I have an app that currently allows users to enter in a company name and we use the LinkedIn API to pull all the public posts that this company has made on LinkedIn.
The new API rollout has occurred and while I have a difficult time finding the information I need in the LinkedIn API docs it seems that no one can access company info for a company they are not an administrator of.
I am not trying to access company info or to change their page or anything like that, I just want a list of their public posts. I don't require my users to sign in and even if I did I doubt most of them are administrators of these company pages. Is this totally no-longer possible with the LinkedIn API?
The new API rules for Company profiles stipulates:
"New requirement for Companies API
All calls to Companies API endpoints will require the authenticated user to be flagged as an administrator of the LinkedIn Company Page that is the target of the API call. You become the administrator of a page when you create it. If the page already exists, you will have to contact the existing administrator to grant admin access to other LinkedIn members.
Your API call will return a 403 Forbidden error if you do not have the appropriate admin permission to interact with the target company."
Link here.
LinkedIn is making things really tough for everyone. You'll need to apply to be a partner, but even in your case, the admin would have to sign in. Effectively, unless you're akin to a Hootsuite that gets the page admin's rights for the sake of publishing, you're not going to be able to do what you were. Bummer.
Related
I am creating an iOS app for internal use. We have a Google Domain. As part of the functionality of the app, I want to be able to search for all users in that domain. This can already be done in Gmail, the Apple Mail app, and others.
I found that you can use the Admin SDK for users.list to do exactly what I want to do. I created a Client ID for the iOS app and authorized my app to perform users.list.
However, now I get a permissions error for users who sign in with OAuth2:
I found that you can create a service account to make API requests on your behalf if you delegate it to have the authority. I'm not sure if this is what I want to do since this seems more like something for a secure server to do rather than an app. I'm also not sure how this integrates with a user (from our domain) who signs in with OAuth being able to list our users.
Is it possible to list/search the users in a Google domain purely through OAuth / frontend app?
Aside from caching your own list, I think there are two ways to give users the ability to list all users:
A. Undocumented call to this GAL API:
https://www.google.com/m8/feeds/gal/your-domain-goes-here/full?alt=json (source). You can test this in the Google OAuth Playground by selecting the scope for the Contacts V3 API or using the string https://www.google.com/m8/feeds/.
B. In the Admin console, create an "all users" group. Assign to a newly created Admin Role. Grant the admin role "read" in Privileges > Admin API Privileges > Users > Read (checked).
I'm building an app that shows users people they might be interested in talking to. If a user says he's interested in a person I show them, I want my app to create this person as a contact in my user's SalesforceIQ.
How do I do this? I see from the API documentation https://api.salesforceiq.com/#/ruby#documentation_contacts_create-a-contact that I can create a contact if I know my user's username and password, but of course I don't want my users to give me this information. Is there some way for the user to OAuth or whatnot by clicking a button that authorizes me to add things to their SalesforceIQ?
The SalesforceIQ API uses HTTP Basic authentication and does not currently support OAuth according to their documentation.
For a SalesforceIQ user to grant API access to your app to create contacts and for other privileges, the SalesforceIQ admin creates an API Key and API Secret for your app which is then used for the HTTP Basic authentication username and password. This way no user needs to provide your app with their credentials. This is configured in the SalesforceIQ admin UI under Settings > Integrations > Create New Custom Integration.
For the admin to provide these credentials to your app, you can have a UI where the SalesforceIQ admin enters this for your app to store and use with the API for their account.
This is described in the following places, briefly in the API Reference and in detail in a Help Desk article with screenshots of what the SalesforceIQ admin needs to do:
API Reference: Requesting Access
API Reference: Security and Authentication
Help Article: Set up API access
I have a Google Marketplace app that is currently using OpenID for federated login.
When an admin installs the application to the domain users are able to login via a site.com/login/domain.com link.
