I am using Location API and HttpConnection in my J2ME Application which keeps tracking updated location and showing image of Google Map, So it is asking for user permission repeatedly.
How to avoid this ?
The Permission you are talking about it a security permissions. To remove these security permission message you need to sign your mobile application with some certified authority like Verysign or Thawte
You need to purchase a licensing certificate from the site. Once you get the certificate ( which is valid of a year and cost is around 20K India Rupee ) you can sign any many applications as you want.
J2ME architecture is made to protect, not to run all the API without permission. The high level
API's like create/read/delete file, make http request,Location API etc must require your application to be sign to avoid the security messages.
Related
I am a beginner web designer and I am struggling to find relevant information online as to how I should go about managing my API keys for clients! I would really appreciate any tips or insights on how I should go about this!
I hold my own google account and already have my own API key (Javascript API) for my own website. Although, when creating websites for clients, is it okay to use the same API Key? Or should i create a new API Key for each client in my own account (creating new "projects")? Or should i be creating a google account for each client and then creating each client an API Key through their own account?
I also know that there are usage limits on API Keys so I want to ensure I dont exceed these if using one API for multiple sites. How can I monitor this?
Looking for any advice on the best and most efficient way to go about this. I do not know too much on how API Keys work!
Much appreciated :)
I will be using Google API as an example. Yes, you should always Create a new project for each client there are a multitude of reasons why you should do this and you already mentioned some of this
API query usage limit.
Separated client billing & usage breakdown for each project.
Security and revocation of compromised APIs.
Restricted security profiles, domain whitelisting, IP address, device usage etc..
Access management and role management.
Traffic and analytical reasons.
Creating credentials
Depending on your organisation needs and project scale, for us, we Create credentials (API key/ OAuth ID/ Service Account Key) for every platform the key will be used. For example, if we are developing an e-commerce website that comes with an app, we would issue 3 keys. (1 for web, 1 for Android apk, 1 for iOS app). This allows us to fine tune the access permissions and let us track usage.
What works for you?
If you are a freelancer or work in a small enterprise, the least you should do is separate every client by projects. There is no need to create a new Google account for each project. (You can always transfer ownership of projects to another account if your client requests at a later time)
The above screenshot is how we categorize items in our account, for each project we are contracted for (could be the same client) we will create a separate project entry.
I'm struggeling with the Instagram Permssion Request. We need to use the API to scan for new uploads to Instagram with a specific hashtag, to trigger a machine.
For this, i tried to request the permission for "basic" and "public content". The request was declined for several times, primarily because the screencast does not contain any Instagram login process in our app. Since there is no need to login for our purpose, i dont know how to realize this. We also dont want to use any 3rd party tool, but just the Instragram API. Do you have any advice for this?
Instagram does not approve one-off projects for yourself, they only give permission if you are creating an app or platform for many to use.
https://www.instagram.com/developer/authorization/
One-off Projects. If you are an agency building websites or other
integrations, note that we don't grant permissions to clients created
for one-off projects. If you are interested in building a product,
platform, or widget that will be used as a service across multiple
projects, then you may submit a single client_id that you can use
across multiple projects.
If you are creating an app/platform you have to have a login flow for each customer to login and use, so you have show login flow in video screencast.
If you are not building an app/platform for wide audience, you probably will not get permission and are expected to use other apps out there that do what you want to do.
Also checkout the Instagram Graph API, this is API for business accounts to create one-off projects to moderate your accounts, but you will not have access to public hashtag posts, you will have access to all content for your account: https://developers.facebook.com/docs/instagram-api/v2.10
My app worked for a year and then the API calls to instagram stopped returning any data.
I use the following instagram endpoint:
https://api.instagram.com/v1/media/search?lat=48.858844&lng=2.294351&access_token=MY_TOKEN
I noticed I need the public_content permission but.. what Instagram requires in order to give me this permission? I couldn't understand anything from the documentation and they dissapproved my request for this permission.
The Instagram API Platform can be used to build non-automated, authentic, high-quality apps and services that:
Help individuals share their own content with 3rd party apps.
Help brands and advertisers understand, manage their audience and
media rights.
Help broadcasters and publishers discover content, get digital rights to media, and share media with proper attribution.
Best way to get public content permission is register an client application follow in one of those tree categories above, fill use case carefully with an screencast of you application and cross your fingers ;).
Leonel's answer is not correct. You get the public_content scope for your app by re-requesting an auth token with that additional permission. This has nothing to do with Sandbox mode or Live mode. This can be done for Live and Sandbox apps, but inclusiveness of the results will be determined by which mode you are in. Even when you have public_content scope for a Sandbox Mode app, you can only see the public content from sandbox users you invite to your client.
So Leonel is partially correct in the sense that the permissions problem may not even matter to you if you cannot get your client approved.
Read this short explanation of Instagram scopes and modes.
I want to know how to add permission to allow midlet to initiate a phone call? I am testing my app on nokia E72 where I am always been asked to allow that call. Also, after saying yes it asks whether to initiate a video or a voice call.
I don't want my app to ask any permission and initiate a call straight away. If i could get a trusted third party certificate will it be possible and what permissions I'll have to set and how?
How to achieve this in J2me?
Thank you.
To get rid of the security popups you are describing, you will need to sign your app with a certificate from Verisign or Thawte. That'll cost you $299 each year. (Welcome to J2ME).
If you publish your app in Nokia OVI store, they will sign it for free and publish it in their store. Even though your app gets signed by Nokia,Verisign and Thawte, the J2ME applications will ask permission from user at least once they do any suspicious actions like SMS , Internet access , Call etc.
I'm looking for information about authentication but I'm very newbie so I don't know any system.
My requeriments are: An user only can authenticate from one computer/mobile device/tablet.
I'm thinking about a monitoring system of MAC address and when the user connect using other device I can see this like an alert.
What other methods are there? Certificates?.
Repeat, I'm very newbie with this.
PD: My app has been development with framework Symfony2
So first of all MAC address is a network local address, which means that after it goes trough router/switch the MAC address changes, so you cannot relay on this. Even if you wanted to lookup interface MAC addres with your client software MAC's can be changed.
Secondly Certificates give you certain properties like nonrepudiation (you can calculate digital signatures on operations that users do and then the could not deny doing something in your application). But Public Key Infrastructure is really hard to manage! You would need your Certificate Authority to give valid certificates, You would need to monitor and update Certificate Revocation Lists to deny stolen/invalid/forged certificates from being treated as valid and authentic.
If it is not a security centric application and after you analyzed your options I would suggest simple form authentication (username/password/captcha). And write mechanizm that would periodicly (i.e. every second) send an AJAX request refreshing user status, thus you could recognize if user closed browser or has opened window. And in your authentication process you could check for other ACTIVE sessions for given username and deny login or act in some other fashion. If you need more informations about authentication I would recomend looking through security patterns