I would like to know if it is possible to generate Web API keys to make requests on my GraphHopper instance? Is there an existing protocol for generation?
There is no need to create a key for your self-hosted GraphHopper. If there was you could easily disable the check by editing the source :)
Related
I am currently developing a full-stack web application for the first time. It is a store that needs to give users the ability to upload "books", edit, delete, and manage them. As of now, I have a React front-end, that calls an Express API using Axios that queries a MySQL database. This currently can manage the product details, titles, and simple labels and relations.
However, I now need to store images and .json files dynamically as well. So, I have researched and need to use Azure Storage to store these images and allow access to them by the end-user. I have researched it and the client would like to use Azure storage as well.
I have gotten quite overwhelmed looking into the Azure documentation for Javascript image uploading, and every "tutorial" starts with create a web application, storage account, and app service.
All I would like to do is store images from the user in Azure storage, so that when I eventually deploy the website, the data is available to be accessed and then my front end or API can call Azure to get the images for the user. I apologize if the question is confusing or vague, I am really just overwhelmed by Azure's documentation and it seems like such a simple and common problem. Any guidance or references would be greatly appreciated.
Yes, it's quite possible. You simply create an Azure Storage account and upload your files as blobs via that account. Then they will be available publicly on the Internet, and your web application can reference them from wherever it is hosted.
It is possible as I believe it is quite a common practice to have a Content Delivery Network to deliver the images. I am not very familiar with Azure but I am with AWS and I can tell you that you can use an AWS S3 bucket to store the images and JSON. It comes with many different configuration options to allow content to be protected or open to the general internet.
So I have the website that provides the API for logging in/registering/etc. And I have the MediaWiki set up at my server.
I need to disallow MediaWiki registration and only allow logging people in through our API. So, when the user tries to login, no request to MediaWiki db for the user should be done, instead the request to our API should be done, logging person in if our API returned the correct data and displaying an error if it didn't.
Is there a way to get it done with MediaWiki?
Thanks in advance.
Your question is very broad and involves some development but also a lot of configuration as well. So, let's start:
First of all, you need to somehow integrate with the API you mentioned, which is possible by developing your own primary authentication provider. See the high level documentation. In this, you will have all the necessary entry points a user might hit when logging in or registering a new account and you can "translate" them to the actual actions which you need to do in your API (which you do not mention what it is or provides, so we can not give you better guidance here).
The second step would then be to configure this new authentication provider as the only one using $wgAuthManagerConfig which will in fact disable all other ways of creating other accounts as well as logging in with other accounts then the ones provided from your API.
If you've more questions, I would suggest that you provide more information and specific points where you're stuck :)
You can have a look at Extension:Auth remoteuser, it could fit at least partly you needs.
I am having problems trying to get WF4 to call JSON services. I wanted to know if anyone has used any other types of JSON based workflow engines that are either free or open source, and have a good designer.
What do you want to do? Do you want an activity to call a specific service that returns a json object? If so, than you just need to create a custom activity which calls this service with http client for instance.
Have a look at Workflow Engine. Though the engine itself uses XML, I'm sure it won't be a bother implementing a converter. And it does have a visual HTML5-based designer.
We are working with Shopify to get a web solution implemented. I am looking into how to get data from Shopify using your web service API. We are going to be using SQL Server Integration Services (SSIS) 2K8R2 to do this. Do you happen to have an example that shows how to connect SSIS to the Shopify API for us to use?
Thank you
I'm not aware of anyone using SSIS to connect to Shopify, so I don't know what that entails. However, Shopify's API is a standard RESTful interface, so I recommend researching how to talk to such services from SSIS.
As far as I know there are no specific examples of this. It is a pretty standard rest API so should be straight forward enough. If you can use c# then there is a library you can use. Other wise all you really need to be ably to do is make http requests.
Making webservice calls through an SSIS was never easy. I am not sure if this changed in 2K8R2. Your best bet is probably to create a web/windows/console application and connect to it. I have used the following .NET shopify wrapper with success:
https://github.com/robconery/ShopifyApi
Hi I have a question regarding security, and web services.
I need a web service to provide an interface for the underlying mySQL database. I am trying to get a Blackberry Application to store data on the web servers mySQL database through a web service.
My question is, how can I ensure that the bb-application is the only thing that is using the web service? The web service will essential insert data into a table. I want to ensure that only the bb-application is allowed to use this service and not someone who figures out the service and starts spamming my table.
Any pointers, best practices or links are greatly appreciated.
Also what sort of web service is best in this scenario?
Take a look at basic authentication over SSL. Configuring the application to include the username/password in the header should be fairly straightforward and the SSL connection will ensure they're not being transmitted in cleartext.
Use net.rim.device.api.crypto.HMAC to implement HMAC authentication and validation. Establishing end to end SSL connections on a Blackberry can be problematic and dependent on wireless provider support unless your users are activated on a corporate BES (which I srongly recommend as part of the solution if you want robust security).
I am going to assume that the BlackBerry application is made by yourself as well. How you can then do this is by creating a sequence or hash that only your application can create, that the web service can verify. For instance, in the beginning of the process, or better, for each step the web service sends down a key sequence, which maps to an internal dictionary within your application on the method to make the unique hash.
The flow would then be as follows:
Perform data task in BB application
Ready to transmit data to web service
Create unique hash from data + your own information from the mapped dictionary
Transmit the data with the key
Web Service verifies the key. If validation fails, it discards the data completely, if succeeds, it will then do what it needs to do.
Continue.
HTH
Disclaimer: Assuming this is an open ended WS.
Also see my answer here.
I would go with a REST web service over HTTPS it would take your problems away. I dunno anything about blackberry apps so I can't give u any pointers on how to use HTTPS in that platform.
If you are creating a SOAP web service then you want to read about ws-security.
Others have indicated using SSL to secure the site. However, that is only one part of the puzzle. Kyle was close with the second, but didn't quite cut it.
The answer is that every single transaction which is posted to your web service must contain some type of authorization key. That key can be pre-shared and baked into the application OR it can be acquired through some other means and set up as part of the application install / configuration process.
Nearly all companies which provide web services online following this method. The idea is that regardless of the underlying protocol (ssl for example) you have to validate that the request is indeed coming from an authorized device / program. Some vendors have the users create a unique key for each user, some for each device, and others just 1 key for the entire organization. Regardless of how deep you take it there is in fact a key.
The key usually isn't that large. It might be anywhere from 15 to 40 alphanumeric characters.