My question is somewhat related to the following question already posted:
CloudTrax - Programmatically authenticate client?
I am extremely new to CloudTrax. I have read their documentation related to HTTP Authentication, which I understand for the most part, but I must admit that I'm uncertain where or how to send the "ACCEPT message". Does this need to be sent back to CloudTrax? Is there an API endpoint that I haven't found in their documentation?
If anybody could clarify this for me, it would be greatly appreciated.
Thank you in advance!
Very late response, but hope it may help.
ACCEPT is a response given by a RADIUS. In other words, the RADIUS will decide whether to authenticate the client, based on the details (ie. username / passwords) sent.
The access point will keep track of who's authenticated and who's not, requesting access from the RADIUS when necessary.
Related
at my company we want to make use of the relatively new API feature "Automerge" (not through a UI but through an API call),
However we can't seem to find any documentation of a webhook (or other asyc way) of finding out if a merge request failed and why,
anyone know a way to receive such a notification?
Thanks! :)
Hope this saves some work for someone out there,
we asked Github.com support directly and they said there was no async / webhooky way of doing this (as of Nov 2021).
Here's a quote from the support person when asked if there were a way to find out, here's what they wrote:
There wouldn't be a great way to discern that (reason for failure) and
it may be better when you see that, to use the REST API to Get the
Pull Request to get some additional information.
looking at the documentation as suggested in the quote above it seems that through the "closed" action and "merged" key one could discern whether a merge was successful or not, but without any further information about the failure.
When trying to getting response from https://developer.api.autodesk.com/bim360/admin/v1/projects/:projectId/activities it rises 403 error with details - Route not enabled for account. But, for example, request https://developer.api.autodesk.com/bim360/admin/v1/projects/:projectId/users has successfully responsed. User has all admin permissions.
Can every one help with that? :) Are there another ways to get project activities?
Unfortunately, activity API is not released yet, so you cannot use it currently. Please stay tuned with our official announcement in the further. Apologies for the inconvenience!
I am building a basic app using node.js and mysql and just getting a hang of it, I would like to secure the api,like only allow certain people to access the data, maybe by passing a certain token each time a user requests for some information, I tried searching for certain tutorials which used node.js and mysql database and security, I am confused as to which security measure to use, I even read about Json Web Tokens but din't find a proper tutorial for that.Please point me in the right direction.
EDIT
What I meant to say was, only authenticated users are allowed to get access to data in the api, when a random visitor tries to access a URL he shouldnt be alowed to without proper authentication,what I am mostly looking for now is when a user is authenticated the user should be a sent a token of some sort so then gets access to private data,I don't exactly know how to go about this whole thing.Would be glad if you could clear it up for me.
I would look at implementing Oauth2 server in your app. I found this article useful:
http://blog.papersapp.com/oauth-server-in-node-js/
No sure what your exact question is about, but I think the below will help:
Node.js security tips: http://blog.risingstack.com/node-js-security-tips/
Secure Express apps with various HTTP headers: https://github.com/helmetjs/helmet
Go on an educational Web security adventure: https://github.com/toolness/security-adventure
Node.js Security presentation: http://www.slideshare.net/d0cent/nodejs-security?qid=c450507b-e491-4e9a-9b05-89d0c82ea10b&v=default&b=&from_search=6
Take a look at http://passportjs.org/ . Passport has support for alot of authentication methods, however, for your API, you will probably want to use OAuth (http://passportjs.org/docs/oauth2-api). OAuth is what most popular APIs use to authenticate consumers.
For simple projects, You can also use basic authentication, which is what you see when you see the browser prompt asking for username and password. This authentication information can be sent in the header when API consumers makes requests.
I am creating an API server which serves a card number validation and transaction insert.
Sample API URL = http://mydomain.com/api.json?cardnumber=2342343244&api_key=jhj67asd234tgbh123
Existing system:
I am providing an api key to client systems (say ebay.com). I am providing a discount if the user have a valid card. So my client will provide a form field to his end users to enter a valid card number.
Problem:
My client is writing ajax request to my domain to process the validation. The problem is the api key is visible in console and anyone can do the request outside of the client system (security loss).
Propose system: Please propose a system where my api key is hidden, so that the request will be processed securely. The solution may be any other way of writing an API.
I have less knowledge about API. Any help will be appreciated.
In my experience there isn't an easy way of doing this.
The only method I know about is providing the client with a one-time key. As soon as its used, it expires and the client will need a new one.
In this manner it doesn't matter that the key is visible in the console as its only ever going to be valid for a single request.
I hope that helps but I'd love to hear about any suggestions anyone else has.
We're opening an US office shortly and i've added the new domain (domainus.com) to our exchange 2007 environment as an "accepted domain" and added some addresses as SMTP addresses to a few members who can receive properly - yey :).
We want to send from these addresses too but I can't figure out how to make this work, I get the error:
"You are not allowed to send this message because you are trying to send on behalf of another sender without permission to do so. Please verify that you are sending on behalf of the correct sender, or ask your system administrator to help you get the required permission. "
I'm not well versed in exchange so i'm not sure what to search for to try and figure it out. I've tried:
Adding themselves to send to "Delivery options > send on behalf" and I edited the default email address policy for the organisation (which wasn't being applied before.... so I don't think it would make any difference).
Any suggestions welcomed.
Thanks in advance.
I know it isn't much help, but I was having the same issue, and getting the same error. I ran across this page that lists 4 ways to do it. None of them are what you would expect, except for the application that you have to purchase.
I do think if you have a gmail account that you could send as the alternate email address, and all replies etc would come back to the exchange account.
On the user account, in Active Directory, under Security, under the SELF account, select the Manage Send As Permission option.