I want to add venues to foursquare from my app but I don't want to make the users sign in into foursquare. I created one fake user that my server uses for all the real users of my application, but I'm afraid foursquare will block this fake user becauase it's going to add many venues, and from different places at the same time.
What's the best solution?
thanks.
Your set up is definitely not recommended, but as a way to mitigate your risks, limit the number of venues a user can create via your app (like 1 per day). Otherwise one abusive user can cause your entire user account to be suspended.
Related
This is the my web-app "User Settings" page.
I have simplified it to a minimum to better highlight the problem.
To authenticate users I use Auth0, I wanted to use the sub claim user_id to identify the users inside my MySQL database for update and retrieve user's info. Unfortunately the user_id is different for each provider, for example, if the same user with the same e-mail logs-in via Auth0 he gets a user_id if he does it via google he gets another one.
I thought about using email to link logged user to his info.
The problem is in my API. Before the change it was "localhost: 8080 / api / users /: id"
each time it created a new id and in any case it was impossible to recover the data of the single user. Now that I have replaced "id" with "email" my API has also changed in "localhost: 8080 / api / users /: johnsmith#xxx.com".
Before:
After:
In a few words, the request url on the client side has also changed.
I would like to make sure that the GET and PUT requests are made based on the e-mail of the logged user without going to modify the whole back-end.
Sounds like something is wrong with how you authenticate users. If you have multiple ways to authenticate a user, those methods need to be in a one to many relation with the user. For example each user has a list of auth-methods, and whenever an authentication is made you check your table of authentication methods and find the one user it maps to.
Im not sure if you are doing this yourself or if the framework you are using is handling that, but it sounds like you need to change the model to allow many Auth methods for a single account.
Also you could use email, but that is also an "old" way of uniquely identifying users almost every single person has multiple active email accounts nowadays, so you should also have a one-to-many relation for users to emails. What if the user has different email accounts for their Facebook and Google accounts?
See account linking here: https://auth0.com/docs/users/user-account-linking
It is dangerous to trust that the external providers are truthful about what email belongs to who. What if I open a new account using someone else's email on one of the providers? Then I can log into that users account in your application, which is a pretty big security risk.
Given the increasing concerns in data privacy, is it possible to build a web app that provides a driven user experience (aka different outcomes on different users based on their specific profiles) without sending any personal information that can be tracked, hijacked or forced by any entity on the web app's servers ?
The question is somewhat vague, but due to the fact that HTTP is stateless, you'll need users to send some kind of information, at the very least user registration and login data to identify them and store their identity in some kind of storage (ex. cookie).
If you dont want the users to post any data, you wont be able to personalize the experience, just provide the same experience to everyone every time they enter your website.
I think you can do this, but you will need to identify users at the start, and then unidentify them later - for example, get them to register with an email address, confirm that address, then create an identifier derived from that address (e.g. a hash or random number), switch to using it as a user name and delete the email address. Then you will be at a point where they can log into an account, but you hold no personal identifiers on them.
I need to build a app with some specific details, and since I never worked with Instagram I have no idea if is possible or not, and also the information that I find on the docs doesn't say much, so hope someone had the same experience.
So basically I need to track some analytic information, for example in my App, for someone to register it needs to login in Instagram and than must follow my Instagram page, I believe this is possible, but then I need to track some information from the users and that is:
Check if the user is hashtaging my company page (to check which users made more shares or something);
Check which users had more engagement;
Can someone tell me if this is possible to track on Instagram API?
The new Instagram graph API is very limited, you cannot make to app and allow user to follow, you cannot access other user posts to check if they hashtagged or engaged.
All you can do is, access only your posts (if business account), and you can access your post's comments. You can also get last 24hrs of an hashtag, but no user info is given.
I am working on a social app that needs to let users add new venues to Foursquare in rare occasions. Many if not most of these users may not have a Foursquare account, and I would then like to avoid requiring them to create one just for that feature.
I've read the related thread about Adding Venues without Authentication. Although ideal, this solution is unfortunately not accessible to us since we're a small startup.
So here's my question: could I use a single default FS account, that would be registered to my startup, to add venues on the behalf of all my users? In other words, each a time any user needs to add a venue, the app would be authenticating to FS using the same account in the background.
Would such model be allowed and supported by FS, or considered abusive?
Thanks a ton in advance for any guidance on this.
Since you said adding venues is a rare occasion that should work fine. You'll be rate-limited on that single authenticated account, but it shouldn't be an issue at low volumes. I believe the default limit is 500 requests per hour per authenticated user. If you're adding more than that, you're not a small startup :)
I have just an idea for now to develop an application based on foursquare API.
I checked in the website that a creation of an application inside the foursquare is needed to access the api functions.
There some form fields in the application creation that cannot be filled by me as I don't have an application yet, like web address home page, privacy police page, etc.
I want to perform some tests for a certain time and then choose if I'll proceed with the application development or not.
For now I just need access for the venue stats function. Do you know if it's possible to have access to this function without have an official application?
Regards,
Rodrigo Lima
You need to create an application in order to get an OAuth token, which you need to call venues/stats. In practice, during testing, the only real field that needs to be accurate is the redirect URI, which you'll need for OAuth. The others can take dummy values for now, so long as you go and change them before you publish.