for some research at work I have to understand how to generate the X-Apple-ActionSignature which can be found in HTTP-Headers e.g. of iTunes-traffic. I've read that it can be found in other Mac OS X and iOS specific network traffic, too.
What I've found so far is that iTunes sends a GET request to
https://init.itunes.apple.com/WebObjects/MZInit.woa/wa/signSapSetupCert
In the response a plist is appended which has a key 'sign-sap-setup-cert' containing probably a certificate. After that a POST request contains 'sign-sap-setup-buffer' and is sent to
https://play.itunes.apple.com/WebObjects/MZPlay.woa/wa/signSapSetup
The response has again 'sign-sap-setup-buffer' in the data segment and after that every other request contains a X-Apple-ActionSignature. However I can not find out how to generate this. Is someone able to help me?
Looking at this Twitter thread, it seems that "X-Apple-ActionSignature" is some kind of proprietary signature or metrics posts generated and/or used by FairPlay.
It's not something that Apple has documented publicly, nor do they make it easy to figure out how to generate or spoof (even if for non-malicious purposes like research).
Your best bet is to contact Apple directly (e.g. via a Technical Support Incident or TSI) and tell them exactly what you are doing and the big picture of why you are doing this, and if you are lucky the Developer Technical Support person will connect up with the right people in Apple Engineering to give you the answers you need.
Related
I'm currently exploring the capabilities of custom passes in Apple Wallet.
One thing I would like to do is enable users to be able to go to my website if they click their gift card's icon.
However, after looking through the documentation - there doesn't seem to be any support for this basic ask.
The closest thing I was able to find was adding URLs to the back of the custom passes. Anyone know of a workaround?
I'm looking for the same thing.
I'm surprised people praise Apple Wallet passes that much, when it's really bad to work with.
Everything is file based, and you have to create a physical zip-file.
Google's approach is much better imho: everything is done via an API, so the pass itself is just a url with a token. Sharing a Google Pass is so much simpler and works everywhere.
Updating a pass is simple; just call the Google Api and everything will be ok. Images and assets are urls. Much much better to work with.
Updating an Apple pass involves fricking Push notifications, it's mind bogglingly complex compared to Google's solution.
Oh well
I've been using Stackoverflow for about 5 years now, and haven't felt the need to ask a single question yet, I've always found the answer i needed through previous threads. That just changed and I have a question that I really can't figure out. And it sounds so easy to do.
So the question is; how do you invite attendees, or reply/decline to calendar events on iOS under iOS 10? And please, no we don't want to bring up an EKEventViewController. We'd like to do this in our own UI. Under iOS 9 this was possible through just forcing EKAttendees objects in to the EKParticipants array with setValueForKey:. But under iOS 10 this produces an error saying 'Attendees can't be modified'.
I have used a Technical Support credit with Apple and got the reply that this was not possible. It is not possible using their APIs.
The closest to an answer i've got is to use IMIP (https://www.rfc-editor.org/rfc/rfc6047#section-2.2.1). If that's the way to go, could someone help me along on how to actually set that up? I'm not well versed in back-end development, I'm all front-end so I wouldn't really know where to start.
There also seems to be some CalDav servers on GitHub (https://github.com/mozilla-b2g/caldav) but I'm not sure how good they are, or exactly what you need to set one up.
So basically, is there anyone who could give a childs explanation to just how the heck we can send nice invites to calendar events. And if there are different solutions for Google, Apple accounts (obviously under the hood, but implementation-wise) that would be very helpful to know to.
Is this something that requires a ton of implementation on our own servers or is there some reliable service to use? That would be ideal. Maybe you should build one and you got at least one customer here :-)
Appreciate any help!
You cannot modify attendees using EventKit, but Apple already told you that:
I have used a Technical Support credit with Apple and got the reply that this was not possible. It is not possible using their APIs.
The hack with accessing the internal objects using KVC was, well, a hack and not documented API. No surprise they killed that.
So how do calendar invites work. That in itself is a very complex topic (consider delegation, resource booking like rooms, etc etc). There is a whole consortium which works on that (CalConnect), they also have a broad overview: Introduction to Internet Calendaring and Scheduling.
If you are serious into scheduling/calendaring software, it may make a lot of sense to join CalConnect for their interop events etc.
But you wanted a 'childs explanation'. I can't give that, but a short overview.
iTIP
iTIP is a standard which defines how scheduling messages flow, e.g. that you send a message to your attendee, your attendee responds back with accept/decline, what happens if a meeting is cancelled and all that.
It does NOT however specify how those messages are transferred. It is just a model on how the message flow works between the organiser and the participants.
Most 'big' calendaring systems (Exchange, Google, CalDAV servers like iCloud) use iTIP or at least something very similar.
iMIP
iMIP is a standard which defines on how to exchange iTIP messages using email. Say if you invite someone using iMIP, you'll send him a special email message with the iCalendar payload containing the invite. If your attendee accepts, his client will send back another iCalendar payload via email containing that.
iMIP is supported by a lot of systems and was, for a long time, pretty much the only way to exchange invitations between different systems (say Outlook and Lotus Notes).
