I want to use Zapier to register a new Wordpress user — the trigger will be a new purchase on Gumroad.
This plugin — https://wordpress.org/plugins/json-api-user/ — allows you to register users using a public JSON interface, eg by hitting
https://example.com/api/user/register/?username={{email}}&email={{email}}&nonce=blahblahblah
I'm new to all this, but know that I can get Zapier to insert the purchaser's email from Gumroad into {{email}}.
My question is, how can I do this in a secure way?
(At the moment anyone can hit example.com.com/api/get_nonce/?controller=user&method=register and get the key they need)
And maybe it can even be done without using Zapier?
I'm assuming that the nonce is only good for a short period of time, like a couple minutes? If so, what you want to do is lock down the /api/get_nonce/ endpoint to require a password. That way only authenticated users can get a nonce, which can then be used to create the user.
As for how Zapier fits in, it's a bit complicated to custom build a two-request process like this. You would have to make your own app on the Developer Platform do the nonce call and then the user creation.
I use the following plugin to create users (via Zapier) on my WordPress sites after someone signed up on my Teachable school: WP Webhooks Pro
This plugin allows me to either POST the data to my WordPress site via JSON, XML or a simple form data. In my case, I don't need a nonce, since the plugin generates API keys that I can use to push my data to.
Related
I've searched and I can only find tutorials to pull info from a server to update the latest info of my PWA app using JSON. But I can't find any way and any example to fetch data back to a server to mantain for instance a Database updated and display that to all users which may use that PWA.
For example, I have a PWA that let me login (client-server communication), then it displays a list of contacts that were stored in a Database. I can delete, modify or add new users to this list from my PWA app, and after doing that, they'll update on my server Database, so if my friend Paul, wants to check the updated list from his account, he'll see the new changes.
How Can I do that? Which language would I have to use, php and Javascript (Ajax)? Which is the most fluid and optimized way to do it according to a Progressive Web App.
I guess you are trying to store user changes back to the server(webservice and then to the data base).
You have to make an AJAX call to your web service and pass the required data needed to store in DB.
Here is an example.
https://www.w3schools.com/xml/xml_http.asp
Depending on the framework you are using, you might have more options to call a web service. Like here is an example for Angular -> https://www.w3schools.com/angular/angular_http.asp
I need to implement electronic signatures from an Access database without using a signature pad. I do not have an actual document that needs to be signed - just a field on an Access form. We currently use a Topaz signature pad but are needing to get away from that.
Thanks in advance,
Karen
Yes, you can. There are several .net api to access DocuSign.
You can use them to create the DocuSign envelope. You will also need to implement something to retrieve the signed envelopes. There are two options:
a cron job that calls DocuSign to get all the updated envelopes since the last call
a REST service that DocuSign will call to inform your application of every event that happens on your envelopes.
If you want to use the second option, your REST service should be open to Internet (you can find the subnet to open in the DocuSign documentation).
DocuSign is used to sign documents, not data. Since your database is holding a form's worth of data, I suggest that you:
Create a template in DocuSign that represents the Access form
When you make the Envelopes: Create call to DocuSign, populate the template's data fields with the data from the Access db.
The result will be a signing request that looks like the form in your database.
Once the document is signed in DocuSign, you can record the envelope ID in Access. It can then be used to view the signed document. Or you can download the signed documents and store them locally.
Ask further questions here if you have any difficulties.
I'm working on a an application where my back-end server will push and pull data over the google drive sdk. So, the back-end will only ever need a authorization via a single admin user's set of credentials.
Is the best way to do the authorization for this use-case to do what's described here?
https://developers.google.com/drive/web/auth/web-server
It looks like I would manually authorize my back-end's user once and store the refresh token for later offline access, thereby not needing manual/human interaction ever again.
But is that actually the best way for this use case? Is there another authorization workflow that I've overlooked?
The method described at the link you sent is appropriate when you are authing several end users. I find it's overkill if you only ever need to auth a single user. Too much code and faffing around for something that will only be used once.
Check out How do I authorise an app (web or installed) without user intervention? (canonical ?) which is a one-time procedure which gets you the same result, without writing any code.
Having worked on it some, I think the best way for my application is this:
https://developers.google.com/api-client-library/python/auth/service-accounts
You create a Service Account through the admin console. There's no messing around with a manual authorization step that could later break the app.
First I apologize if I'm a dolt and am missing something obvious, but I've spent a few hours scouring documentation and am lost.
I'm trying to write a python script that will upload a bunch of images to a single user's Google Drive. The user already exists and will never change. I am not writing a web app and don't plan to use any user interface whatsoever. Everything will be done through code.
As best I can understand from the Google documentation, I have two choices:
1) Write a web app and register it to use the Drive DSK. This of course requires having urls and such for the web app.
2) Create a service account, which ties my "app" to a new service account email.
Neither of these options works for me. Is there any way to simply log in to a single user account and access their drive through python scripting?
There is a deprecated API called ClientLogin that would enable you to use the username and password for a login to access that Drive data.
But the basic idea is that you should be using something more secure -- from your users' point of view -- that allows them to authorize you without giving you their password.
For your use case it is possible that the user is you or someone you know and that you are accessing their account through a more personal kind of authorization. In that case, ClientLogin may be your best choice. If this is an application designed to be used by arbitrary users, the deprecation of ClientLogin is for a good reason and I would urge you to bite the bullet and choose one of the supported options.
The correct solution is to separate the authorization phase from the access phase. The authorization process needs to be run one time only, and can be done from a simple web site. The result of this is a refresh token which is analogous to a username/password. You will need to be aware of the security implications. Make sure you only grant drive.file scope to minimise the impact of a security breach.
Since you are uploading images, you might also want to look at the picassa api.
I am looking at creating a good google chrome extension for tumblr.
Now tumblr uses Oauth as it's authentication method.
So my question becomes.
Do I:
Distribute a single key with the application and hope people are nice enough to not use it for illegitimate purposes.
Put in the options the ability for a user to enter their own key, hence asking each user to register an application.
Create an intermediary on my server that makes the actual request.
Something else?
I also had to consider this for my Template extension when using OAuth to communicate with the goo.gl URL shortener service on the user's behalf.
After reading Chrome's OAuth tutorial I managed to implement this simply using the following;
ChromeExOAuth.initBackgroundPage({
access_url: 'https://www.google.com/accounts/OAuthGetAccessToken',
app_name: chrome.i18n.getMessage('app_name'),
authorize_url: 'https://www.google.com/accounts/OAuthAuthorizeToken',
consumer_key: 'anonymous',
consumer_secret: 'anonymous',
request_url: 'https://www.google.com/accounts/OAuthGetRequestToken',
scope: 'https://www.googleapis.com/auth/urlshortener'
});
This is surrounded by quite a bit of logic due to the complexity of the extension but this results in the user simply being shown a page (on a new tab) the first time they attempt to shorten a URL using my goo.gl implementation. Here the user can decide to allow/deny the authentication. Since this is only done once (unless the user later removes it from their list of authorized applications) I thought this was fine and my users seem to agree.
I did also provide an option to toggle OAuth on/off but I'm guessing this will always be required for the tumblr API. On that note I must admit I'm not familiar with that particular API so I'm afraid I can't help you further.