I've been looking for an exact explanation of how to get and use access tokens for public pages.
I'm trying to list the events for a public page, then grab all the event IDs and make another call to each ID, then send the complete list somewhere (I will handle that, I just need access to the JSON information for each event, which I can't). The following works for me:
https://graph.facebook.com/pages/PAGEID/events?accesstoken=ACCESSTOKEN
And gives me a list of all the events - when, title, where etc. But if I try to do:
https://graph.facebook.com/events/EVENTID/?accesstoken=ACCESSTOKEN
I get an error 100 - why is this? Shouldn't this work? All the events are public, and since fetching the page's events works, it shouldn't be because of a restriction (alcohol, location etc) I assume?
The ID should be used directly after the facebook URL, like:
https://graph.facebook.com/EVENTID?access_token=ACCESSTOKEN
Related
I'm making a web app where users can create pages, edit them, and delete them. In developing the prototype, I have a user access a route such as:
localhost:8000/mypage/1
The "1" in the URL refers to the ID in the database, so that the controller can fetch the appropriate associated data and populate the page accordingly.
The obvious problem here is that a user can plug in any number to that URL and edit someone else's page.
One obvious fix would be to add logic that checks whether or not page '1' belongs to the Auth::user(). But this would be an if statement that I have to add to every controller that carries out such function.
When I think about other sites, they never have ID's in the URL, or if they do, they look 'encrypted' in some form. What is the best practice for changing an ID into some uninterpretable string that I frequently see done on other websites?
Thank you for any help.
why don't you just use a middleware that check if the route can be acceded by the user? then you can call it with
$this->middleware('middlewareName');
in the controller that you need it or even in the web.php if you want a whole set of routes protected
When I try to get JSON from this URL :
http://gdata.youtube.com/feeds/api/users/user/favorites?v=2&alt=jsonc&max-results=1
I get this message :
{"apiVersion":"2.1","error":{"code":403,"message":"Not allowed.","errors":[{"domain":"GData","code":"ServiceForbiddenException","internalReason":"Not allowed."}]}}
Any ideas?
Thanks for help.
Update :
I already made all video as public. This is my real URL :
http://gdata.youtube.com/feeds/api/users/ptiundiksha/favorites?v=2&alt=jsonc&max-results=1.
I also try to get uploads channel, and it's only return an empty array.
http://gdata.youtube.com/feeds/api/users/ptiundiksha/uploads?v=2&alt=jsonc&max-results=1
I think in that URL, where it says user, you need to replace that with a valid YouTube username.
The error message (code":403,"message":"Not allowed."), means that the "user" is keeping his favorites list PRIVATE. It only works if the "user" makes it PUBLIC or if you also provide an access_token.
Note, that API V2 is deprecated.
Update 9-25-2013:
When i try your url "http://gdata.youtube.com/feeds/api/users/ptiundiksha/favorites" the result is: "Not allowed.". This means you have made this list private. You can set this list to PUBLIC by unchecking the check-box "Make this list private" in https://www.youtube.com/my_favorites (when you are signed-in to YouTube). And assuming you have some videos in your Favorites list which are also public.
When i try your url "http://gdata.youtube.com/feeds/api/users/ptiundiksha/uploads?v=2&alt=json" i do get a result. the response shows that there are 56 videos in that list. If you get an empty list there could be something wrong in your code.
For most events in the Box API, the source field of the event notifies the client of which object has changed.
For the two sharing events, ITEM_SHARED_CREATE and ITEM_SHARED_UNSHARE, the source field of the event is always set to null. AFAIK, there's no ID in the event entry that points back to the object that has been shared or unshared. Without doing a full rescan of the Box filesystem via the API, is there a way to determine which files/folders have been shared/unshared?
Here's an example response, note the null source field:
{"type":"event",
"event_id":"57b34bc08ed2720fb72c2a1aba56cc6b399e8e7d",
"created_by":
{"type":"user",
"id":"xxx",
"name":"Joe Polastre",
"login":"joe#xxx"},
"created_at":"2013-02-14T20:39:22-08:00",
"recorded_at":"2013-02-14T20:39:23-08:00",
"event_type":"ITEM_SHARED_CREATE",
"session_id":"925514914511d78b532462",
"source":null}
This looks like something we need to fix on our end. Please email into us at API AT box.com if you'd like to be updated on the progress we make.
