatingly useful site which provides more than answers to this functional testing scenario. There are a couple of Web-Based services which execute QA Functional Testing scripts against your site and send alerts and reports if the tests fail.
The two I had a quick look at were http://www.dotcom-monitor.com/ and http://www.watchmouse.com/en/
The latter service uses Badboy scripts in its tests so you can home brew them and then upload to their server for regular execution.
Reading through the Flickr API documentation it keeps stating I require an API key to use their REST protocols. I am only building a photo viewer, gathering information available from Flickr's public photo feed (For instance, I am not planning on writing an upload script, where a API key would be required). Is there any added functionality I can get from getting a Key?
Update I answered the question below
To use the Flickr API you need to have an application key. We use this to track API usage.
Currently, commercial use of the API is allowed only with prior permission. Requests for API keys intended for commercial use are reviewed by staff. If your project is personal, artistic, free or otherwise non-commercial please don't request a commercial key. If your project is commercial, please provide sufficient detail to help us decide. Thanks!
http://www.flickr.com/services/api/misc.api_keys.html
We set up an account and got an API key. The answer to the question is, yes there is advanced functionality with an API key when creating something like a simple photo viewer. The flickr.photos.search command has many more features for reciving an rss feed of images than the Public photo feed, such as only retrieving new photos since the last feed request (via the min_upload_date attribute) or searching for "safe photos" only.
If you have a key, they can monitor your usage and make sure that everything is copacetic -- you are below request limit, etc. They can separate their stats on regular vs API usage. If they are having response time issues, they can make response a bit slower to API users in order to keep the main website responding quickly, etc.
Those are the benefits to them.
The benefits to you? If you just write a scraper, and it does something they don't like like hitting them too often, they'll block you unceremoniously for breaking their ToS.
If you only want to hit the thing a couple of times, you can get away without the Key. If you are writing a service that will hit their feed thousands of times, you want to give them the courtesy of following their rules.
Plus like Dave Webb said, the API is nicer. But that's in the eye of the beholder.
The Flickr API is very nice and easy to use and will be much easier than scraping the feed yourself.
Getting a key takes about 2 minutes - you fill in a form on the website and then email it to you.
Well, they say you need a key - you need a key, then :-) Exposing an API means you can pull data off the site way easier, it is understandable they want this under control. It is pretty much the same as with other API enabled sites.