We are creating a DiFi app and I'd like our customers to be able to sign up to coinbase and go through KYC/AML so they have an account in their name, but without them having to leave our site. The reason we want them to have their own account is that we are not regulated to handle customer's fiat funds - though we are able to manipulate funds in a customer's account if they give us permission,
Is it possible to register new users onto coinbase through the coinbase APIs or do users need to go to the coinbase website to sign up?
Being able to register for another service through your service can open an array of security vulnerabilities. You could do it by reverse-engineering their API, but it would certainly be questionable.
Instead, the Coinbase API does have OAuth2. This would allow your users to connect their accounts in a secure manner.
You can find the integration instructions here.
Related
I'm trying to set up a Service Account that can access the GMail API, but for security purposes I want it limited to only a single mailbox (I don't want the development team to have full access to all mailboxes in the organization.)
My understanding of how Google handles service accounts and permissions is limited. I can't seem to find specific details about how this would be set up. I have set up a service account with client ID and secret. And I have associated that with an API client that has the GMail read-only scope. But how does that get associated with a specific mailbox? I do see a setting that allows "domain wide delegation", which seems concerning.
Maybe I'm just not understanding this correctly, but does that mean this service account can now read the contents of all mailboxes in the GSuite account?
How do I make sure this service account is limited to the one mailbox I want it to access?
I think you are talking about user impersonation using the service account. I am afraid that it is not possible to limit the access that the service account can have. The only possible limitations is related to the creations of credentials on the project and things like that, but if a service account has domain wide delegation to do user impersonation, then it is not possible to set up limitations to it.
You can find more info about the possible limitations here https://cloud.google.com/resource-manager/docs/organization-policy/restricting-service-accounts
I have the following goal - I want to integrate my application users with Coinbase. All users should be able to connect their own Coinbase accounts with my application so I can grant read permissions. In order to do that I have to use oauth api, but the problem is, I do not want to ask users to first create oauth application through the Coinbase UI themselves and then provide me the application ID and secret so I can initiate a coinbase oatuh integration. I need a seamless, one click integration. Do you have any suggestions how to achieve that?
Thanks....
The whole point of oAuth to not need the api key.
this is the documentation that says how to do it. future questions need to be programming specific or stack overflow will eat you up for dinner.
https://docs.cloud.coinbase.com/sign-in-with-coinbase/docs/sign-in-with-coinbase-integration
I have an app that runs in a conference room kiosk that displays the conference room's calendar. Right now the app uses the Interactive Credentials Flow to interactively get the room account's token and then fetch the calender. By managing refresh & access tokens we should never have to sign in again and re-grant access.
However - we need to deploy this app to 300 rooms. Sending a technician around to each room and signin with each room's account and grant access is very costly. Also if ever the refresh or access token goes stale or is revoked, we have to send out a tech to the conference room. Some conference rooms are in building where there is no tech in the city.
Is there a way we can do this centrally? To get an access token for a user for granted permissions, then feed this to our application?
We looked at using the "Client Credentials - Application Secrets Flow", but this requires giving the app access to the entire enterprise's calendars. This we cannot do as many of the users require high security.
I find this an interesting question.
here is the documentation on how to achieve this: https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access
You would use application secret auth, but using this, you can limit which mailboxes the graph calls can access. this would be the most elegant way I believe.
I'm creating an app to allow people to view their coinbase balances. Right now it seems like they'd have to authorize separately for me to view balances on each wallet. Is there any way I can allow the user to grant me access to read the balance on all of their coinbase wallets?
We are using UserService with OpenId to send emails on behalf of the logged in user.
As we want to move to OAuth2/OpenID Connect for login to comply with the new marketplace guideline I'd like to know if it is possible to use App Engine's MailService with OAuth2 / service accounts to be able to send emails on behalf of the user.
I know that it is possible to send emails using the old GMail API, but then we are stuck with the daily GMail limits which are far too low for our usecase.
You can use the current GMail api via OAuth 2 and you can impersonate users with Service Accounts. There isn't a specific example for Gmail + Service accounts but Drive has good documentation that you should be able to extrapolate. If the quota limits are unmanageable, than you'll need to evaluate IMAP if you want a Google-powered solution.