How can I detect that a request is coming from an Android App and not android browser.
If I use this:
request.env['HTTP_USER_AGENT'].downcase.match(/android/)
It will also include the android browser.
The answer depends on how you coded your Android application. In order to interact with your webapp, the Android app will use an HTTP client. You need to determine how you configured the HTTP client and which user agent you decided to use.
If you are not setting any user agent in the Android application, you may want to release a new version where you pass a specific user agent for the app, in this way you can easily isolate the requests coming from it.
Related
We have an open API and I was wondering how I could securely tell if my own app is making the api request. I recently figured this out on android (use the sha1 fingerprint), what would the iOS equivalent of this be?
Here's a quote from the android question that was asked:
I have an android app. Now I want that only my App can access my database on server. I know any body can decompile my app and can find the API urls and can access my database from the browser. Is there any way to protect my database from such API calls which are not generated by my Android App ?
I want to add any secret in Android App which change or destroy if anybody de-compile my Android App.
https://www.quora.com/How-can-I-check-if-that-API-call-is-from-my-Android-app-or-from-outside-on-the-server-side
We are currently trying to add OAuth2.0 for authentication into an existing Adobe AIR mobile app for a client. We are trying to carry this out by using this library https://github.com/charlesbihis/actionscript-oauth2 from this article.
We have tried using instances of the 'StageWebView' class and the Feathers UI 'WebView' class to display the authorization prompt page within the mobile app itself.
When we publish the app locally on our development PCs, the whole process works ok. However, as soon as it is published to our iPad(s) for testing, it is almost as if some security setting stops the "embedded" website from communicating with to the server.
As the website we are trying to communicate with is a https:// address, I'm assuming that this might be causing issues, but I can't confirm this.
Has anyone out there found themselves in a similar situation?
Thanks,
Dave
Using native code, I'm able to fetch Passbook passes created by my organization, via PKPassLibrary's passes method.
However, I'd like to be able to do the same via a web page, with no interaction from a native app and without any user information. So far I've only been able to find information about installing passes from the web, as well as information on the web service I must implement.
IE: Using only passTypeIdentifier, organizationName, teamIdentifier and proper certificates, is it possible to query a device for passes installed by my organization without a native app? If so, can I fetch the current pass.json from that pass? Are there any services available that do this?
There is no method available to query a device for passes installed.
Your only chance is to maintain a server-side list of installed passes (easy to do with the register/unregister webservice calls) and some cookie-based registration in mobile safari.
I have not seen this addressed on the web, and I think it is something of importance. Right now, I'm building a product that will have an Android app, iOS app and also a website. A user could be simultaneously logged into each of these apps. This is something one could do with Twitter, Facebook, Google, etc.
There is an issue with the current paradigm though. The current paradigm for authentication for an Android app is passing an auth_token param between the front-end and back-end. When the user logs in, one gets generated. When the user logs out, the auth_token gets set to null in the database. If you were using this token to track sessions between an iOS app, Android app and website, you'd run into issues quickly.
The most common one: If a user is logged in via Android & website and logs out of the website, this will also have the side effect of logging them out of the Android app because the auth_token is now null in the DB, and there is nothing to match the auth_token being sent in by the request from the Android app.
I have thought of one solution, but I don't know if it is optimal or if it is the way this thing is handled in other large projects. If there is a better solution, do tell.
My solution:
Every request contains an Origin header. If it comes from the website, this header should hold the value Application. If it comes from the Android app, it should hold the value Android, and if it comes from the iOS app, it should hold the value iOS. This would require three separate DB columns. An auth_token for the web platform, Android platform and iOS platform.
If you decided to start supporting Windows phones, you'd need to rebuild your session handler for Windows as well.
That being said, this does keep the entire project and its constituents accountable and knowing of the fact that we're about to support a new front-end. However, it seems a tad problematic to me.
Is there a better way to do this? Is there a way most do this? Am I overthinking this? Am I wrong in my logic somewhere?
Is Devise an option for you? You can use it without Rememberable (http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable).
I am recently developing a business application naming MyTicket.
I want that paypal gateway should be open within the app So
for that is there any paypal api in blackberry that helps me in fulfilling this
task.
I have already tried with creating a Paypal API wrapper for example using PHP, which is used by a proxy page. Then in the BlackBerry, use standard HTTP requests to send GET/POST requests to the proxy page. The proxy page will in turn use the wrapper you created to set up payment for you and your customer.But by following this way we are able to make credit card payments with the application and entire transaction will happen at the server end and in response we may obtain a result at client end that transaction is happened successfully.
But i want that the paypal transaction will happen with the paypal account.So is there any
sdk in blackberry which helps me in fulfilling this request.
Thanks And Regards
Pinkesh Gupta
There was an API, but they dropped support. I think now the only platforms supported are iOS and Android: PayPal -Mobile Payment Libraries
(If you want to check out how the BB version was like, or if you manage to find the jar, this was the development guide:MPL Guide for BlackBerry)
Now RIM has a Payment Service that might help you: Payment Service
If you use the standard Express Checkout API within your app it'll automatically utilize the mobile checkout experience.
I use this in my jQuery Mobile Apps and it works great. If you're building a native Java app, though, you might have to use some sort of an embedded web page to make it work.