I am in the process of developing a software using the Amazon MWS API for other Amazon sellers. Until now, I was using my own private info:
(access key, secret key, seller id , market place id, Auth token)
Is the US market place id the same for every market place, i.e for all sellers?
In my software, I am using the 5 identifiers above. But when someone grants a developer access, there are only 3 identifiers (seller id , market place id , auth token). If I don't fill the other 2 in the requests, will it work? If not, what should I do to get the other 2?
Most important: I don't want to ask the user to type my developer number, and I saw in other software that they provide a link directly to the "Accept the Amazon MWS License Agreement to give access to my Amazon Seller Account with MWS" page. How do I create this link?
The marketplace ID is unique for each region http://docs.developer.amazonservices.com/en_US/dev_guide/DG_Endpoints.html
You need to supply seller ID, marketplace ID, along with your access key ID and secret key. The marketplace ID and seller ID (which is the same as merchant id) is the same for all developers that have access to MWS for that seller account. Each developer would have their own access key id and secret key. It's been a long time since I've been on those screens, but I believe I signed up for MWS access as a developer, and then gave that ID to my client who authorized access to their account for me. Check out this link: https://developer.amazonservices.com/gp/mws/faq.html
I have never seen anything about a link straight to the "Accept the Amazon MWS License Agreement to give access to my Amazon Seller Account with MWS".
I have always instructed them to login at the correct url (based on marketplace), enter my dev id and return to my platform to manually input their token. As the Amazon docs suggest.
Related
I have a Microsoft Teams tab app and I'm using SSO for authentication. My users are both native and guests. My requirement is to show different screens depending on the type of incoming user (native/guest), so I have to identify the user type first. To ensure security, I first obtain the id token for the incoming user and then validate it first before identifying the user type. Is there any reliable way to identify the incoming user type with just the id token? I don't trust the info in tab context.
If you don't want to use Microsoft Graph API, you could add all the guest user into a security Group and include Groups claim in your token as instructed here. You just need to modify the "groupMembershipClaims" field in application manifest:
"groupMembershipClaims": "SecurityGroup"
Then the ID token will contain the Ids of the groups that the use belongs to like below :
{
"groups": ["1ce9c55a-9826-4e32-871c-a8488144bb32"]
}
You can also Add app roles in your application and receive them in the token.
You can use microsoft graph api(beta) get user.
https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}
If the id token contains objectId of the user, just put the objectId as the parameter of this api. In the response, we can find an attribute userType. The value of this attribute could be Member or Guest.
If the id token doesn't contain objectId of the user, just contains email. We can also put it as the parameter in the graph api, but if the email is a guest user, the api will not get response data. So I asked you if it contains objectId in the comments.
By the way, the attribute userType just exists in the beta version of microsoft graph api but not exist in the v1.0 version microsoft graph api. So if you're not comfortable with beta version, I suggest to use Azure AD graph api(get user) instead of Microsoft graph api.
Hope it helps~
Is there a way to get value of "objectIdentifier" claim for Microsoft account?
Case: I have an app with one form field, email (need's to be Microsoft account). When this email is entered, server (back end) need's to find out value of object identifier (user ID) in common tenant for all Microsoft accounts (section "tid").
Normally, if this was normal tenant in Azure Active Directory I would create Azure AD app and generated client secret for accessing Graph API, directory endpoint. Unfortunately, this is "special" tenant and I don't know is there any API I can call (as application) to get id of user (best option would be GetUserIdByEmail(email)).
I understand this is weird case but life is hard :)
Asking user to login and then retrieving value from token is not an option!
There is no API that I'm aware of where you could query for MS personal accounts' info without logging a user in.
If you think about it, it would be quite an easy source of building a user list for attacks :)
You will need to log them in to get their id, I don't think you can know it in advance.