Thanks for your reply for my question: Is this a bug of Box API v2 when getting events
This is a new problem related to this. The problem is that I cannot reliably use the next_stream_position I got from previous calls to track events.
Given this scenario:
Given the following two GET HTTP queries:
1. GET https://api.box.com/2.0/events?stream_position=1336039062458
This one returns the JSON file which contains one file entry of myfile.pdf and the next stream position = 1336039062934
2. GET https://api.box.com/2.0/events?stream_position=1336039062934
This call uses the stream position I got from the first call. However, it returns the JSON contains the exactly same file entry of myfile.pdf with the first call.
I think if the first call gives a stream position, it should be used as a mark for that exact time (say: TIme A). If I use that stream position in subsequent queries, no events before "Time A" should be returned.
Is this a bug? Or did I use the API in the wrong way?
Many thanks.
Box’s /events endpoint is focused on delivering to you a highly reliable list of all the events relevant to your Box account. Events are registered against a time-sequenced list we call the stream_position. When you hit the /events API and pass in a stream_position we respond to you with the events that happened slightly before that stream position, up to the current stream_position, or the chunk_size, whichever is lesser. Due to timing lag and our preference to make sure you don’t miss some event, you may receive duplicate events when you call the /events API. You may also receive events that look like they are ‘before’ events that you’ve already received. Our philosophy is that it is better for you to know what has happened, than to be in the dark and miss something important.
Box events currently give you a window roughly 5 seconds into the past, so that you don't miss some event.
We have considered just delaying the events we send you by about 5 seconds and de-duplicating the events on our side, but at this point we've turned the dial more towards real-time. Let us know if you'd prefer a fully de-duped stream, that was slower.
For now, (in beta) if you write your client to check for duplicate events, and discard them, that will be best. We are about to add an event_id to the payload so you can de-duplicate on that. Until then, you'll have to look at a bunch of fields, depending on the event type... It's probably more challenging that it is worth.
In order to help you be able to figure out if an event is a duplicate, we have now added to each event an event_id that will be unique. It is our intention that the event_id will allow you to de-duplicate the responses you receive from subsequent GET /events calls.
You can see this reflected in the updated documentation here, including example payloads.
Ok so here is what is happening:
I have a client that I am building an application for. My client has a flowchart that they would like posted on the front page of their application. Check. My client then wants this flowchart to be set up as an image map so that a user could click one of the boxes in this flowchart and be taken to a report in another part of the application. Check.
All of that is elementary and, in a technical sense, works. The issue is, and it is an issue I have encountered before with APEX, is that every time a user clicks one of these links it takes them to the login screen. It seems that linking directly to a page's URL breaks the session and requires you to login again, even if you are linking from one page in the application to another in the same application.
I have played with all of the authentication settings in a hopes of fixing this and tried to determine what is breaking the session exactly but with no luck.
Has anyone else had this problem and could share their method for fixing it? I really cant have users logging in every time they click a link and I also cannot simply remove the authentication on the pages. Thanks in advance.
You should pass on the session id in your links. If you don't, then apex will see this as a new session. You can tell from the url: take note of the session id in your url when you are on your image map. When you select an application, take another look at the session id part in the url. If they are different, then you are starting a new session each time.
/apex/f?p=190:90:1674713700462259:::::
190 -> application id
90 -> page id
1674713700462259 -> Session id
To pass on the session, it depends where you construct your links.
In PLSQL, you can find it through :SESSION or :APP_SESSION
For example, in a plsql dynamic region: htp.p('the session id is '||:SESSION);
In javascript code you can use $v("pInstance") to retrieve the value dynamically, or use &APP_SESSION. which will have the value substituted at runtime.
Small example:
function printsome(){
var d = $("<div></div>");
d.text('&APP_SESSION. = ' + $v("pInstance"));
$("body").append(d);
};
So you probably just need to alter the construction of your link somewhat to include the session!
I was assuming the binding variables will do the job. But they were helpless.
Best way is to pass the current session id to an item then use the item value in the link.
f?p=&APP_ID.:32:&P31_SESSION.:::P32_CUSTOMER_ID:#CUSTOMER_ID#