The question goes like this:
I have connected a user with Stripe through my Rails app, and such user is connected via API key.
In Stripe there is an option to deauthorize API keys. I would like to be informed in my app once a user deauthorizes my API key. I know it is possible, or should be possible.
I know I have to manage webhooks in my app, but I am wondering where to set which URL of my app Stripe will call when user deauthorizes my API key, and what data will be sent to my app?
Webhooks are used by Stripe to notify your server of events. There are two types of webhook endpoints you can set up:
"Account" endpoints will receive events that happen on your own account
"Connect" endpoints will receive events that happen on accounts that are connected to yours via Stripe Connect
In a nutshell, you'll configure an URL to your own server (the "endpoint") in your Stripe webhook settings. Whenever an event happens, Stripe will send an event object to that URL.
In the case of Connect endpoints, the object will also have an account attribute with the ID of the account that emitted the event.
To be notified of deauthorizations, you'd need to set up a Connect endpoint and catch account.application.deauthorized events. The data you will receive will look like this:
{
"created": 1326853478,
"livemode": false,
"id": "evt_00000000000000",
"type": "account.application.deauthorized",
"object": "event",
"request": null,
"pending_webhooks": 1,
"api_version": "2016-03-07",
"data": {
"object": {
"id": "ca_00000000000000",
"object": "application",
"name": "Your Application"
}
},
"account": "acct_00000000000000"
}
Related
I created a Twilio account. I have two users in my Twilio account.
Owner
Developer
I want Twilio REST API Something like GET /users which should return me above two users list
Seems OAuth is not supported by Twilio
I created master API Key for my account. ( This is not like OAuth it is valid only for my account, No cross-account call will be possible with this )
Are there any User management APIs provided by Twilio? ( I am not asking about subaccounts ) OR Any alternative OAuth like authentication for APIs?
Update
Based on a comment by #philnash I am adding few more points,
So if I create a Twilio account for my organization there I create few users for my organization, e.g.
1] Owner ( By default ) -> User1
2] Developer -> User2
3] Billing billing manager -> User3
4] Support -> User4
For the above users, I may need users API which may return my organization users list ( Provided I may need enabled REST API access & may have access_token ),
{
"users": [
{
"name": "User1",
"email": "user1#myorg.com",
"role": "owner"
},
{
"name": "User2",
"email": "user2#myorg.com",
"role": "developer"
},
{
"name": "User1",
"email": "user1#myorg.com",
"role": "billing_manager"
},
{
"name": "User1",
"email": "user1#myorg.com",
"role": "support"
}
]
}
I am looking for User management APIs for Twilio Main Account ( Close to Twilio connect but limitation there is it is for sub-accounts ).
Is it possible?
Twilio developer evangelist here.
There is not a user management API for the Twilio API. Users are really the access credentials for a person to log in to the Twilio console. Users then have access to accounts and the account credentials (account SID and auth token) and API keys created for the account.
I am still unsure what you hope to do with the list of users that have access to your account. There is no Users API though.
I am getting a list of users in an organisation from the Jira ServiceDesk API, as documented on this page.
So far this is working as expected but today all off a sudden the code is broken. That is to say; the results im getting from the API have changed. As the docs state i SHOULD be getting values that include the field emailAddress. However since today i am getting the right users, but there is no longer an emailAddress field. The following is the result (structure) i'm recieving:
{
"size": 1,
"start": 0,
"limit": 50,
"isLastPage": true,
"_links": {
"self": "https://someprefix.atlassian.net/rest/servicedeskapi/organization/1/user?start=0&limit=50",
"base": "BaseURL",
"context": ""
},
"values": [
{
"accountId": "123456:SomeGUID",
"name": "SomeUserName",
"key": "someusername",
"displayName": "Some Username",
"active": true,
"timeZone": "Europe/Amsterdam",
"_links": {
"jiraRest": "LinkToTheThisUser",
"avatarUrls": {
"48x48": "LinkTo48X48Url",
"24x24": "LinkTo24X24Url",
"16x16": "LinkTo16X16Url",
"32x32": "LinkTo32X32Url"
},
"self": "LinkToThisResource"
}
}
]
}
I asked to check the setting User email visibility and it is currently set to logged in users only.
My question:
Why is this field suddenly missing from the API? Is there or are there settings i'm unaware off that influence this field being present or not?
Ok, it seems this is by design to keep in line with GDPR guidelines. Long story short; emailAddress will no longer be reliably part of the API's since a user now has to consent to it. If not all users emailAddresses are reliably part of the response this makes for a poor field of comparison in synchronization applications.
Which profile information will apps be able to access?
Any personal information users set as Anyone will be available for apps to use. For
example, apps will be able to access this information, store it, and
show it to other users.
