My job has tasked me to create a login page with username, password, reset password, sign in and sign up. When you login you are sent to a landing page. All should be done with react but i have to use filemaker server as a backend that stores usernames and passwords in a database. I've never used filemaker before and i don't know where to start. Any advise will be appreciated
Use Filemaker Data Api:
https://help.claris.com/en/data-api-guide/
Login call to get the token
Make a POST request to
{yourServerUrl}/fmi/data/version/databases/{database-name}/layouts/{layout-name}/records
to write the new record into the database.
Assuming your company is on a recent version of FileMaker (version 16 or later, I believe) then FileMaker Server has a feature called the Data API that publishes all FM data in a more standard-manner than going through the trials of ODBC or the PHP API.
The requirements are essentially just clicking the checkbox in the Server Admin control panel:
That feature has tiered pricing associated with it, but it includes a base amount of requests as part of having a server license and most likely you will find it to be the best avenue. If, for some reason, you can't use the Data API, going in via the PHP API which produces a more verbose XML output and is tied to fields visible on layouts is another avenue.
Related
This is my first question, so I hope I don't miss a thing. To be clear from the start: I don't expect an answer which dives deep into detail. This is just about getting a general understanding of how to work with this kind of software.
So I don't know if "Identity Management System" is a suitable term for what I mean but when I talk about Identity Management Systems I think of something like Azure AD, which as far as I know provides e.g. web developers the possibility to integrate a way users can authenticate (including access privilege etc.) on their website.
What I'm quite unsure about is how to work with/ integrate such tools in a project. I will try to make it clear with an example: Assuming I have a website let's say this website is a blog. The blog consist of different posts which are stored in my own database which is connected to the website. The posts are written by different users which authenticate with a tool like Azure AD. The user's data is stored somewhere on a server run by e.g. Microsoft. If I want to display the posts togethere with the name, email.... of the user who wrote them, how would I do this?
Is it possible to query the user's data directly from the Identity Management System and display it? This does not sound ideal to me as the consequence would be that data the website uses is stored in two different locations.
Would you kind of copy the user's data from the Identity Management System to the websites database and query it from there? This does not sound like a good solution either because then data would be duplicated.
So whats the "right workflow"?
I appreciate any hints and further information I can get:-)
AFAIK To get the user's information like name, email etc. you can add these claims while generating the JWT token.
To generate access token, you have multiple authentication flows such as Authorization code flow, ROPC flow, Implicit flow.
To add the claims that you need to return with the token, you can make settings like below:
Go to Azure Portal -> Azure Active Directory -> App Registrations -> Your app -> Token configuration -> Add optional claims
When you decode the token via JSON Web Tokens - jwt.io you can find the user information that you need.
To know how to generate access token, you can refer SO Thread which I solved it before.
From my app, I want to use SalesForce APIs to get datas about contacts (first/last name, mobile phone, email).
1/ is it free $ to use SalesForce APIs ?
2/ Where can I have access to the information about this specific API request ?
Many Thanks
"It depends"
You're paying for user license(s) already, in that sense the API requests are free. Accessing the Developer Edition / trailhead playground app is truly free. Then there are things like Essential Edition, Platform Edtion or whatever's the name - there's no API access in them out of the box. API is available in Enterprise, Unlimited etc. You need to check the edition you're planning to connect to.
And then... well, there are rolling 24h limits of API requests. Very forgiving in sandboxes, bit more strict in production (where they increase with every user license you buy or you can purhase extra "bandwidth")
It also depends how will you make these requests. Will you have 1 dedicated integration user or will every user of your web app log in to SF via your app and then you're piggybacking on them in a way (which is useful if your org has complex sharing rules for example and you need to be sure user sees in your app only the data they're allowed to see in core Salesforce).
Which brings us to how to connect. You have SOAP API and REST API. Depending on your programming language there are ready-made connectors for .NET, PHP, Python, Java... Regardless which you choose there will be at least 2 http calls needed. 1 to log in and get session id back, 1 to run actual query.
With SOAP API you pass username & password in login call, get XML message back with session id and endpoint (base url to use from now on). And then you'd query. SELECT FirstName, LastName, MobilePhone, Email FROM Contact or whatever you need.
With REST API there are more options, there's similar username-password flow but there are also more secure ways where your app never sees the user's password, user enters it on SF login screen and is redirected back to you. This is very good if you're making a web app or mobile app. You'd need to read up about all OAuth2 flows available.
Again - there's a chance you can say "don't care" and just use say https://pypi.org/project/simple-salesforce/
I am new to Salesforce, but am an experienced developer. I am provided a link to a Salesforce report, which mostly has the right filters (query). I would like to use an REST API to pull that information as CSV or JSON so that I can do further processing on it.
