Coinbase Oauth2 application transaction send scope restrictions - coinbase-api

I am using Coinbase NPM package to send BTC payments from one account to another but my limit as listed by coinbase is: wallet:transactions:send is limited $1.00/day per user
This page - https://developers.coinbase.com/docs/wallet/coinbase-connect/permissions mentions that the limit can be raised in the Application Settings but I see no such setting. Had anyone run into this before?

Related

GMB real-time notification settings in pub/sub "reset" every few days

Non-technical person here 🙋‍♂️
I'm having an issue where (using the Oauth 2.0 Playground) I authorize an internal user's GMB account and configure real-time notifications to be sent to our GCP topic. Every few days or so, notifications stop getting sent to our topic and when I check the notification settings for that account, they have been subscribed to an unknown GCP topic. I can reconfigure the notifications settings again, but every few days they are reconfigured to the unknown GCP topic.
It's possible some other app is overwritting my changes periodically, but I am having trouble figuring out where they're coming from.
Is there a log I can review to know where the request to change the notification settings is coming from?
When using the OAuth 2.0 Playground to configure settings, do they "expire" at some point? If so, is how do I prevent that from happening?
Thanks in advance for your help!
You can start looking into when and who created the unknown GCP topics by checking your Cloud Logging for created topics. You can do this by:
Open your Google Cloud Console
Open "Logging"
There should be a "Query" tab and select it.
Input protoPayload.methodName="google.pubsub.v1.Publisher.CreateTopic" and click "Run Query". You can check this reference if you'd like to see other logs related to Pub/Sub.
Click "LAST 1 HOUR" to adjust the time parameters of your log query. (Example: adjust it to a whole month to query all Created topics within a month)
Click the ">" beside the result and expand the log.
There are lots of info like the created topic name, what email authenticated this request, etc. In your case you should look out for field authenticationInfo for you to check who invoked the request:
authenticationInfo: {
principalEmail: "email-used-to-create-the-topic#example.com"
principalSubject: "user:email-used-to-create-the-topic#example.com"
}
NOTE: For testing purposes I blacked out my project-id and email for this example. Also the topic I created is log-this-topic and the email in the log mine since I was the one that created the topic.
OAuth have set rules for expiration, you can check it on Refresh Token expiration.

Google MBA Service Account get all locations

My company owns several (verified) facilities and using my company's email i can see those locations (business.google.com).
Now, my company would like to fetch the reviews in each location and present it in our company website. Before we're using the Google Place API but since it only returns the latest 5 reviews we opt to using Google My Business API to retrieve a location's complete reviews. We'd like our backend (PHP) to retrieve the reviews so using the same email I created a service account (console.developers.google.com/apis/credentials) because we don't need the end user to allow/interact anything when browsing our website.
Using postman (with my signed JWT) I have managed to get a valid access token
...that I use to retrieve the lists of accounts (mybusinessaccountmanagement.googleapis.com/v1/accounts) I could see the service account itself alone in the response.
Now, I tried calling the account locations api (mybusiness.googleapis.com/v4/accounts/{MY_ACCOUNT_ID_HERE}/locations) but it only returns and empty object response.
Can someone help me resolve this issue. Why my service account can't see the verified locations under my company's email. Is this even possible? Thank you.
Even that this is an older question - I run into the same issue calling the new Google My Business Information v1 API (getting empty results) using a service account.
It seems, that it is not recommended to use Service Accounts, I found this support article on Google: https://support.google.com/business/thread/8281160/cannot-get-access-to-gmb-locations-with-service-account-with-nodejs?hl=en
The "official" recommendation is to use OAuth.
But we finally made it using Service Account. The following steps are necessary to resolve it (at least for us it is working now):
Add a project in Google Cloud Platform
Add and enable the Account Management and Business Information API's.
Add the service account and generate a key (https://developers.google.com/identity/protocols/oauth2/service-account#creatinganaccount)
Make the Business Profile API request (you need the approval made by Google to be able to make requests against the two API's; otherwise you may run into quota exceeds as "Request per minute" is set to 0 by default). Important: It may take up to 2 weeks until, but we received the approval within about 5 days
Enable domain-wide delegation for the service account using the scope "https://www.googleapis.com/auth/business.manage". More about domain-wide-delegation: https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority)
Add a user identity in GCP. This user also needs to be added in Google My Business for editing locations. When creating your ServiceAccountCredential object, impersonate this user.
Security concerns:
Domain-wide-delegation enables that everyone knowing/having the credentials of the service account could impersonate any person (identity) from withing GCP. At least in this case only for Business Profile API, but anyway, keep this in mind.
Also using private keys for authenticating the service account is not recommended, you should be aware to regularly change / create a new private key or there would be a solution with Identity Workload.
Hope this helps everyone facing the challenge with GMB / GCP / service accounts :-)

