Bundle context and variable propagation - zapier

I'm looking for a way of propagating information between the authentication script I've setup in my Zapier app and the different actions/triggers I have.
For now it would be a URL defined in a custom zapier form when authenticating a user that I could spread across all the actions/triggers scripts to make the calls properly using a context variable somewhere (not existing in bundle apparently).
I guess the environment global var is not the way as it's not bound to a specific zap but for all usages of the app.
Thank you for your help!

David here, from the Zapier Platform team. Great question!
If you're looking for data that will be unique to each user, but consistent across each of that user's zaps, you're looking for auth fields! They're filled out when a user authenticates (enters their password, connects oauth, etc) and are accessible to all zaps that use that auth via bundle.authData. A user might have multiple auths (in the case of multiple accounts with your service), and each one will have its own version of the auth fields.
Hope this helps. ​Let me know if you've got any other questions!

Related

Zapier variable propagation

I'm looking for a way of propagating information between the authentication script I've setup in my Zapier app and the different actions/triggers I have. The data I am receiving is from authentication API which I want to use further in Triggers and Actions. I guess the environment global var is not the way as it's not bound to a specific zap but for all usages of the app. Thank you for your help!
Tried setting value in bundle.authData in code mode while authenticating user, but it's reflecting across triggers and actions.
API Key authentication does not support the ability to save off keys you might need later, only Session and OAUTH provide this ability. This are computed field and docs about it are here:
https://platform.zapier.com/docs/session#computed-fields

Impacts of removing OAuth 2 (solution by Facebook/Google)

I have ran to the situation where I have to remove Facebook/Google authentication option from my app. So I want to know all the pain during this process.
What about user data ? Is there any possibility to link newly created user with data from previous facebook-login-based user ?
Any other situations which I have to fix ?
Oh my God. I personally do not think that you should do that. Yes, if their users in your application that have logged in with one of these providers, then yes their data possibly could be deleted. I mean if you have stored the access tokens to retrieve information about them, then you will be fine I think. But, if you remove OAuth2.0 then your users will not be able to log in with anything else, such as local authentication, due to the fact that they have not created an account via your local authentication system, as they do not have provided a password for their account. They only gave consent to read or write data about themselves, and you only know their email or username. Last but not least, a move like will definitely harm your User Experience (UX) throughout your application and your marketing as well.
I hope that helps! Try to search about some alternatives to solve your issues.

Cronjob to sync comments with disqus with oauth

I'm trying to set up a cronjob that syncs comments between Disqus and my database.
Everything is ok with the basic API, but I also need to store Ip addresses and emails in my local db. Reading the documentation, I found out that I need to use oauth and to declare a specific scope in order to get those "confidential" data.
So I set up a script that does everything and it actually works: everything is ok if I access the test page on my browser, trigger the authentication and ALLOW disqus to access my account stuff.
The problem is that I can't do this manually every 10 minutes. I need this to work on a cronjob set up on my linux webserver, but it doesn't work: of course my cronjob can't click on the ALLOW button etc.
Am I missing something? Is this a dumb question? :-)
Thanks in advance
Your API application includes an administrator's access token (it doesn't expire, so keep this secret!) to perform functions like this, so you don't need to authenticate constantly. So there's two things you need to do:
Get your admin access token from your application here (details page): http://disqus.com/api/applications/ - then use this to authenticate in your server-side script.
On the same page, go to the settings page and change the default permissions scope from "Read & Write" to "Read, Write & Manage Forums"
This will make sure you get all the sensitive data you need synced up.

Managing Multiple Access to a User account in a web app using Cookie

In may Rails web application, I need to enable more control in user authentication like if a user after registration will have specific credentials to login. So he/she should be able to login from a particular system(PC) only. This can prevent other users from logging in even if they know the particular users' credentials. Can we use Cookies for this purpose? Will Cookie always be unique if we access a particular web app from a particular PC? Help me to have a better solution.
Thanks in adv :)-
In my opinion, use cookies with caution, when you have no other options.
In this particular case (i.e. identify a unic computer), I think you can identify it by 2 solutions :
A stupid cookie with a value you know. The problem of a cookie is that a user can simply copy/paste the cookie value to another computer to have same access.
A unic key computed from computer data. You can create it with some accessible informations from this computer : browser, browser plugins, browser version, operating system, etc. This key can now be stored as a cookie. You have to check if this key is valid, regarding your identification function. Copy past have no effect because source informations are not the same. The main problem of this solution is it's 'too' secure : if the user change its browser, add a plugin, change its browser version, the function to compute key will not work at all.
This is the second solution I use, with this informations for example Rails Browser Detection Methods or https://github.com/josh/useragent
You can store secuirity token (md5 hash or something else) in the cookie, and check it for access.

Building an api as a service

I am building an api for others to use. This is a simple enough Json request the user passes as some data and we pass some back.
What I would love is to secure our api and have some sort of user system where we can turn users on and off and we can log how many requests each user makes.
What would be the best way to do this in Rails? I don't want it to slow down the request. I can see ways of doing it using devise maybe but would be great to hear other people's opinions.
Thanks
Another way is to use 3scale (http://www.3scale.net) - it's free up to a traffic cap but handles all the key management, users, documentation etc. and there's a ruby library which you can drop into your code if you're using rails. (other libs are here: https://support.3scale.net/libraries).
I've done this before using the Token Authentication capabilities of devise (see https://github.com/plataformatec/devise ).
I found the following setup works:
Create a user account for each api user.
Configure devise for token authentication
Set the Token Authentication configuration to require the token to be submitted with each request.
This will allow you to enable and disable individual users as well as to track every request back to the api user that made the call.
If you're really interested in tracking usage you may want to consider also creating a database table where you track all api requests. This can be setup to belong_to the users table so that you easily find all requests from different users (e.g., #user.api_requests).
The count of all requests made by a user would be:
#user.api_requests.count
# or use a where clause to find how many of each type
#user.api_requests.where("api_request_type = ?", 'SomeAPICallType').count
One final note -- I recently used the Grape library for building out an API. I thought it was pretty well done and it worked great for our needs. I especially like the ability it provided to version APIs. Details are here: https://github.com/intridea/grape/wiki

Resources