I am building a form in react and I wanted to send it to my email when the user clicked the submit button.
I was looking at Microsoft Graph API for sending the email (https://learn.microsoft.com/en-us/graph/api/user-sendmail?view=graph-rest-1.0&tabs=javascript), but checking it, seems that it needs a temporary token, so I can't use it as I would need to be changing the token every hour or so.
So, I'm basicaly trying to find an API like the Gmail but for office 365 accounts (https://developers.google.com/gmail/api/guides/sending), as we can create a gcp project and use the keys that it generates for us, instead of using a token like the MS Graph API
Generaly I would use a route in my API, but this site is static, so I do not have any API (neither serverlets, cloud functions or other stuff like it).
Is there any away to send an email through a Microsoft API from my web client in react, using only a token specific to the domain? Or is there a better away to acomplish this same result?
I highly recommend using https://formsubmit.co/. It's free and I personally use it in many projects. Works flawlessly with many features like email templating, captcha, reply_to, etc.
No backend knowledge is required. Can set it up in like 1 minute.
One option would be to authenticate on behalf of the user.
You can also have a small proxy API, dedicated for the purpose of allowing the users to send an email.
Related
From my app, I want to use SalesForce APIs to get datas about contacts (first/last name, mobile phone, email).
1/ is it free $ to use SalesForce APIs ?
2/ Where can I have access to the information about this specific API request ?
Many Thanks
"It depends"
You're paying for user license(s) already, in that sense the API requests are free. Accessing the Developer Edition / trailhead playground app is truly free. Then there are things like Essential Edition, Platform Edtion or whatever's the name - there's no API access in them out of the box. API is available in Enterprise, Unlimited etc. You need to check the edition you're planning to connect to.
And then... well, there are rolling 24h limits of API requests. Very forgiving in sandboxes, bit more strict in production (where they increase with every user license you buy or you can purhase extra "bandwidth")
It also depends how will you make these requests. Will you have 1 dedicated integration user or will every user of your web app log in to SF via your app and then you're piggybacking on them in a way (which is useful if your org has complex sharing rules for example and you need to be sure user sees in your app only the data they're allowed to see in core Salesforce).
Which brings us to how to connect. You have SOAP API and REST API. Depending on your programming language there are ready-made connectors for .NET, PHP, Python, Java... Regardless which you choose there will be at least 2 http calls needed. 1 to log in and get session id back, 1 to run actual query.
With SOAP API you pass username & password in login call, get XML message back with session id and endpoint (base url to use from now on). And then you'd query. SELECT FirstName, LastName, MobilePhone, Email FROM Contact or whatever you need.
With REST API there are more options, there's similar username-password flow but there are also more secure ways where your app never sees the user's password, user enters it on SF login screen and is redirected back to you. This is very good if you're making a web app or mobile app. You'd need to read up about all OAuth2 flows available.
Again - there's a chance you can say "don't care" and just use say https://pypi.org/project/simple-salesforce/
I am making a hybrid mobile application, using Ionic and Cordova, for which I would like to give the user the possibility to sign up/log in with Facebook, G+, Linkedin and Instagram, and email account. I would indentify everyone by their email (to check if it's the same person, it is not a pk in the database but just an index).
I have been looking around for information about OAuth2 and looking into the documentation for the services APIs. I have understood what I have to do in the front, but I have some questions on the whole process:
[BACK] How do I check the tokens provided by the services APIs? Let's say when a user logs in with Facebook, I get a token which is stored in the user's phone. Then, on every HTTP request, I have to attach the JWT to verify the user indentity. How do I verify it? Against what do I have to test it?
I want to be able to get information from the user's G+ account but also the user's Linkedin account (example). How do I manage this properly?
Do I just store both (or more) tokens (in local storage) and use them to authenticate? I want to do this as my app will have "friends lists", so the user will be able to log into external services and the app will get the user's friends/contact list from those apps.
As of now, I think about including an auth_method field in my database to store available authentication methods (a JSON string or something like that), and just add four fields (one for each service) default null where I would store the token created for the user.
I can show you my code but it do not think it would help as these are more of theory and not specific to a language.
Thank you for all the help!
I am developing an application where users are playing a game and upon completion their results are sent to my back end through a POST request. Since I do not want this POST request to be done manually by someone who finds this endpoint (and mess with his results), I need a way to restrict it so that it can be done only through the application. However is it safe to hardcode a token that provides this access?
What is the correct way to go around this problem ?
I would not recommend to use hard-coded tokens, if the token gets compromized, you have to change the server as well as the client.
I would recommend some sort of auth mechanism as JWT with ssl with one rudimentary username/password system.
This sounds like a popular scenario, but I can't find direct answer nowhere...
I want to plot Analytics data in my app's admin area.
This area is used by multiple users of the company, and they have to authenticate to access this area. I plan to use GA service account, but 'browser-key/domain' option seems only available for public api.
Can I use server auth (through node API), get the token, and pass it to user while logging in? Will the token be valid? Can I have multiple valid tokens simultaneously for all the users?
Or maybe there is some other way to do it?
Okay, I've tested it myself and the answer is:
YES, you get universal (max 60min) token with every request - so you can have many of them, and dispose to you client-side apps as needed.
I have now embedApi widget in my Angular.js dashboard for every user, without login.
I am writing an travel itinerary app engine application which will interact with the calendars of my users. In order to manage access to my user's calendar I intend to use OAuth 2.0. I looked online for various code examples and the closest to what I am trying to acheive is (http://code.google.com/p/google-api-java-client/source/browse/calendar-appengine-sample/src/main/java/com/google/api/services/samples/calendar/appengine/server/?repo=samples). I have the following questions
1) I find that the server needs access to the application's client id and client secrets. Most of the sample code I have seen so far loads this from a local file. Does AppEngine give some API which will enable me to retrieve the client id and client secret without me having to worry about storing it ?
2) If I have to store the client secret in a secure fashion what are my options ?
3) What is the best way to store a user's access token and refresh token ?
It almost never changes, so hardcode it. It's only really loaded from a file in the sample programs so that you can get the samples running without touching the code.
See 1.
You can use the Google provided Credential class which uses a dedicated kind. Or, given that they are simply strings, you can store them as part of the User kind which your app almost certainly has to track your registered users.
As a tip, separate writing your oauth code from writing your calendar code. I would start by writing an app that only authorises, stores the refresh token, and refreshes the access token. You can test your access token using curl. Once you have that all working, then add your Calendar functionality as phase 2.