However: the iOS email client does NOT support iMIP (unlike macOS or Outlook). So if someone sends you an iMIP invite to your iOS device, you won't be able to respond to that. (reality is more complex, but basically it is like that)
CalDAV
CalDAV is a set of standards around calendars stored on a server. Many many servers support CalDAV. E.g. iCloud uses CalDAV. Yahoo, Google, etc all support CalDAV. The important exception is Exchange, which doesn't support it.
In its basic setup CalDAV just acts as a store. You can use HTTP to store (PUT) and retrieve (GET, etc) events and todos using the iCalendar format.
In addition many CalDAV servers (e.g. iCloud) do 'server side scheduling'. That is, if you store an event to the server which is a meeting (has attendee properties), the server will fan out the invitations. Either internally if the attendees live on the same server, or again using iMIP.
Exchange
Exchange supports iMIP but not CalDAV. You usually access it using one of its own web service APIs, e.g. ActiveSync or Exchange Web Services. I'm no expert on them, but I'm sure that they allow you to create invites. Exchange&Outlook have an iTIP like invite flow.
etc
Is this something that requires a ton of implementation on our own servers or is there some reliable service to use?
This really depends on your requirements and needs. Do you need to process replies or just send out generic events?
If you want to host a calendar store, it probably makes sense to use an existing CalDAV server.
Calendar invitations are a very complex topic and you need to be very specific on your actual requirements to find a solution. In general interoperable invitations in 2017 are still, lets say 'difficult'.
P.S.: Since you've been using StackOverflow for about 5 years now, you should know that this question is too broad for this thing.
i'm a mobile-develop engineer.work on IOS platform,using Xcode.
a few days ago.the man server developer has been changed in our company.he said the popular way of developed is using the template whose name was Restful API,then I was starting know something about the Restful api.
what i knew the thought of the template was the server need only developed the just the one http-interface.they didn't care whatever clients how to requested and how hardly used.
i didn't agree that, example in the page.the requirements is search friends depends on the text which user input on search-bar.
the 1.0 version is just searched the information which key included name.maybe we will send the requestPostDate=xx(which user inputed),filter=name.
the 2.0 version is searched the information which key included name、sex、age or your personal description.but I can't changed the requirements as soon as possible. because i have been wroten filter=name.
what should we did if it should changed in 1.0 versions on AppStore platform.
so what we did is modified the code which filter=name,sex,age. and upload the new library(IPA),then send it to AppStore.hope it's successful during these days.
what i need to say is if we not using restful api.we can be controlled by server.we just tell them we had a key which is xx,the clients didn't care about what the logic of how to search, it easier? and it changed quickly?the client didn't modified any code.maybe we have Web-platform、IOS-platform、android-platform.
i don't know what's the template your company using now.if it's restful api.please tell me how to fix about the questions what i said before?
the problem what i said is the restful api is suitable in IOS platform? maybe is suitable in Web platform,but not suitable in Mobile-developed-platform.
do you agree what i said? if not.give me some point which you think is right please.
I am looking to build an iOS app and website that work 'together'.
What the plan is for each:
On the iOS side, it will be pushing information to the server in the form of a post. The users will then be able to vote up and down on the posts as well; which also implies they will be able to see the other users information (in real time).
The website will be viewing this information in real time and using the posts. If a post gets enough down votes the server should tell the website and apps to remove it.
I have experience with SQL. Although SQL does not seem to be the appropriate server choice - for what I want to do - given my experience with it. (I could definitely be wrong.)
I would like to host the information myself, however have heard that Parse is good about holding information for iOS apps. I just don't know whether it gives you enough freedom to work with websites as well.
TL;DR: What kind of database/datastore should I use for a real time queries that allows for push notifications?
All suggestions are welcome. Thank you.
Try Using FireBase
firebase.google.com
Documentation
In the email notification we can see something like
<username> followed you using <appname>.
It is great. But is there any possible way to know the application name using API?
I took a look through the REST API, and I could not find anything that would support this. My guess is that this is a twitter.com feature that is available in the API (yet).
The most logical places I looked were statuses/followers and friendships/show. In both cases there was nothing definitive. Checking the follower emails for my account, I found multiple followers that used applications (like PeopleBrowr and SocialOomph) to follow the account. In most cases, the source on their latest status object matched the application name used to follow me, but that was definitely not a sure thing.
So, to answer your question directly, no I don't think it can be done through the API (not unless there's an undocumented method out there that does this.)
I can, however, think of a way to get that info. One approach would be to set up the email account receiving the follow notifications to forward a copy to a mailbox that is checked by an automated process. When emails show up, parse them to find the app name used to follow you.
I used the following regular expression (in C#) to find the application's name and URI in the email's body:
Match m = Regex.Match(input, #"followed you using\s*<a[^""]+""(?<appUri>[^""]+)""[^>]+>(?<appName>\w*)</a>");
I used m.Groups["appName"].Value to pull out the application name, and m.Groups["appUri"].Value to pull out the URI from the match.
In order to tie the app info to a user, I had to also find the screen name with:
Match m = Regex.Match(user, #"\(#<a[^>]+>(?<screenName>\w*)</a>\) is now following");
I used m.Groups["screenName"].Value to extract the value from the match.