I want to use spree api on frontend to implement the ajax products search just like the one in orders/edit on backend where you enter 4 characters and it uses api to get variants.
But I am confused about the token. how can i use the following on frontend even when the user is not logged in.
/api/variants?q[product_name_or_sku_cont]=product&token=sometoken
I had a similar problem with updating cart using api (check here) but i solved that using order_token=current_order.guest_token
but here i want to implement a search and when a new user visits the site current_order is empty.
Thanks
I have change Spree::Api::Config[:requires_authentication] to false and now i am able to access it without a token
Related
I'm creating a Rails app which have both a GUI part, and a REST/JSON-API.
The REST/JSON API is fairly simple, and the controller returns data like this:
def get_players
#players = Player.all
render json: #players
end
The GUI part of the app is using Devise for authentication, and it works fine.
Now I want to add authentication for the REST/JSON Api too, how do I do that?
Also, how do I test the REST API using curl when the Authentication is added?
---- edit ----
as it turns out, Devise wasnt necessary in this case. A home-cooked token-authentication method works for now. (token created when Player is created, and returned on correct e-mail/password combo).
After getting a few tips, I found a number of great sites. There are several ways to do this, however I don't know which one is best, but these sites help a long way:
https://github.com/lynndylanhurley/devise_token_auth (An extension to
Devise)
https://labs.kollegorna.se/blog/2015/04/build-an-api-now/
(Manual way)
Token based authentication for Rails JSON APIs (SO Question)
Rails API : Best way to implement authentication? (SO Question)
Rails API : Best way to implement authentication?
I an deleting items from spree cart using the following spree api url
/api/orders/#{current_order.number}/line_items/#{line_iem.id}?line_item[variant_id]=#{line_item.variant.id}&line_item[quantity]=0&token=MyToken
the token used here is of a single user. I want to implement this in generic way so that it can be used for both guest and registered user.. is it possible?
any help would be highly appreciated
Regards
Whenever you create an order using the Spree API, you get an order_token in the response. From the Spree API Guide:
The order_token parameter will work for authorizing any action for an order within Spreeās API.
So instead of appending &token=... you should append &order_token=...
It will work for both registered users as well as guests.
I was developing website and decided to separate back-end(rails) and front-end(angularjs). All went good until I tried to implement authenticating over JSON. I've found tons of material on how to implement it with devise, or with doorkeeper, but I can't understand how to put it together. (API is implemented with RocketPants)
From what I've realized, from front-end I should send login and pass on init, getting back authtoken (step 1). Then on every call I should send authtoken with other data (step 2)
On step 1: Doorkeeper redirects_to sign_in page. Should I modify controller in way that it should come to controller, which would handle authentication (by using warden.authenticate!) ? And how does Doorkeeper know that I'm logged in since that moment? (for giving me authtoken)
On step 2: Authtokens are individual per user and per application, which uses API, right? So I should somehow specify, from which application request comes, shouldn't I? "
Note: Backend is going to be API only, so everything should be handled by JSON requests. But how I modify available applications then? One more custom controller over Doorkeeper?
Thanks in advance, I hope, I'm not the only one with such questions =)
Using MVC4, I would like to get the recent Tweets (3) of user's without having to request access from them, because that is a pain for the user. This is also because a user may be viewing another user and I would also like to display their Tweets.
This was fairly simple with Twitter API v1:
$.ajax({
url: 'https://api.twitter.com/1/statuses/user_timeline.json?count=3&screen_name=' + twitterUser,
...
});
..but its deprecated and will stop working in about two months from now.
I'm new to Oauth and have struggled to find any good material on how to get a user's Tweets, but I believe the process is a lot more complicated now with the Twitter API v1.1? Ideally, I'd like to achieve everthing in the front end, but think that I now need to do some authentication server side and will have to use MVC?
In order to get any user's Tweets, I was thinking that I could create a Twitter account for my application and use that to get anyone's Tweets, as long as they are not protected.
Does anyone know of any good libraries that I can use to achieve this, or is the out of the box MVC4 Oauth stuff alone enough to do the job?
Any suggestions of where to start, and especially examples would be greatly appreciated.
To use API 1.1, you have to have a Twitter account and a Twitter application and then use OAUTH to authenticate your rate limited requests using GET statuses/show/:id. The only alternative I know is RSS which both Twitter & Facebook have kiiled, briught back and threatened to kill again:
http://api.twitter.com/1/statuses/user_timeline.rss?screen_name={USERNAME}
I decided to use Linq2Twitter, as this makes use of the V1.1 API.
An MVCDemo example of Linq2Twitter stores the authorised credentials in a SessionStateCredentials object, but I can store the object in cache and persist the authorisation for all users, meaning they won't have to authorise anything. Provided that a user's Tweets aren't protected, the Tweet's for any user should be retrievable this way.
I'm using Devise in a Rails app and want to expose some of the model data via an API, but access to the API should be restricted just like the app.
$ curl http://myapp.com/api/v1/sales/7.json
{"error":"You need to sign in or sign up before continuing."}
Obviously.
Is there a best practice for accessing the API in situations like this? I'd prefer to authenticate + grab the data in one step, but that's just to make the client's job easier. They'll be pulling in the data client-side with JQuery.
Thanks for any info!
Vanessa
I recommend you follow the Option 2: Using API Key section on the following post to implement API authentication in Rails.
http://www.whatcodecraves.com/articles/2008/11/25/how_to_make_an_api_for_a_rails_app/
It's lightweight and simply requires passing an api_key param with each request.
My suggestion would to generate an API "key" (hash value) and have that passed with the json request. That way you can authenticate and track API use. A lot of APIs use "keys" to track and authenticate use. Google maps for instance, they use just an API key. Where as PayPal uses a user name, password, and key. There are a number of ways to do it.
I would try creating a one-to-many table that belongs to the user, just for keys. That way a user can generate more than one hash key for different purposes. (One for reports, one for backup, one for fancy pie charts that automagically pull from Powerpoint).