Currently when a user uses this link they are being asked to consent once again for "Know who you are on Google" scope. I understand that this is something to do with my OpenID realm not matching. The problem is I cannot find where to edit that realm in the new console. My research shows that OpenID has been abandoned for OAuth2 authentication. Please correct me if I am wrong.
Is there a good example anywhere that shows how to authenticate a user that an admin has already granted scopes for on the domain so that they do not get asked to consent again? I've looked up and seen documentation to make a call to https://accounts.google.com/o/oauth2/auth but I'm unaware of how to actually skip the user consent since the admin already authorized the scopes domain-wide.
Using C# but I'm open to any example as I'm sure I can figure out how to get it back into C#.
If you read this post on the google groups, then it seems it is intentionally :
This is an intentional change to more precisely communicate to users
the set of permissions that is being granted. Through knowledge of the
user's email address it is possible, via indirect means, to locate the
user's profile address. In the interest of more accurate disclosure,
thus, we are prompting users to approve such disclosure.
The new tokens issued include permissions to obtain public profile
information, in accordance with the modified text. You can use
https://developers.google.com/accounts/docs/OAuth2Login#userinfocall
to obtain the subset of user's profile information that is publicly
linked from the user's profile. The user's profile Id, which is always
public in that endpoint, is also a more reliable identifier for the
user (as email addresses can be changed on accounts). We recommend
that you store the user's profile id to ensure that email changes
don't cause account confusion.
I am using Twitter as an OAuth provider for ASP.NET MVC 4 web site. I would like to be able to follow up with a registered user at a later date, either by email or via a tweet. Outside of having the user follow me on Twitter, do I have any other options to communicate with the user?
Here is what I unsuccessfully considered:
It appears that there is no way to get access to the email address since Twitter OAuth API does not return it.
It appears I cannot send a direct message unless a user
follows me on Twitter.
"Read/Write/DirectMessage" permissions seem
too intrusive -- all I want to do is send a user a message that a
new product is released -- I don't need any of the write
capabilities that this level of permissions provides.
To recap, if a user used Twitter to sign in to my website, what are my options to contact that user at a later date?
Thanks.
Twitter's solution for this sort of person-to-person communication is the Direct Message, however, Twitter has (rightfully) decided that both parties need to consent to this channel being available. This decision is intended to reduce the amount of spam in the Twitter ecosystem.
Posting public tweets that mention the username will get your users' attention, but it is also broadcasting their relationship with your company to the entire Twitter ecosystem. You will, essentially, be advertising their relationship with your company without their permission. This approach will bring you headaches sooner or later.
Email is probably a better choice for the sort of announcement to existing customers.
I've got a company web app. I have integrated it without much problems with Twitter.
This means, when a staff of our company creates a new product, it posts onto the company's profile on the Twitter web site as well.
However, Facebook is another story. Facebook encourages registrants to sign up as "individuals".
For example, on the registration page:
You are not allowed to put generic emails such as (support#company_email.com, sales#company_email.com)
You may not have the first and last name as a company entity. For example Foo Distribution or Foo Inc
Their automated system simply rejects any clever attempts to register as a "non-individual". With Twitter, it was a breeze. Since Twitter allows / encourages companies to register an account with them directly, and not as individuals.
Moving along on Facebook, I found out that I can create a 'page'. Which I can use for the company. It has the option of allowing other "individuals" to be admin of the page. However, this would mean that each staff would need a Facebook account.
I don't really like this approach, since some of our staff may be negligent with their Facebook passwords. I rather have our web app have one 'method' of accessing Facebook's API isntead, the way it is done with Twitter.
How else would you go about this?
I'd make yourself the admin of the page, install an app that you develop, and then let your users make posts to the page through that app. This way, you're controlling access to the page while letting your users still have access to it.
You'll need to use an offline_access-enabled access token for this to work continuously (permissions documentation), and if that token changes, you'll have to log in yourself and refresh that token (it can change when you change your password or uninstall/reinstall the app). Additionally you'll need a manage_pages permission, and you'll need to use the access_token for your page that you can find in /me/accounts to make posts to the page.