Is it mandatory to use Kony middleware for Kony application? - mobile

I am creating a Cross platform application using Kony Studio. We are having our backend and web services ready.
Can we consume same services with out accessing Kony middleware?
If yes, can you please help with some sample code and tutorials.

We can call consume the services without using the middleware using the HTTPRequest API
var request = new kony.net.HttpRequest();
request.onReadyStateChange = callbackHandler1;
request.open(constants.HTTP_METHOD_GET, service_url);
request.send();
You will get the result in the call. Go through the documentation for complete details.

To consume web service directly from Kony without using middleware, web service response should be in json. Otherwise, it should go through middleware.

To consume the service otherwise you will have to go for an FFI implementation. This will lead to separate implementations for the different platforms that you are targeting. Therefore you should use the Kony middleware.

Related

nextjs authentication (OAuth)

New to next.js/react so a little confused on how to approach this:
So we have an app, that will be built on Next.js..
we will have apis that client-side code will call to fetch server data (my assumption is source-code for these apis do not go to client-browser and stays on node server?)
these apis will call our actual apis,
these will be called by using OAuth2 token received from Azure Apps (clientid/secret)
Is my assumption correct regarding api code not travelling to browser
Secondly can I retrieve application-token (using clientid/secret) using NextAuth?
Thank you
Ok, from my understanding the
/api code doesn't travel to client side (I am using getStaticProps to call services directly rather than using fetch as I need calls to be rendered on server side)
I was able to use #azure/identity to receive token that I need to call APIs hosted outside my node.js

How to consume external API with server side in ReactJs in one project?

I want to consume an API of a company, and this API could not be consumed with a Client Side Script such as Javascript, I want to use react js to consume this API on the Server Side but on the same project.
I asked the owner of the API and I receive an email :
It is not possible to use our API request in a client-side language script such as Javascript, it must be used in a server-side script.
How can I do that ?
Thanks !
As far as I know, you have to options:
create an API that works as a proxy and this API calls the other API (so, the proxy-api is called by client/react and the second API is just called by the proxy-api
use server side render in react (you can see more about this alternative in: https://www.digitalocean.com/community/tutorials/react-server-side-rendering)

Push notification in Web pages

Can a web notification be implemented in web sites? I'm using a environment of jsp's with jquery, vue and angular.js for the front side. There's a way to implement web notifications with this environment?
You can use the Notification API to achieve this.
If you want to use Service Workers to push notifications from a backend, you can check the Push API
These API are still drafts and may only work with modern browsers. Make sure you are using these API's over https.
you can use web socket, which has integrated in Angular already.
use for example:
https://github.com/mqttjs
then in your js:
this.client = mqtt.connect(url, options);
if(topics.length>0)
this.client.subscribe(topics);
this.client.on("message", (topic:any, payload:any)=>{
console.log('CONNECTED', payload);
});
this.client.on("connect", function (connack: any) {
console.log('CONNECTED', connack);
});
And use some server side message broker eg: rabbitMQ or other message router
read this
https://www.rabbitmq.com/web-mqtt.html
Yes, Web notification primarily targeted for Web application, client side registration and server sider processing for pushing the notification, below site has both client and server side examples -
ServiceWorker

How to Secure an API Call made from a mobile application without username/password?

I have bought an API that can be used in a mobile application. API includes the Key and username as expected.
Within the app, this API needs to be called on Payment confirmation.
I found that using tools like Fiddler, one can see the request made by the application. If that is the case, it is just a matter of seconds to fully get access to the API signature.
It would be of great help if someone can help out/add to this issue.
My thoughts:
Use a server to make this API call instead of calling it directly
from the application.
If a server is used, the issue would still exist as the API call made to the server(eventually which calls the bought API) can also be interrupted/accessed
How to secure the call made to the server from the application?
Technologies: Angular JS, Node JS, Ionic framework
Look at my answer to this question. Instead of using the user name and password, your backend could provide an additional resource that allows the user to create a token with a special scope.
In your AngularJS application you can use the $http or $resource services (if the ngResource module is included) and obtain such kind of token that allows you to access only the parts of your backend your client really needs.
This token must be cached at the client side and included in the header of each request.
In AngularJS storing the token in the header of each request can be done at a central place if you are using the config function of the module you created.
app.config(function($httpProvider) { $httpProvider.defaults.xsrfCookieName = "TOKEN" }
AngularJS also provides some additional security features. For example you could use the JSON vulnerability protection mechanism. If you are using this, your backend had to add the characters )]}', (you could also override the default characters) to each JSON response body.
For other clients the JSON response will be invalid Javascript code, but in your AngularJS application the characters will be automatically removed.
UPDATE
The best way for implementing security for your application would be reading and understanding the OAuth2 specification.
In this video from minute 11:36 to 17:26 the JavaScript flow is described.
This site provides some implementation of the standard for different programming languages.
Some of the aspects in this standard are that all clients and redirect urls must be registered in an additional authentication server. Client are identified by a unique client id.
To avoid that some other application intercepts your requests for extracting the token, the original token should only be active for a small amount of time and each api request must be SSL encrypted.
For providing Single sign-on also refresh tokens can be used.

Kony Middleware mandatory for RESTful service calls?

Referring to this question:
Is it mandatory to use Kony middleware for Kony application?
One of the response said that if the response is in JSON, then it is not necessary to go through the middleware.
However, if the services are RESTful but not in JSON (say in XML), does it still need to be routed through the Middleware?
To be able to consume webservice without the middleware the response should be in JSON, otherwise its not going to work (and the middleware became mandatory in this scenario)
We can call or consume the services without using the middleware using the HTTPRequest API
var request = new kony.net.HttpRequest();
request.onReadyStateChange = callbackHandler1;
request.open(constants.HTTP_METHOD_GET, service_url);
request.send();

Resources