Coinbase API - Get all of user's wallets - coinbase-api

I'm creating an app to allow people to view their coinbase balances. Right now it seems like they'd have to authorize separately for me to view balances on each wallet. Is there any way I can allow the user to grant me access to read the balance on all of their coinbase wallets?

Related

Register a new user using the coinbase API?

We are creating a DiFi app and I'd like our customers to be able to sign up to coinbase and go through KYC/AML so they have an account in their name, but without them having to leave our site. The reason we want them to have their own account is that we are not regulated to handle customer's fiat funds - though we are able to manipulate funds in a customer's account if they give us permission,
Is it possible to register new users onto coinbase through the coinbase APIs or do users need to go to the coinbase website to sign up?
Being able to register for another service through your service can open an array of security vulnerabilities. You could do it by reverse-engineering their API, but it would certainly be questionable.
Instead, the Coinbase API does have OAuth2. This would allow your users to connect their accounts in a secure manner.
You can find the integration instructions here.

MSAL and Graph API - access a user's calendar without user interaction?

I have an app that runs in a conference room kiosk that displays the conference room's calendar. Right now the app uses the Interactive Credentials Flow to interactively get the room account's token and then fetch the calender. By managing refresh & access tokens we should never have to sign in again and re-grant access.
However - we need to deploy this app to 300 rooms. Sending a technician around to each room and signin with each room's account and grant access is very costly. Also if ever the refresh or access token goes stale or is revoked, we have to send out a tech to the conference room. Some conference rooms are in building where there is no tech in the city.
Is there a way we can do this centrally? To get an access token for a user for granted permissions, then feed this to our application?
We looked at using the "Client Credentials - Application Secrets Flow", but this requires giving the app access to the entire enterprise's calendars. This we cannot do as many of the users require high security.
I find this an interesting question.
here is the documentation on how to achieve this: https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access
You would use application secret auth, but using this, you can limit which mailboxes the graph calls can access. this would be the most elegant way I believe.

Graph API - Daemon app with User Consent

We want to create an API App(Main purpose is to contact our organizations Office 365 Graph endpoint and send email) in Azure.. however our frontend website doesn't use Azure AD for the user authentication.. however we want our backend APi to be able send email in one of the following ways
1) send email as any user
2) send email on behalf of a service account
we are trying to explore the possible options and based on the investigation done so far, this(option 1) can be done using admin_consent - Can someone help with the steps we need to follow to create such app and deploy.
additionally is there a way to create an API app without login screen being prompted during the execution of the API - while using user_consent?
Option 1
In order for an app/daemon to send email as any user, it must have the send mail as any user app permission.
Give that permission on the Microsoft Graph API to the app, then grant the permission by clicking the Grant Permissions button in the portal, or by going through the admin consent flow.
Your API can then authenticate with its client credentials and get an access token to send email.
The bad side of this approach should be obvious, the app gets rights to send emails as anyone in your org.
Option 2
You could alternatively create an account for the API, and then use the Resource Owner Password grant flow to authenticate. You would then give the delegated permission for sending email as the signed in user.
The bad side of this is the flow for authenticating. If the account's password expires, there is no way for you to reset it from there, you would have to intervene to fix the problem.
Consent
You cannot go through consent without the browser UI.

Trying to understand if I need to give domain-wide authority to my appengine service account so that it can access data on Google Drive

I have an appengine app that stores documents in a Google Docs account. It uses the Documents List API to communicate with Google Docs but I am now trying to migrate it to use the Drive API as the Documents List API is supposed to be shutdown on 4/20.
I would like to know if I need to grant any special permissions for my appengine app to be able to access the Drive account and read/write documents from it. i.e., do I need to add a row on this screen?
The Google Docs account under which files are stored by my current app is of the form user#xyz.com where xyz.com is a domain name that I purchased through Google and that is aliased to my appengine app. Further user#xyz.com is an owner of my appengine app.
Yes.
Delegate domain-wide authority to your service account
In the Client name field enter the service account's Client ID.
In the One or More API Scopes field enter the list of scopes that your application should be granted access to (see image below). For example if you need domain-wide access to the Google Drive API and the Google Calendar API enter: https://www.googleapis.com/auth/drive, https://www.googleapis.com/auth/calendar
Click the Authorize button.
Your service account now has domain-wide access to the Google Drive API for all the users of your domain, and potentially the other APIs you’ve listed such as the Calendar API in the example above. You are ready to instantiate an authorized Drive service Object on behalf of your Google Apps domain's users.
When you make the calls, you will have to impersonate the user whose account you want to access, i.e. user#xyz.com

Can App Engine MailService be used with OAuth2 / service accounts?

We are using UserService with OpenId to send emails on behalf of the logged in user.
As we want to move to OAuth2/OpenID Connect for login to comply with the new marketplace guideline I'd like to know if it is possible to use App Engine's MailService with OAuth2 / service accounts to be able to send emails on behalf of the user.
I know that it is possible to send emails using the old GMail API, but then we are stuck with the daily GMail limits which are far too low for our usecase.
You can use the current GMail api via OAuth 2 and you can impersonate users with Service Accounts. There isn't a specific example for Gmail + Service accounts but Drive has good documentation that you should be able to extrapolate. If the quota limits are unmanageable, than you'll need to evaluate IMAP if you want a Google-powered solution.

Resources