When my plugin retrieves data from the banno consumer api, Credit Cards, Mortgages, and Investment accounts are all coming through with an account type and subtype that look like this
type: "Third Party"
subtype: "Other"
My plugin needs to be able to determine the difference between these types of accounts, however the Banno consumer api does not define Credit Card or Mortgage as an account type. Furthermore, the documentation states that the subtype field should not be used.
Does the banno consumer api provide any way to accurately determine the type of Credit Card, Mortgage, Investment, or any of these "Third Party" accounts?
The accountType of "Other" is a result of the way that an account is configured within the underlying core (and there are 4 cores that Jack Henry supports..3 for banks and 1 for credit unions).
There often isn't much information available within the core itself about the account, which is how you end up with an accountType of "Other" and accountSubType of "Third Party".
There are credit cards represented (with accountType of "Line of Credit" and accountSubType of "Credit Card"), depending upon the configuration.
Mortgages generally aren't represented directly via accountType and accountSubType and the best that is known from the core is that the account is some type of "Loan".
Related
On the page https://developers.google.com/fit/policy?hl=en#appropriate_access_to_and_use_of_google_fit_apis it says the following:
Do not use Google Fit APIs for applications, services, or features designed to collect or combine user data for human subjects research, medical research, or any other similar research overseen by an Institutional Research Board or Ethics Commission unless you receive prior written approval to such use from Google. Select a "Medical Research" use case during the scope access request process and you will receive additional information on how to proceed.
I'd like to use the Google Fit API for a medical research purpose, but I cannot find where I'd select the "Medical Research" use case. Can anyone show me where I can find this?
I'd be using the Google Fit API to start tracking steps on the user's Android device and read these steps.
Scope = Purpose of your medical research and used API scopes
I think it is rather misleading, in fact when Google documentation talks about medical research scope, they do not mean it at the API level.
What they mean is that you have to state in your app registration application that you would be using your app for a "medical research purpose", along with the fit API scopes that you would be using for your medical research.
You can read the following link that describes the authorization process intended by Google, but I will will detail below how to proceed:
Enable Fitness API and create credentials
After enabling Fitness API in your Google API Console for your project (create a new one if you haven't already) then you have to apply for verification and submit the relevant supporting information for why your app needs "Medical Research" scope (basically documents related to the purpose of your medical research, which University or Lab you are working for etc). This choice happens right after adding credentials to your project when you have to set up OAuth consent screen:
Filling the app registration form
Filling accurately will speed up the verification process
On the first tab, you will likely have to provide a very solid application privacy policy link (stating which data you access and for which purpose):
Select your API scopes
Then you will have to add the scopes (scopes as API) that you would need for the purpose of your medical research:
The one you will need to read the steps is:
scopes your app needs to request.
https://www.googleapis.com/auth/fitness.location.read | Read location data from the Google Fit platform. | Restricted
Enter your Medical Research "Scope"
Finally, and this is where you provide all information related to your medical research, in the optional info - meaning optional for most users, but not so optional for medical research - already briefly stated in your privacy policy link: Its purpose, how it is financed, by which entity, what data your will be using etc. Be as clear as possible as it will speed up the review process.
Provide links about your university or company website, research papers that you have already published, or by yours peers related to the scope of your medical research:
I have the following setup in Azure API Management:
Two products: Internal and Starter.
One api: Finance, that is included in both the above products. The Finance api also has the Subscription required checkbox cleared, so a subscription is not required.
The Internal product has a policy that does JWT validation. The Starter product does not.
In the test tab of APIs, I can choose a product scope via the Apply Product Scope dropdown. Presumably this decides which product policies are applied.
When calling the API, if I don't supply a valid token, the JWT validation kicks in and rejects my request. However, since I have no subscription key to identify the product, it could be either the Internal or Starter product - how does the system determine it should apply the Internal policy containing the jwt-validation rule rather than the Starter policy which doesn't?
When request comes in, first API and operation are identified. Then APIM tries to identify subscription. If product subscription key is provided, it's used to identify product and it's policies are executed. If API subscription key is provided, it's checked to match identified API and no product policies would be executed at all.