amazon Mws Secret_Key without qualifications for use

I have registered to be the developer associated with seller account and filled developer registration and assessment but I got the message 'amazon Mws Secret_Key without qualifications for use.
What did I miss? and how I could get the access Secret_Key?
As of late Amazon has changed the request process. In the past I was able to request access and have access on the same day. Now there is a new and much longer process. After the registration and assessment Amazon MWS will review your request for up to 60 days (this was the case for me). You can check the status by logging into your Amazon seller account and click on case log. If there is no response to your request then it's still in the review process. Something to keep in mind, when submiting your request it is important that your application followed the acceptable use policy and data protection policy to the T.
Information about Amazon MWS access requirements can be found in the Acceptable Use Policy and Data Protection Policy:
http://docs.developer.amazonservices.com/en_US/dev_guide/DG_AcceptableUsePolicy.html
http://docs.developer.amazonservices.com/en_US/dev_guide/DG_DataProtectionPolicy.html 
For more information about the Developer Registration and Assessment form, please see the FAQ: http://docs.developer.amazonservices.com/en_US/faq.html
Hope that helps.

How do I send email from a domain account when the domain was added using the NEW console on App Engine?

Here's the situation: I have successfully set up email to come from a custom domain on App Engine before, but that was always done through the Google Apps for Business set up process. This time I have added the custom domain through the new developers console instead (https://console.developers.google.com/project/[APP_ID]/appengine/settings/domains) and now I'm getting the "unauthorized sender" error every time.
I've tried a lot of variations on the set up process, checked for typos or other potential bugs repeatedly, and scoured both the docs and Stack Overflow without finding an answer. Most of the docs and answers that come up seem woefully out of date. The docs hardly ever reference the new developer console or the fact that Google Apps for Business doesn't have a free tier any more. And most of the answers seem to ignore the fact that the docs (https://cloud.google.com/appengine/docs/python/mail/sendingmail) explicitly state that "Domain accounts do not need to be explicitly verified, since you will have verified the domain during the registration process."
So has anyone actually gotten domain accounts to work with the new process? Do I have to modify DNS records? DKIM? Something else I'm missing? Any insight would be much appreciated.
As stated in the docs:
For security purposes, the sender address of a message must be the
email address of an administrator for the application or any valid
email receiving address for the app (see Receiving Mail). The sender
can also be the Google Account email address of the current user who
is signed in, if the user's account is a Gmail account or is on a
domain managed by Google Apps.
So only logged in Google accounts or admin (owners in the new console) addresses can be used to send emails through GAE. If you want to use a set of custom domain addresses you can either:
1) Add and validate all those addresses as owners in the project's "permissions" settings.
2) Use as external party to send your emails through a Web API, EG Sendgrid which gives you 25.000 emails/month for free for GAE developers (https://cloud.google.com/appengine/docs/python/mail/sendgrid)

