I wonder how we can renew the Amazon merchant API key.
Is there an API call for this, or what is the procedure?
I googled a great amount but only find the procedure to request the first key, which does not work anymore if you are already using the API
We have the old data and are using them but it was compromised, so we need at least a new secret key.
Is this even possible?
There is a forum message which seems to answer it https://sellercentral.amazon.com/forums/message.jspa?messageID=3015879
"Yes, you can change your MWS secret key. Whenever you want to do that we will delete your MWS secret key from our end, and then you can sign up for MWS again to get new secret key through this link
https://developer.amazonservices.com/index.html/182-5557423-3858158 "
There is now no way to reset your own keys (that I can see). Instead you need to contact MWS support and ask them to do it for you.
This can be done via:
https://sellercentral.amazon.com/gp/mws/contactus.html
https://sellercentral-europe.amazon.com/gp/mws/contactus.html
If you put something like "URGENT - MWS Keys Compromised" in the subject line then they should respond quickly!
Related
I want to develop an application that allow users to buy and sell cryptocurrency. While doing my research I found out that CoinBase provide such APIs. So, I started following the document https://developers.coinbase.com/api/v2#introduction I signed up at https://developers.coinbase.com/ and tried to create the API Key. It sends an otp on my registered mobile number, I entered the otp and then few details but when I click on Create API Key, it again sends an otp and this continues in a loop.
Can anyone here, help me how I can create an API Key in coin base to test the APIs?
Also, while going through the document, I can see that there are APIs to show, update or delete account or user but I can't find any API to create an account or user. May I know, how an account or user is created using coinbase API?
A fast response will be appreciated.
I created a Gmail account for development and enabled the APIs for developer console. I generated one API key which I used in my application but now I forgot the Id that I used. I have to upgrade the plan for APIs but for this, I need the Gmail Id. Is there any way I can get the Id?
Ok, So after I have tried different options I was standing in the same position. So I dig all into my accounts and luckily my recovery email id was one of them, so I searched for all the emails from Google having the subject as Security your linked Google Account and sender as no-reply#accounts.google.com this will give you all the Ids associated with it.
The only workaround to fix the issue is to contact "Google API support team"
Just Go to the given link and raise your issue. They will assist you further steps to follow. https://support.google.com/googleapi/?hl=en#topic=7014522
I hope this will help you :)
On the API console, I only see the API key for self-use. But the most of the documentation makes a reference to a secret key either while forming the CB-ACCESS-SIGN or initializing an auth object.
Should I instead create an OAuth application even if it's for self-use? Appreciate any help.
Finally found out that Coinbase only shows you the secret once during the key creation. If you don't save it, then you would have to delete the existing one and recreate it, which is what I did to solve this issue.
If my MysQL database is stolen for example, can a thief use the Stripe customers ids to charge them?
Should I store these Ids in my database or not? Store them but encrypt them?
Thanks.
The customer id (cus_XXXX) can be used to charge a customer's card but only with your account's Secret API key (sk_live_XXX).
Someone getting their hands on your database in that situation wouldn't be able to do anything with the information unless they also stole your API keys.
It's safe to store anything that Stripe returns via the API in your own database as they wouldn't be returning those values in the first place otherwise. It's also partially covered in the documentation here about PCI compliance.
Cloudant provides an API for creating API keys by issuing a POST to /_api/v2/api_keys
https://docs.cloudant.com/authorization.html#creating-api-keys
However, I do not see any documentation which states that an API Key can be deleted, so my assumption is that instead, you just remove the key from the authorization list of all your databases and stop using it.
Is that the correct approach?
You can remove an API key from the dashboard by going to Databases -> Permissions. Hover over the API key you would like to delete and click the "X" that appears once you are hovered over the API key.
To remove an API key using the Cloudant API, you will need to issue an HTTP PUT to the _security API endpoint providing an updated list of usernames that does not include the API key you would like to delete. See the API documentation on modifying permissions.
While the other answer is useful on its own, it doesn't actually answer the question, which is specifically about the possibility to delete an API key and not just remove it from the authorization list.
From the documentation:
By removing the API key from the list of users that have access permissions, the effect is to delete the API key.
So it does seem that there's no way to completely delete an API key, and removing it is indeed the right approach. Since an API key without any permissions can't do anything, it doesn't really matter.