Azure Mobile Apps - Request user profile information - ios

How do you make a request to Google to get a user's profile information with the returned tokens from Azure Mobile Apps? Specifically I am using the iOS Microsoft SDK in Objective-C.
I found this article but it looks to be referencing old information based on the date and the response that was returned.
I also tried calling /.auth/me as a GET request, but that returned Cannot GET /api/.auth/me

You need to make an HTTP request to /.auth/me, but without using the custom API support that's in the iOS SDK. In other words, use NSURLRequest directly, and not MSClient.invokeAPI. Your call needs to be authenticated, so put the token from client.currentUser.mobileServiceAuthenticationToken in the X-ZUMO-AUTH header.
We have an open feature request to add a method to the client SDKs to make this easier: https://github.com/Azure/azure-mobile-apps/issues/30.
And, you're right that your article was referencing information on Azure Mobile Services, which behaves completely differently when it comes to authentication.

Related

Stripe Create User Function in Swift

I was just wondering if there was a simple function to create a customer in the Stripe API from my app in Swift? Instead of having to create a manual HTTP post request to my server, "createCustomer.php", and then retrieve the results (This is what I do right now).
I tried to search this up on Google, but I can't seem to find anything. I simply want the user to save their card details for later user, that's why I am in need of creating a customer.
Thanks in advance!
Except for payment information tokenization (which is done via Stripe's iOS or Android SDKs in mobile apps, and Checkout or Stripe.js in web apps), all API requests must be sent from a backend server.
The reason is that aside from token creation, all other API requests must be sent using your secret API key. You cannot embed or share the secret API key with your mobile app in any way, as it would then be possible for an attacker to retrieve it and use it to issue API requests on your behalf.
This is why there is no Swift function to create a customer -- the customer creation must be done from your backend, using the server-side language of your choice.

Get facebook Page Access Token using SLRequest

How do I get Facebook Page Access Token using SLRequest (with a graph api call) on iOS.
I have an app that posts photos to a particular Facebook page. I've got it working through php so I know there is no issue with obtaining such permissions. But I need to do it completely in native iOS now.
In iOS, I've got post permission to said page owners feed, but that's not what I want. when I use the app token to post to a page (this is a photo album on a public facing page) it gives me 'permission denied errors'
I have this working through php using
$request = new FacebookRequest($session, 'GET',
'/me/accounts?fields=name,access_token,perms');
Just need to get the same for iOS using SLRequest as I'm using iOS Social framework
Thanks for the help
You should not make call to the Graph API using an App Access Token from a device. That is because the App Access Token should be considered like a password; storing it on a device is insecure because the token can be extracted using special software.
You can read more about this here: https://developers.facebook.com/docs/facebook-login/access-tokens#apptokens
...Again, for security, app access token should never be hard-coded into client-side code...
You can handle your situation in two ways:
Just make the call using the User Access Token. If you have the correct permissions from the user, you can post as that page to the photo album.
Send the data to your own servers and make a call, using App Access Token, from there to the Graph API.
I would suggest you use method 1. Its also for your rate limiting better to use User tokens instead of App tokens.

IOS to Instagram API --> Signed Request

I'm having some trouble understanding the Instagram API and can't seem to find a clear answer online. What is the difference between Server-side flow and Implicit flow in terms of security? I understand there is an additional step for exchanging a code for a token when using Server-side.
I am in the middle of developing an IOS app that uses the server-side flow. I am storing the client-secret within the IOS app itself and am not using an actual web server for any part of my requests. Does this method pose any security issues as the API states: "You should never ship your client secret onto devices you don’t control". Do all IOS apps using the server-side flow have a matching server side component or am I missing something here?
The method above is working for me and I am able to access the instagram API. However, I am now running into the 30 like per hour limit and want to figure out how to lift this. I understand that I need to send a signed request to the API using X-Insta-Forwarded-For header. Can this be done within Swift/Objective-C? I am having a hard time find a method for sending this information. The closest I have come to an answer is in the following post: Instagram Signed API Call from iOS
Can this be done? Thanks for the help!

Google Places API: iOS key: Request Denied [duplicate]

