How do APIs know Bitcoin transaction and wallet types?

I am working on a university project, and I noticed that paid crypto APIs like Whale Alert or Whale Trace return information about transaction types (like exchange), sender and receiver wallets (like private/okex.com/…):

  {
     "hash":"fecb0051e9e69c7e8202fae3866a5193579696c1093049e7e336e5a15d0a9248",
     "from":{
        "address":"bc1qw0c0mrjjw73azm65utnhwvcpsdnpg0cdljg0eg",
        "name":"Wallet",
        "type":"wallet"
     },
     "to":{
        "address":"bc1quq29mutxkgxmjfdr7ayj3zd9ad0ld5mrhh89l2",
        "name":"OKEx",
        "type":"exchange",
        "url":"okex.com"
     },
     "time":"2020-01-24T19:44:03Z",
     "asset":"BTC",
     "size":2763.80593244,
     "USD_size":23417202.542436957
  }

My question is how can I get this information without using these specific APIs? I am new to crypto but I would like to build my own API on the top of Bitcoin (where of course I can’t see this information).

magento2 – Magento 2 REST APIs fetch results by store code

When i am trying to fetch the orders, & customers & products collection by using store code I am getting another store results aswell. Did any one facing the issue in the magento 2.4 version? please advise how to overcome this issue.

as per theattached screenshot below, there are two stores demo1 & demo2. Here i am trying to fetch the collections for demo1 store.

http://local.magento24.com/rest/demo1/V1/orders?searchCriteria

http://local.magento24.com/rest/demo1/V1/products?searchCriteria

http://local.magento24.com/rest/demo1/V1/customers/search?searchCriteria

enter image description here

enter image description here

Can I create android app using google fit apis?

Can I create android app using google fit apis? – Android Enthusiasts Stack Exchange

views – Extract more data on field_collection_item from REST APIs of Drupal

I am trying to display information regarding Contributed modules available on Drupal programmatically.

For that, I am taking the help of this documentation :
https://www.drupal.org/drupalorg/docs/apis/rest-and-other-apis

When I am calling API like:
https://www.drupal.org/api-d7/node.json?field_project_machine_name=ctools

In return I am receiving a JSON object with the following details:

"field_supporting_organizations": [
                {
                    "uri": "https://www.drupal.org/api-d7/field_collection_item/1381907",
                    "id": "1381907",
                    "resource": "field_collection_item"
                }
],

Now, I want to extract more data on this field collection item, but I am unable to find the right API filters to do so.

Any help would be much appreciated.

Rating each day depending on API´s data using mainly javascript and jQuery

i have a problem, I have gathers a bunch of data from different API´s. these all gathers weather data and astronomical data, all of this information was planned to be used for to rate the next 7 days in a week, so it says like in a table element in my html a green, a yellow or a red fish, depending on how good the days is. And eventually have like a “show more” button that shows hour by hour and which hour is best to fish on. The output on table. That is how it looks like,

 var settings = {
  "url": "https://api.met.no/weatherapi/sunrise/2.0/.json?&days=7&lat=62&lon=6&date=2021-05-30&offset=02:00",
  "method": "GET",
  "timeout": 0,
};

$.ajax(settings).done( (Solunar) =>{

  console.log(Solunar)

  var veke = Solunar.location.time

  var sunrise = (veke(0).sunrise.time,veke(1).sunrise.time,veke(2).sunrise.time,veke(3).sunrise.time,veke(4).sunrise.time,veke(5).sunrise.time,veke(6).sunrise.time)
  var sunset = (veke(0).moonset.time,veke(1).moonset.time,veke(2).moonset.time,veke(3).moonset.time,veke(4).moonset.time,veke(5).moonset.time,veke(6).moonset.time)
  var moonrise = (veke(0).moonrise.time,veke(1).moonrise.time,veke(2).moonrise.time,veke(3).moonrise.time,veke(4).moonrise.time,veke(5).moonrise.time,veke(6).moonrise.time)
  var moonset = (veke(0).moonset.time,veke(1).moonset.time,veke(2).moonset.time,veke(3).moonset.time,veke(4).moonset.time,veke(5).moonset.time,veke(6).moonset.time)
  var moonHigh = (veke(0).high_moon.time,veke(1).high_moon.time,veke(2).high_moon.time,veke(3).high_moon.time,veke(4).high_moon.time,veke(5).high_moon.time,veke(6).high_moon.time)
  var moonLow = (veke(0).low_moon.time,veke(1).low_moon.time,veke(2).low_moon.time,veke(3).low_moon.time,veke(4).low_moon.time,veke(5).low_moon.time,veke(6).low_moon.time)