If no subscription key is present in request, APIM checks if there is a product with Subscription required set to false, and if such product includes identified API. If there is such match, product will be used and it's policies executed. If no such match found, APIM will check if API has Subscription required set to false, and if so then call will proceed without product.
The Test tab uses a special key - master key, among other things this key allows you to force a certain product to be used for a call even if API is not included into one. This is mostly useful for testing purposes, and master key should not really be used in production.
The answer is that the Starter product, whilst testable in the API screens, was marked as "Requires Subscription" at the product level, which overrides the API level setting. Because of this it was not an eligible policy.
Trying to change this setting fails with the error Product cannot be made open since it has APIs that are already part of an open product. which makes sense and removes any ambiguity.
In a DAML contract, what does the signatory keyword do? For example, in the Iou contract, what does the line signatory issuer, owner actually mean?
Does it mean both owner and issuer should be same?
One of the compelling features of DAML as a modeling language is that it is designed to help solve problems involving authorization and delegation. To achieve this DAML has a first class type Party that represents independent ledger participants, and every contract on the ledger must be authorized by one or more parties before it can be created.
The signatory expression in a template defines who must authorize the creation of a contract instance of this template. It does so in terms of the data contained within the proposed contract instance — this means that any party who can see a transaction that attempts to create a contract also has enough data to verify the creation was properly authorized.
In the case of the Iou contract:
template Iou
with
issuer : Party
owner : Party
currency : Text
amount : Decimal
observers : [Party]
where
signatory issuer, owner
...
A party wishing to create an Iou must fill in the record: issuer, owner, currency, etc. Then they must pass that record to the create function within a transaction submitted to the ledger. That call to create must be authorized by issuer and owner, but does not require authorization by observers as they are not listed as a signatory.
Note that it is legal for issuer and owner to be the same party. In fact, this would be the only way for the create to be legally submitted directly to the ledger as individual ledger interactions can only be authorized by a single party. Larger authorization sets must occur as a part of a larger transaction using delegated authority from other contracts already on the ledger.
For more on this, and especially on how to do authority delegation, see the DAML documentation: https://docs.daml.com/concepts/ledger-model/ledger-structure.html
For a worked example, see: https://docs.daml.com/daml/patterns/initaccept.html and the other examples in the Patterns section of the DAML docs.
I know how to determine if account type is personal or not personal by max_upload_size using v2 API:
https://api.box.com/2.0/users/me
or add extra fields can_see_managed_users or is_exempt_from_device_limits, then check the response.
But I assume the business account has the storage limitation, which means the response of is_exempt_from_device_limits should be false for business account. So I created a business account and tested on it. The result is true instead.
So is there any api or flags which can be used to determine the difference?
Thanks in advance.
You are correct that you can determine that an account is a business or enterprise account by the max_upload_size setting. You've also discovered an administrative feature, that the admins can set on their enterprise account. They can decide if their users are allowed to have multiple devices of the same kind that are allowed to login.
There isn't a specific API at the moment to determine what type of account the user has. We're contemplating it, but for now, the max_upload_size is probably the best way to gauge. Keep in mind that Box keeps changing that limit. We have been slowly raising that limit on various types of accounts.
Box user API now returns an enterprise object. I believe we can use this to determine if it is a business account or enterprise account like this:
"enterprise": {
"type": "enterprise",
"id": "17077211",
"name": "seanrose enterprise"
}
We are designing an online application (college admission form) which mandates the user to upload a scanned copy of his photo along with his signature, so that this information can be used to cross verify the applicant when he appears for a exam + personal interview at a later point in time. This entire process requires a scanner for the applicant to scan his photo / signature into an appropriate size. Is there a better way to capture user identity for such purposes as usage of scanner for capturing signature, photo is a painful process.
I would capture some unique information that would be associated with a photo id, such as a driver's license or passport number. Then I would ask them to present that form of identification when they show up. You check the number supplied against the number on their id and their photo on the id against their appearance. Of course, you also validate that the id is genuine as well.