I was wondering if it is possible to upload a file directly to be used with the Box View API without saving it on my local server. The idea is users will be able to upload a file (pdf, ppt. etc) and it will be used only with the Box Viewer and not saved in my server. Users will be uploading many large files and I am looking to avoid storing them.
I know Box requires a URL of the file location for it to generate the content, but is there a way for the file to be uploaded and handled with the View API?
If anyone knows of a solution it will be greatly appreciated! Thanks.
There's no way to upload directly from the user's browser, because the API does not supply CORS headers. This is for security reasons, because in order to upload directly from the client, you'd have to expose your API token (which you definitely do not want to do).
One way to not store the files on your server would be to essentially proxy a multi-part upload request to the View API (see this gist for an example of how to do it with node.js). The other option would be to use a service such as FilePicker, which allows users to select files from their own computer or any number of other services, and it just returns a URL that you can simply pass to the View API using the URL upload.
The multi-part API is only an option if you are sending large files. Here's a response from trying to send a small file:
{"data":
{"code":"file_size_too_small",
"message":"File size 23 less than minimum allowed for this API: 20000000",
"request_id":"aab58e965e91c8aa7283b2faddec5ab3"},
"status":400,"config":{"method":"POST",
"transformRequest":[null],
"transformResponse":[null],
"jsonpCallbackParam":"callback",
"url":"https://upload.box.com/api/2.0/files/upload_sessions",
"headers":{"Authorization":"Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"Content-Type":"multipart/form-data",
"Accept":"application/json, text/plain, */*"},
"data":{"folder_id":"111111111111",
"file_size":23,
"file_name":"TestUploadFile.txt"}},
"statusText":"Bad Request",
"xhrStatus":"complete"}
Related
I have stored a video file in BLOB storage. I need to stream this video but, I do not want users to go into developer mode and copy/paste URL on a browser so they can download it.
I have tried many ways to control this but I have failed. I used SAS token with an expiry, but, users are still able to download the content within that expiry period.
My latest approach is to hide the SAS Token enabled video URL behind Azure API Management Service. This will give me a different URL (which is not the BLOB storage URL) which I will expose on the HTML page. Will this approach work ?
NO, we cannot hide the backend information in a Web. You can’t hide anything that your app running on a clients Browser. Instead of that you can secure your backend service.
There are some alternate ways to do that, but we don’t hide anything on a web.
1. Mask URLs in content
The redirect-content-urls policy re-writes (masks) links in the response body so that they point to the equivalent link via the gateway. Use in the outbound section to re-write response body links to make them point to the gateway. Use in the inbound section for an opposite effect.
<redirect-content-urls />
Refer for Mask URLs in content
2. Set backend service
Use the set-backend-service policy to redirect an incoming request to a different backend than the one specified in the API settings for that operation. This policy changes the backend service base URL of the incoming request to the one specified in the policy.
<set-backend-service base-url="base URL of the backend service" />
Or
<set-backend-service backend-id="identifier of the backend entity specifying base URL of the backend service" />
Refer Set backend service
Other wise you can encrypt your video data to secure a backend
To know the possible ways see here
If a client has a valid SAS can access your storage account that was permitted by the SAS. It’s important to protect a SAS from malicious or unintended use. For that use discretion in distributing a SAS, and have a plan in place for revoking a compromised SAS.
Refer: SAS for blob
I am trying to follow DA tutorial to extract data from CAD file and post the data to a web api. Probably I can extract and save a data file in OSS( or somewhere temporarily, I haven't figured out yet), and use my web app to read this file before sending the api request. Instead of this double handling, is it legal to call API directly from Activities? Same like a plug-in in laptop, it programs a local file and then sends a HTTP call.
Thank you.
is it legal to call API directly from Activities? Same like a plug-in in laptop, it programs a local file and then sends a HTTP call.
Currently it is not possible to send Http requests from within Appbundle code, this is something our Engineering team researching.
I have a lightweight node.js module that needs to pull from google drive. They have a REST/HTTPS interface but AFAICT it's only accessible via their SDK. I want to use REST/HTTPS so I don't have to use an SDK. Is this possible for file download? For file find (file:list e.g. https://developers.google.com/drive/v3/reference/files/list)?
I don't understand why you think it's only accessible using an SDK. The link you posted clearly shows the URL endpoint, lists the optional parameters and gives the format of the JSON response.
If you click "Try it now" and open your browser console, you will see the http request and response which you can mirror in your app.
The only thing you also need to consider is that before making a REST request to Google, you must obtain an Access Token and set it in an Authorization: Bearer xxxxxxxx header, or provide it as a query parameter as &access_token=xxxxxxxxx
Trying to implement Slingshot for Google Drive.
(Using a service account for storing application specific files).
In this scenario, there is no way to know the download url until the upload is complete. It is a difficulty while implementing the upload function. (If I do as two separate uploads, one for meta data( separate post outside of Slingshot transfer method), I could get the download url and pass the id in the return parameters, however, that's inefficient. Ideally, need a way to get the download url from the xhr response. Plus, need a way to send the file meta data and the file as multi-part.
Anyone?
I'm building out an API and have a question about how to track/know which domains use the call after the KML gets picked up by Google's servers for rendering.
So, for example, my domain that is serving up the KML file is called kml.example.com from a PHP API. Someone on the domain www.metromapper.org builds a page that creates a Google map and then calls my file using Ajax to overlay my data on their map. Google grabs that KML file, then serves it back to the user.
Here is that example in action: http://www.metromapper.org/example/apitest.htm
(Click the center map marker to see a popup of all the PHP server variables available to the kml.example.com script.)
Since Google is grabbing it, I can't use the PHP variables REMOTE_HOST or REMOTE_ADDR to get the metromapper.org site info. They only tell me Google's IPs.
So is there some other way to get this data? Does Google happen to return it in the header somewhere? Any ideas on how to track or pass the originating remote host name around so I can get it when the call is made? Thanks, I realize this might not be solvable.
FYI, I posted this question too, but it was before I knew it was Google's IP in the REMOTE_HOST.
You could construct your KML URL like so:
var layer = new KMLLayer("http://yoursite.com?caller=" + window.location.host);
Your server will then get passed the hostname of the current page as a CGI parameter, which it can record.
Note that this has implications for caching—every site which embeds your KML file will append a different caller parameter, so Google will not be able to share cached copies of the KML between multiple sites. This may impact performance.
A better strategy may be to make an AJAX call to your domain each time someone loads the KML file, e.g.:
var layer = new KmlLayer("nice_cachable_url");
LogQuery(layer, window.location.host);
LogQuery would use AJAX or a similar technique to send the KML Layer ID and current host name to your server. Your server can then track this.
It looks like this is not possible FYI. There is no way to pass a chunk of data like this to Google's API and get it back in the data all.