  if (sunrise(0) == "2021-05-30T04:06:50+02:00"){
    $('.fiske_beskrivelse').append(sunrise(0).slice(11,13))
  }else{
    console.log("You are busted")
  }

Here is some of my code for gathering th e API for sunrise and moonrise and set and such. I would appreciate it. If you guys need anything else I can add it in the comments. The table uses different API´s then the one I submitted but I would really appreciate some help with this.

Authentication & Authorization for multiple separated APIs

Architecture Overview:

Single Authentication Server and a separate API for each group of users, that can access their API through multiple SPAs with SSO feature. Let’s say we have three APIs A, B and C and three users for every container (A1, A2, A3, B1, B2, …). Each of these users should only have access to their corresponding API. So e.g. user B1 can only read/write with API B.

Thoughtprocess:

I read the documents about OAuth2 and OpenID Connect for authentication and authorization and I’m not sure if I understood this Framework correctly.

OAuth2 Abstract Protocol Flow

In this protocol flow is a Resource Owner mentioned that I wouldn’t need for my use case, as each user knows which API they have access to when they register. So I came across the following Refresh Token flow in the same document which would suit my thoughts better, where no Resource Owner is present.

OAuth2 Refresh Token Flow

Given these are authorization flows only (?) and I’m missing the authentication part I checked OpenID Connect, but I thought of changing the native authentication mechanism of a webframework I would use would be more suitable given I know everything about the authorization part when a user registers as stated before. Therefore I came up with the following authentication/authorization flow:

Prerequisites:

Authentication Server:

  • Registered User A1 (username+password) with access to a private key PrKA specific to API A
  • Registered User B1 (username+password) with access to a private key PrKB specific to API B

APIs:

  • API A with a corresponding public key to PrKA
  • API B with a corresponding public key to PrKB

SPAs:

  • Any SPA that consumes the APIs

Flow:

  1. User A1 logs in to the authentication server with username + password
  2. User A1 receives an access and a refresh token created with PrKA
  3. User A1 is redirected to API A and sends the access token to the API
  4. API A can verify the access token because it is in possession of the corresponding public key
  5. User A1 can log into API A with the user claim in the token and a corresponding user object in the database
  6. Authorization for API internal access will be managed by the webframework
  7. On expiring of the access token, issue a new one from the authentication server with the refresh token

Given the tokens and keys will be securely stored and transmitted (this would be my next question), would this brake the intentions of the OAuth2 framework or would it make the flow even insecure?

jwt – Multiple user specific APIs with a single Authentication Server

I’m currently in need of some clarification for an authentication/overall strategy. First I will describe the use case and then the questions that arise for me.

Use Case

I want to have a single docker container consisting of an API and a database for each group of users. So for the sake of this example let’s say we have three docker containers A, B and C and three users for every container (A1, A2, A3, B1, B2, …). Each of these users should only have access to their corresponding API. So e.g. user B1 can only read/write with API B.

The APIs should be consumed with multiple SPA FrontEnd Apps. To not have to log in on each app I want to implement a SSO flow with a single authentication Server. My thought was to let the user log in with the authentication server that responds with a jwt token (access and refresh) with the unique username in the payload. So on every request to an API Gateway that routes the user to the correct API (e.g. A1 -> A), the user sends the access token. The API then makes a request to the Authentication Server to verify the correctness of the jwt. If that‘s successful the API can log in the user with the specified username (because it also has a database entry of this unique user) over a remote user backend for example. This way if the routing or anything would go wrong the access token would be verified by the Authentication Server but the user A could not be logged into API B because there‘s no user with that name in the database of API B. The remote user header could also not be tempered with because every malicious request that sets this header would be prefixed with HTTP_.