How to remove 'SAMPLE DO NOT MAIL' from USPS shipping API image

I am having problem with USPS shipping API
Here is my XML
https://secure.shippingapis.com/ShippingAPI.dll?API=DelivConfirmCertifyV4&XML=%3C?xml%20version=%221.0%22%20encoding=%22UTF-8%22%20?%3E%3CDelivConfirmCertifyV4.0Request%20USERID=%22228OURBA2607%22%20PASSWORD=%22728ZK94KL112%22%3E%3CRevision%3E2%3C/Revision%3E%3CImageParameters%20/%3E%3CFromName%3EJohn%3C/FromName%3E%3CFromFirm%3E%20%3C/FromFirm%3E%3CFromAddress1%3EFlat%201%3C/FromAddress1%3E%3CFromAddress2%3ERoad%201%3C/FromAddress2%3E%3CFromCity%3ENY%3C/FromCity%3E%3CFromState%3ENY%3C/FromState%3E%3CFromZip5%3E12345%20%3C/FromZip5%3E%3CFromZip4/%3E%3CToName%3E%20Mozilla%20Foundation%20%3C/ToName%3E%3CToFirm%3E%20%3C/ToFirm%3E%3CToAddress1%3E%20Building%20K%20%3C/ToAddress1%3E%3CToAddress2%3E%201981%20Landings%20Drive%20%3C/ToAddress2%3E%3CToCity%3E%20Mountain%20View%3C/ToCity%3E%3CToState%3E%20CA%20%3C/ToState%3E%3CToZip5%3E%20%20%2094043%20%3C/ToZip5%3E%3CToZip4%20/%3E%3CWeightInOunces%3E%203%20%3C/WeightInOunces%3E%3CServiceType%3EPriority%3C/ServiceType%3E%3CImageType%3ETIF%3C/ImageType%3E%3C/DelivConfirmCertifyV4.0Request%3E
It return the correct image but on top of it it is written SAMPLE DO NOT MAIL. How to remove that?
I assume that you have already registered for USPS Web Tools here:
https://secure.shippingapis.com/registration/
And have received confirmation from USPS that your account is active:
If you need to set up USPS or your customers are receiving this error on check out (See below) you should confirm the following
Confirm that our USPS API access is approved
Confirm that it is not in test mode and is in production mode
If USPS says your account is active, this does not mean it is in production mode, - you need to call USPS and specifically request that it be moved to production mode after your account has been approved. A good idea is to perform this quick test:
Insert the following into your browser with your own USERID in place of the XXXX in the URL of any browser:
https://secure.shippingapis.com/ShippingAPITest.dll?API=CarrierPick... USERID="XXXX">ABC Corp.Suite 7771390 Market StreetHoustonTX770581234
If your USPS account is active, it should accept the username.
Confirm that your username and password is for this site only. USPS only allows 1 domain per account.
http://production.shippingapis.com/ShippingAPI.dll
The problem is that by default, you don’t have access to USPS’s production API. They have to approve you first. Keep in mind that they only allow you to use it on one web site per account, so if you’re setting Magento up for a client, customer, or other business entity other than your own you should set up a separate USPS account for them.
That's why you're receiving this text - "Sample Do Not Mail" over the generated shipping label.
You can set up your USPS WebTools account here:
http://www.usps.com/webtools/
Once you have set up your account, they will give you access to the testing environment.
The URL for the USPS test API is:
http://testing.shippingapis.com/ShippingAPITest.dll
I recommend asking USPS to turn on production mode. When you are approved by USPS for the production API, you should use the following URLs:
http://production.shippingapis.com/ShippingAPI.dll
https://secure.shippingapis.com/ShippingAPI.dll
When you have completed your testing, email the USPS Internet Customer Care Center (ICCC). They will switch your profile to allow you access to the production server and will provide you with the production URLs.
The ICCC is staffed as follows:
Monday through Friday from 8:00AM to 8:30PM Eastern Time
Saturday from 8:00AM to 6:00PM Eastern Time
Sunday and Postal Holidays - Closed except for the following Holidays: Martin Luther King; President's Day; Columbus Day; & Veteran's Day with hours from 9:00AM to 6:00PM Eastern Time
E-mail: uspstechsupport#esecurecare.net
Telephone: 1-800-344-7779
But remember, it’s very important that you set up a separate USPS account for each web site (or at least one per domain). USPS will disable your access to their production server if you are caught using your account on multiple web sites.
To request access to the USPS production API, fill out the form here:
http://www.usps.com/webtools/webtoolsapirequestform.htm
USPS doesn’t allow you to use their API for batch processing or data cleansing, so be sure to NOT check these boxes on the request form.
Once USPS gives you access to their production API server, everything should work corresponding to all USPS shipping options. If you are still having trouble, again check that you have access to USPS’s production API server.
From https://www.usps.com/business/web-tools-apis/webtools-faqs.pdf
The API containing "Certify" is our testing API which will only print
labels with the sample watermark. In order to generate actual labels,
you must remove "Certify" from your Web Tools XML requests.
Additionally:
See below 2.3 for additional details. Integrators should note that our
“Certify” test APIs are intended for limited functional verification
of API requests/responses. Any secondary processes, s uch as creation
of a SCAN Form or Shipping Services File, are not supported with
“Certify” APIs. For expanded functional testing support of Web Tools
APIs, users should contact the USPS IT HelpDesk at
https://usps.force.com/emailus/s/ Select (Web Tools) and describe your
testing needs in detail.

Resources