Here are my questions:
Do I need special permissions to make API calls? What are they?
Do I need to create an "app" with client-key & secret? Does my admin need to grant me permission for this too?
There are a lot of REST APIs from Salesforce, which one do I need to get the info from the report? Analytics?
How do I authenticate in code?
You'd have to work with the System Administrator on the security pieces. Anybody who knows how the company works, can all users see everything, is there Single Sign-On in place, how likely is the report to change...
You will need an user account to pull the data. You need to decide if it'll be some "system account" (you know username and password and have them stored in your app) or can it run for any user in this org. It might not matter much but reports are "fun". If there will be data visibility issues 6 months from now, you'll be asked to make sure the report shows only French data to French users etc... you can make it in report filters or have multiple reports - or you can just use current users access and then it's the sysadmin that has to set the sharing rules right. (would you ever think about packaging what you did and reusing in another SF instance? Making a mobile app out of it? Things like that, they may sound stupid now but will help you decide on best path)
The user (whether it'll be system account or human) needs Profile permissions like "API Enabled" + whatever else you'd need normally ("Run Reports" etc). If you're leaning towards doing it with system user - you might want to look at Password Policies and maybe set password to Never Expires. Now this is bit dangerous so there would be other things you might want to read up about: "API only user" (can't login to website), maybe even locking down the account so it can login only from certain IP ranges or at certain times when the job's supposed to be scheduled...
Connected App and OAUth2 stuff - it's a good idea to create one, yes. Technically you don't have to, you could use SOAP API to call login, get session id... But it's bit weak, OAuth2 would give you more control over security. If you have sandboxes - there's little-known trick. You can make connected app in production (or even totally unrelated Developer Edition) and use client id & secret from it to login to sandboxes. If you create app in sandbox and you refresh it - keys stop working.
(back to security piece - in connected app you can let any user allow/deny access or sysadmin would allow only say these 3 users to connect, "pre-authorize". Could be handy)
Login - there are few REST API ways to login. Depends on your decision. if you have 1 dedicated user you'll probably go with "web server flow". I've added example https://stackoverflow.com/a/56034159/313628 if you don't have a ready SF connection library in your programming language.
If you'll let users login with their own credentials there will be typical OAuth "dance" of going to the target page (Google login, LinkedIn, Twitter...) and back to your app on success. This even works if client has Single Sign-On enabled. Or you could let people type in their username and pass into your app but that's not a great solution.
Pull the actual report already
Once you have session id. Official way would be to use Reporting API, for example https://developer.salesforce.com/docs/atlas.en-us.api_analytics.meta/api_analytics/sforce_analytics_rest_api_get_reportdata.htm
A quick & dirty and officially not supported thing is to mimic what happens when user clicks the report export in UI. Craft a GET request with right cookie and you're golden. See https://stackoverflow.com/a/57745683/313628. No idea if this will work if you went with dedicated account and "API access only" permission.
I have an ejabberd server and I am trying to build a chat module in my Angular/NodeJS app.
Currenlty, my Angular app connects directly to the chat server. Assume my roster has 100 contacts comprising of online and offline contacts. I need to map all the 100 contacts with the users in my application server to get more details like companyId, email, contact, etc.
Do I have to loop through each contact and call an API to the application server? Wouldn't that put a lot of load on the frontend? Is there a better way of achieving this?
Apologies if my question is silly. I am new to XMPP.
There are several way´s of doing this.
You could go and fetch every single user from your API, cache them so the next you don´t have to fetch all the data, but that´s not the optimal solution.
The other solution would be to get all contacts with one single call by passing all id´s to your node application. Then the node app can fetch all needed data from your database and pass it back with one Request and not 100.
With more or less the same problem I used a jabber search getting up all the users and stored on client for the entire session.
My requsite it's "all users can chat with all other users" (about 100 users on server),
if your is not, I suggest you to create a custom IQ and let server cache the Jabber search (updating after each user registration) and reply with only required datas in a single call, async.
I want to connect Django to a database that the user will set in the main page.
The user will have to precise the engine (with a combobox), the database, login, password etc in a form, and I want to proceed the connection with the submit.
So far, I tried to set "DATABASES = {}" in settings.py, but it returns an error.
Have you got any clue about how to do it?
You have to connect your app to a database.
There is no way that I know of to change the database connection dynamically.
The only things I can think of are a bit convoluted:
If you want to change your back-end database:
I would suggest having a separate setting file for the database (I will call it dbsettings.py) that you will include in the settings file.
At the submit, you would lunch a script that will change the dbsettings.py file, and restart the django server (with a CLI call for example)
If the database is user specific, configure and fire up another django instance, and have the two instances communicate (you could use celery for messaging or django commands)
I (and other people) may come up with better solutions if we had a little more details