Google translate provides this information:
Will the text I send to the Cloud Translation API, the results, or other information about the request itself, be stored on Google servers? If so, how long and where is the information kept?
When you send text to Cloud Translation API, we must store that text for a short period of time in order to perform the translation and return the results to you. The stored text is typically deleted after 7 days, but can be temporarily stored up to 14 days in the event of a service failure.
But I cannot find any information regarding the Microsoft Translator data storing policies. Does anyone know if Microsoft retains data used in the translation API?
If for business, Microsoft has a "No Trace Policy": https://www.microsoft.com/en-us/translator/business/notrace/. It makes a clear statement about API calls:
"Azure Cognitive Services Translator is a cloud-based machine translation service and is part of the Azure Cognitive Services family of cognitive APIs for building intelligent apps. Customer data submitted for translation to Azure Cognitive Services Translator (both standard and custom models), Speech service, the Microsoft Translator Speech API, and the text translation features in Microsoft Office products are not written to persistent storage. There will be no record of the submitted text or voice, or any portion thereof, in any Microsoft data center. The audio and text will not be used for training purposes either."
On Custom Translator: "Translation requests to your custom models via Translator on Azure are no trace— there will be no record of the submitted text, or portion thereof, in any Microsoft data center."
End user products, same as other providers, do retain some data (typical scenario: you are some consumer using free services). From the same page on No Trace policy:
"The free Microsoft Translator end-user products for which voice clips and text translations are recorded for service improvements purposes are listed below.
Microsoft Translator apps
Translator for Bing
Microsoft Edge
Web Translator"
"Translator apps" above links to a page describing Android and other mobile apps, not to be confused with the Document Translator sample app (https://github.com/MicrosoftTranslator/DocumentTranslator/), which uses whatever Azure Translator cognitive service you have created.
Related
On the page https://developers.google.com/fit/policy?hl=en#appropriate_access_to_and_use_of_google_fit_apis it says the following:
Do not use Google Fit APIs for applications, services, or features designed to collect or combine user data for human subjects research, medical research, or any other similar research overseen by an Institutional Research Board or Ethics Commission unless you receive prior written approval to such use from Google. Select a "Medical Research" use case during the scope access request process and you will receive additional information on how to proceed.
I'd like to use the Google Fit API for a medical research purpose, but I cannot find where I'd select the "Medical Research" use case. Can anyone show me where I can find this?
I'd be using the Google Fit API to start tracking steps on the user's Android device and read these steps.
Scope = Purpose of your medical research and used API scopes
I think it is rather misleading, in fact when Google documentation talks about medical research scope, they do not mean it at the API level.
What they mean is that you have to state in your app registration application that you would be using your app for a "medical research purpose", along with the fit API scopes that you would be using for your medical research.
You can read the following link that describes the authorization process intended by Google, but I will will detail below how to proceed:
Enable Fitness API and create credentials
After enabling Fitness API in your Google API Console for your project (create a new one if you haven't already) then you have to apply for verification and submit the relevant supporting information for why your app needs "Medical Research" scope (basically documents related to the purpose of your medical research, which University or Lab you are working for etc). This choice happens right after adding credentials to your project when you have to set up OAuth consent screen:
Filling the app registration form
Filling accurately will speed up the verification process
On the first tab, you will likely have to provide a very solid application privacy policy link (stating which data you access and for which purpose):
Select your API scopes
Then you will have to add the scopes (scopes as API) that you would need for the purpose of your medical research:
The one you will need to read the steps is:
scopes your app needs to request.
https://www.googleapis.com/auth/fitness.location.read | Read location data from the Google Fit platform. | Restricted
Enter your Medical Research "Scope"
Finally, and this is where you provide all information related to your medical research, in the optional info - meaning optional for most users, but not so optional for medical research - already briefly stated in your privacy policy link: Its purpose, how it is financed, by which entity, what data your will be using etc. Be as clear as possible as it will speed up the review process.
Provide links about your university or company website, research papers that you have already published, or by yours peers related to the scope of your medical research:
The Forge documentation mentions “If you need an end user to authorize your app to act on the user’s behalf, you’ll want to check out this tutorial.” This makes it sound as if our app will be doing something from OurApp → Forge, reaching into Fusion data, pulling it out. Our desired action would be the user acting on their own behalf, with authorized permission, sending files to their account on OurApp.