Questions

  1. Is this even a secure/feasible authentication/authorization flow?

  2. Is there any default strategy for a use case like this (oidc?)?

  3. How do I safely store access/refresh tokens? Refresh token in a httpOnly cookie and the Short lived Access Token in-Memory of the Browser with a WebWorker or with Private static fields?

  4. Any possible obvious attack vectors?

usa – US CBP APIS and COVID-19

A traveler is trying to check in online for an Austrian airlines itinerary originating in a non-Schengen country, with a change in Vienna, with the final destination being the US. The traveler resides in the US with a G-4 visa, so the immigration suspensions related to COVID-19 do not apply.

Online check-in was refused with this message:

Unfortunately, we have not received travel approval from the US authorities. Please check your entries, in particular the number of your passport.

Needless to say, the numbers of the passport and the G-4 visa have been checked and double checked, as have their expiration dates. Austrian advised that the passenger should check in at the airport.

Questions:

  • Does APIS take into account the type of visa held by a traveler when making the determination whether to return “OK to board”?
  • Is the PCR test requirement somehow enforced through APIS?

My thinking here is that, depending on the answers to these questions, it might be impossible to expect to be able to get an “OK to board” determination without showing the visa or the PCR test results to an actual person.

Access Control for REST APIs – OWASP recommendation

Lets start from the top here. Your server receives a request:

Hi server,

Can you do X for me?

– Jane

Access Control is when the server checks to see that Jane is actually allowed to do X before processing the request. Generally speaking, all apps will have some endpoints that need an access control check — maybe Jane is not allowed to delete records from the DB, or maybe Jane is not allowed to change settings of Bob’s account, etc.

OWASP’s point is that in an old-school app, when the user logs in, you might build a session info object telling you who the user is and what permissions they have, and keep that in server memory until the user logs out. Obviously that does not scale with modern cloud architectures.

The key part of that OWASP quote is (emphasis mine)

user authentication should be centralised in a Identity Provider (IdP), which issues access tokens

Take anything that your microservices need to know about the user (ie anything that you would traditionally have put in the sessionInfo object) and stuff it in a JWT, hand it to the user, and have them hand it back with each REST call. Omitting the crypto parts of a JWT, the claims you care about might be:

{
  "sub": "48",
  "name": "Jane",
  "admin": true,
  "exp": 1621004706
}

Now, by unpacking the JWT from the request, microservices have everything they need to make an access control decision; no network calls needed! Trying to delete data? Do they have Admin: true? Trying to change Bob’s settings? Are they Bob?

To make this all secure, we rely on the fact that JWTs are cryptographically signed (and sometimes encrypted, but that is optional) by the IdP. So to make this whole thing work, the only piece of info the microservice needs is the cryptographic key to verify the signature on the JWT. This is generally static, so you can stick it in config data or whatever. If the IdP is external (say you’ve integrated with Google or GithHub’s SSO service) then the JWT verification key will be an RSA public key. If your IdP is an internal component of your app, then you can simplify a bit and use a symmetric HMAC key where the IdP and the microservices all have the same “JWT secret” in their config.

search – Can modern Sharepoint use api’s to get data from external sites like Crowdicity?

I built a SP site back in “classic” days that pulled in content from Google books using a mix of Google api calls, content query web parts and calculated columns. Is it possible to replicate a similar functionality in modern Sharepoint for sites that don’t have a Graph connector – in this case Medallia’s Crowdicity? If so, how? Could it be done using the PnP modern search functionality which we already use for a lot of internal things?

DreamProxies - Cheapest USA Elite Private Proxies 100 Cheapest USA Private Proxies Buy 200 Cheap USA Private Proxies 400 Best Private Proxies Cheap 1000 USA Private Proxies 2000 USA Private Proxies 5000 Cheap USA Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive.com Proxies-free.com New Proxy Lists Every Day Proxies123.com Proxyti.com Buy Quality Private Proxies