I'm trying to make an Autocomplete field which should fetch cities as the user types, by using the Google Places API as described in this tutorial:
https://developers.google.com/places/training/autocomplete-android
You've probably found this question around many times before as I did, but none of the answers helped me. Here are the things you should know:
The URL is
https://maps.googleapis.com/maps/api/place/autocomplete/json?sensor=false&key=myKey&components=country:ro&input=whatTheUserTypes
Please don't reply by saying you replaced the API key with your own and it worked - the API key which goes there must be Android specific and won't work from a browser.
So did I make the Android API key using the SHA1 fingerprint obtained from the keystore I signed the app with.
I turned on Maps and Places APIs from the console.
The quota isn't exceeded.
All those and it still gives me REQUEST_DENIED
What I didn't mention is that I have O2Auth activated - does that change anything? Shouldn't it be as simple as putting the API key in the app?
Thanks!
Although this has been answered, I think the community could do better.
I was tearing my hair out about this, it just didn't make sense to me.. I was making an iOS/Android App, so I made an iOS/Android Key...
Wrong.
With Google's Places API, your bundle identifier isn't even considered.
What you really want to do is this:
(I'm using the new User Interface)
1. Log into https://cloud.google.com/console#/project
Select your Project Name, then go into API's & Auth > APIs
Make sure you have Places API Turned on. This is the only thing that needs to be turned on for Places-API to work.
2. Go into Credentials
Click CREATE NEW KEY under Public API Access
3. Select BROWSER KEY
4. Click Create, Nothing Else
Leave the HTTP Refer box empty.
5. Use the Key Generated here
This key will allow ANY user from any device access to the API via your Developer login.
You can try it out here: (Be sure to replace YOUR_KEY_HERE with your generated Key)
https://maps.googleapis.com/maps/api/place/autocomplete/json?input=Food%20Sh&sensor=false&radius=500&location=0,0&key=YOUR_KEY_HERE
6. Enjoy
Now you can use that URL above in your Android/iOS device.
The Google Places API does not currently support Android or iOS keys generated from the Google APIs Console. Only Server and Browser keys are currently supported.
If you would like to request this support, please file a Places API - Feature Request.
https://developers.google.com/places/training/autocomplete-android
Storing your API key
Although the above code demonstrates how to communicate directly
between an Android app and the Places Autocomplete service, you should
not store your Places API key with your app.
You should therefore build a web application that stores your API key
and proxies the Places API services. In order to secure communication
between your Android app and the proxy web service, you should require
user authentication to your proxy web service. Your Android app can
securely store user credentials and pass them to your web service, or
the user can log into your web app via an Android WebView.
For the latter approach, your web app should create and return a user
authentication token to your Android app, and your Android app should
subsequently pass this token to your proxy web service.
Go to google cloud platform console>Credentials click on edit by selected your YOUR_API_KEY>Application restrictions > select none option>save thats it.
If you select the android apps option from Application restrictions then google deny the place API with exception REQUEST_DENIED.
In Google dev console, you should be able to find both "Places API" and "Places API for Android"
Make sure to use "Places API for Android"
For some reason, "Places API for Android" is hidden in the API list, but can be accessed using search.
I had the same issue , I fix it by leaving
Accept requests from these HTTP referrers (web sites) (Optional)
in browser key Empty
I am still new, so I cannot comment, but to shed some light on Moe's answer, I resolved some similar Google Maps API issues regarding URL queries (for directions, using Volley) with the following steps:
Get Android API Key (including Google Maps Directions API in my case).
Get "Server" API Key (which seems to be created by using a key restriction of "HTTP referrers" these days - really, it's just used to issue URL queries through HTTP).
Store the Android API key as a meta-data tag in the application tag in AndroidManifest.xml with android:name="com.google.android.maps.v2.API_KEY" and android:value as your key. This is used for direct interaction with the Maps API (minus URL queries).
Use the server API key whenever issuing URL queries.
I am not sure if this also applies to URL queries for the Places API, if you only need the server API key, or if there is a better solution, but this worked for me.
I imagine that it works with just the first key - the one not restricted to Android.
Inside Google Cloud Console type Places and Activate it. Create an API Key and insert it onto your Android Studio App as you would do normally. That`s it.
I had the same problem. For me the key was to enable billing on project. I am still using "Applications for Android" restrictions. After setting up the payment method, Places Api started working.
Prior to using the Places SDK for Android, do the following:
Follow the Get an API Key guide to get, add, and restrict an API key.
Enable billing on each of your projects.
Enable the Places API for each of your projects.
See it there.
Be sure also to check out the billing plans for the Google Places API as it is not free!

Customising Tweets

I have some PHP creating automatic Twitter updates, which in the small print at the bottom reads "[date/n minutes ago] via API".
Is it possible to somehow change the "via API" part to something more useful and descriptive?
It looks like you have to utilize OAuth authentication. As per the Twitter API Wiki:
How do I get “from [MyApp]” appended to updates sent from my API application?
We now recommend developers use OAuth to perform authentication with the API. When applications use OAuth, Twitter automatically knows the source of status updates. We are therefore able to append source attribution (from "[MyApp]") to tweets. If you would like tweets from your application to recieve a source parameter, please register an application and implement OAuth authentication. We will automatically include your application as the source for any tweets sent from your application.
We originally allowed applications to create a source paramter for non-OAuth use but that has been discontinued. Applications pre-OAuth source parameters will remain active, but new registrations are no longer accepted.

Resources