I've genericized it, but our specific situation is as follows: we want Fusion360 users to be able to install our plugin and then send models in STL format (model derivative v2 API) to our service for 3D Printing or sharing with others. This same behavior exists for Tinkercad and is very popular, but the requirements change for Fusion, now that it is not a web app like Tinkercad.
Autodesk Forge uses OAuth 2.0 as its authentication strategy, and as part of that, the platform allows you to choose between two-legged and three-legged authentication.
Two-legged authentication means that a trust is established between your own application (with credentials that are generated for you when you create a Forge app on https://forge.autodesk.com) and the Forge services. Your application can manage its own data but it does not have access to your users data in other Forge applications.
Three-legged authentication means that a trust is established among 3 entities: your application, Forge, and your user. With an access token generated using 3-legged authentication, your application can also access the user's content in other Forge applications, for example, in BIM360 or Fusion Teams.
With that, if you plan on having your users upload STL files from a locally running instance of Fusion 360, you can use the simple 2-legged authentication and have your Forge application own and manage the uploaded data and the translated derivatives. But if you wanted to upload or download STLs to/from something like Fusion Teams, you would need the 3-legged auth workflow.
Questions regarding billing for Google API's or more specifically the places and maps Google API's.
We have an app which is part of a SAAS package. When clients use our Software we have maps and place's API built it, however we want to offset the cost of the bill using these API's to that particular client using the software.
Currently we have a single Google Project we created and enabled the API's on our own google account however this means we will foot the bill as its using our token.
Can clients somehow connect to our google project etc or do we simply need them to create their own google project and pass that token through? Is there a streamlined approach that covers this...
When we did for our multi tenant application we did create only one google project and billing was getting accumulated into a single account. We looked at what you're talked about but since google does not allow to bill separately without having separate google project. Google API billing works on google project id. We decided to bill our clients separately and handled all calls to Places API on a single google project.
Long story short - it was not easy to have our clients connect to our project without having them create their own google project we ended up with one google api project.
edit: also missed another important point - Google My Business API needed whitelisting for each project id so it was another reason to keep it as a single project
Passing the token to the application is a probably very bad idea and will result in a security risk for your client and their token if it is intercepted.
As a developer for the client they should create a token on their account and then they will be charged. They can then give it to you as the developer for use. This is however a gray area as technically you are not allowed to share your tokens with anyone TOC However i believe that client and developer relationship should be secure enough for sharing the token.
Ideally you should give the client the code they can then use their own token and run the application themselves.
We have a user who gave consent for our Cloud Project to read their Fit data through the Android app. We now want user's coach to access their Fit data through a web UI associated with our Cloud Project. Is this possible, and if so, what is the right way to do it?
Can cross-client identity be used? https://developers.google.com/identity/protocols/CrossClientAuth
I was trying to replace "me" with "user#gmail.com" in the REST endpoint but it doesn't work:
https://www.googleapis.com/fitness/v1/users/me/... ->
https://www.googleapis.com/fitness/v1/users/user#gmail.com/...
Thanks!
There is a mechanism for Android apps to obtain offline access for web back-ends highlighted in the CrossClientAuth guide from your question. With offline access, you can theoretically serve or store that data in any way that the user has consented to. Any access controls of that data to another person is something that you'd have to handle on your own.
I have been doing some research about the IBM Bluemix Cloud Integration Service and found the following links:
ftp://public.dhe.ibm.com/cloud/bluemix/cloudintegration/Cloud_Integration_for_Bluemix_User_Guide.pdf
https://www.ng.bluemix.net/docs/services/CloudIntegration/index.html
From what I have read, I have not been able to understand whether it is able to run some kind of "protocol transformation" or if it just publishes a REST or SOAP API.
I mean, imagine for example that I have a full backend publishing everything as SOAP services, but for some reason my apps only can get information through REST APIs. Does the basic connector o maybe the standard one make that kind of integration? Or do I need to put a third party product (or maybe even DataPower) to make that transformation?
Using the Cloud Integration service you can also create a REST API that links to an existing on-premises API (both SOAP and REST). Please take a look here: Creating a REST API that links to an existing on-premises API. You can upload a file that defines the on-premises API (WSDL or Swagger definition).
Please note that currently Cloud Integration cannot retrieve automatically that definition from your on-premises system. It has to be uploaded manually by the user.