Users' local times and locations will always be available to apps,
regardless of their visibility settings. This lets apps customize
their experiences.
Users' email addresses will be available to some apps that have been
approved by Atlassian. Note that if a user chooses to set their email
address to Anyone, then any installed apps will be able to use it.
When users install apps, the apps will request that they consent to
share their profile information with the apps. If they consent, the
apps will have access to all of their profile information. This is not
applicable to admins.
However. There will be a new API giving access to user emailAddresses regardless of user settings. Access to this API is restricted to approved applications. More about this can be found on this page.
In order to apply for access to this API the app must meet all current
requirements for being listed on Atlassian Marketplace (even if the
app is not listed on Atlassian Marketplace).
This means:
The app developer has provided a privacy policy
The app developer has provided a customer terms of use agreement
The app developer must signal whether or not the app collects and stores personal data.
If the app is storing personal data the app must report the accountIDs that have been collected and stored every 15 days.
I am creating a slack bot and want to be able to link the slack user with the github account.
Is there a way I can link the 2 either via slack or github API's?
I was thinking if of storing users slack username and github username in a JSON object, i.e.:
{
"slack_username": "JoeBlogs",
"github_username": "JoeBlogs123"
}
In order to do this, I would need to retrieve the users' username from slack API when the user authorises the app / bot.
I was thinking if I add a redirect_url to my slack app then it would redirect user to http://example.com/redirect if the users data is sent along to this redirect url, I would be able save it in a database of sorts.
If I then did the same with the github API then I could reference database in order to find slack users JoeBlogs github account and vice versa.
Is it possible to use the redirect_url like this? I couldn't see any user data being sent to but maybe it is nested somewhere I couldn't see it?
Is there a better way to link the 2 accounts?
Assuming you are using Install button to install your Slack app into the workspace, this is a payload which will be sent to your response_url:
{
"access_token": "xoxp-XXXXXXXX-XXXXXXXX-XXXXX",
"scope": "incoming-webhook,commands,bot",
"team_name": "Team Installing Your Hook",
"team_id": "XXXXXXXXXX",
"incoming_webhook": {
"url": "https://hooks.slack.com/TXXXXX/BXXXXX/XXXXXXXXXX",
"channel": "#channel-it-will-post-to",
"configuration_url": "https://teamname.slack.com/services/BXXXXX"
},
"bot":{
"bot_user_id":"UTTTTTTTTTTR",
"bot_access_token":"xoxb-XXXXXXXXXXXX-TTTTTTTTTTTTTT"
}
}
See for details.
Then, using access_token in combination with users.identity API method you will get basic information about Slack user (playing with the scopes you requested during the install process you can get different fields of Slack user identity).
I have groups system which allows users to join groups. I need to send notifications to other users when new members join/leave the group.
I don't have any server-side code. I only depend on the Firebase. After reading Firebase docs about firebase could messaging I found it's possible to send a notification message to a specific topic by sending a single HTTP request. but that request must include Authentication key like this
https://fcm.googleapis.com/fcm/send
Content-Type:application/json
Authorization:key=AIzaSyZ-1u...0GBYzPu7Udno5aA
{
"to" : /topics/foo-bar",
"priority" : "high",
"notification" : {
"body" : "This is a Firebase Cloud Messaging Topic Message!",
"title" : "FCM Message",
}
}
So I am asking is it secure to place the authentication key in IOS App code? Is there any better way to implement device-to-devices notifications without exposing the authentication key?
I'm using firebase.auth() for my Website. I activated the firebase.auth.Auth.Persistence.LOCAL option to stay logged in (which shouldn't be necessary, since its the default in web, according to https://firebase.google.com/docs/auth/web/auth-state-persistence, but it doesn't matter, if the option is explicitly set or not).
The expected behaviour is, that the user stays logged in, until he actively signs out, no matter if the browser was closed. etc...
In my case, the user is logged out after an hour or so (didn't tracked it exactly). This happens on safari, or if I add it to the homescreen as webapp. I this the intended behaviour, or am I doing something wrong?
Update: Problem solved
I totally missed a 403 answer in the console after a few couple of minute:
{
"error": {
"code": 403,
"message": "Token Service API has not been used in project xxxxxx before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/securetoken.googleapis.com/overview?project=xxxxxx then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.Help",
"links": [
{
"description": "Google developers console API activation",
"url": "https://console.developers.google.com/apis/api/securetoken.googleapis.com/overview?project=xxxxx"
}
]
}
]
}
}
I went to the url, activated the token api and voila: persistent Logins :)
Afterwards I looked up the official docs, seeing if I missed this step somewhere, but I can't find any hints on that api activation.