I am building a web app with go and GAE. I would like to use Google Accounts for authentication. The appengine/user package contains a type, User. I was planning on using ID property of User as the ancestor to descendent entities in the Datastore. However I'm confused by the comments in this section of documentation:
type User struct {
Email string
AuthDomain string
Admin bool
// ID is the unique permanent ID of the user.
// It is populated if the Email is associated
// with a Google account, or empty otherwise.
ID string
FederatedIdentity string
FederatedProvider string
}
Source: https://cloud.google.com/appengine/docs/go/users/reference#User
Under what circumstances might an email not be associated with a google account and therefore ID be empty?
I'm very new to go and GAE so please excuse my ignorance.
There are several key differences between email and id. E.g. "The app can also access a user ID that identifies the user uniquely, even if the user changes the email address for her account." Also "Every user has the same user ID for all App Engine applications."
Like ThunderCat said, if you use a Federated Login (OpenID was the only one supported, but is no longer), then you will not get a user id.
See the docs for more info.
The "user" submodule in Google App Engine uses "Google Account" rather than a "G+" sign-in. Are the base ID's the same? I'd like to associate their sign-ins with my own user records...
If you are asking the about the ids...
Specifically:
using
user = users.get_current_user()
returns a user object and that is not what you are referring (regarding to your comment)
The user_id() is what you where reffereing to for the users api:
user = users.get_current_user()
user.user_id()
From the Docs
If the email address is associated with a Google account, user_id returns the unique permanent ID of the user, a str. This ID is always the same for the user regardless of whether the user changes her email address.
If the email address is not associated with a Google account, user_id returns None.
Now from my experience my GoogleID according to user_id() is xxx8005350796570706xx and my Google Plus profile ID is 102445631084043565507 which are totally different. I also checked this with my apps and Google + known followers and found no similarity.
I would say they are not the same thing, but yes, you can associate them.
If you have used the support built into GAE (or Android) for basic Google accounts (User) to authenticate a user then you have their e-mail address which uniquely identifies their google account.
On Google+, use the email scope to gain access to their e-mail address:
https://developers.google.com/+/api/oauth#email-scopes
These e-mail addresses should match, so this will allow you to associate the Google and Google+ accounts. The downside to this method IMO is if you weren't already requesting the g+ email scope then you will have to add it.
You should create an own user model which will have info about registered users. Using users.get_current_user() you may take an e-mail address from user google account and login him to an app.
I intend to develop a client for Amazon's Marketplace webservices (MWS). My requirements would be to update the order, synchronize the order status, get the order details using the APIs they have.
However, I could not find a Sandbox environment to test these scenarios. Amazon has a payment Sandbox I understand, but is there a sandbox available to test these web-services? If not, are there any pointers on how to go about testing the above mentioned scenarios with Amazon MWS?
UPDATE
As seen in the comments to this post, Amazon no longer provides a staging / test environment.
I just had a conversation via sellercentral ticket with an amazon employee.
They said:
We can provide you with a free Seller Central test account to be used in ungated categories only, which are the Amazon categories that do not require approval to sell in. For a list of ungated categories, please scroll down to the middle of the page here: http://www.amazonservices.com/content/sell-on-amazon.htm.
For orders:
After you’ve logged into the staging site, you then need to log into a real Amazon buyer account (not your staging account) to buy items. Then, navigate to the offers you’ve created. If you want to buy anything from your staging account (in order to test MWS order functionality) you will be using real credit card data, so make sure your offers are priced at only one cent, and your shipping is also set to one cent. These offers will not be visible on Amazon .com. Do not buy from any other sellers on the staging site.
So (conclusion): Just file a ticket** and tell them you want a seller central test account like this!
First register** for an account that you can access seller central with (please note, that some kind of accounts have a monthly fee, so choose a "per sale" plan. This fee won't be charged with your test account), then you can file the ticket (click the link above).
All resources about the MWS API are here.
** Replace ".com" with your local Domain for the Amazon Site you want a test (staging) account for.
You can use the scratchpad of Amazon:
scratchpad
good luck