call a Google Spreadsheets Apps Script function from Google Sheets API v4 - android

I have a Spreadsheet with some Apps Script functions bound to it.
I also have an Android client using Google Sheets API v4 to interact with that spreadsheet.
Is there a way for the Android client to call/run some function in the Apps Script code?
The reason I need to code to be run on the Apps Script side, and not simply on the Android client, is because I'm sending some email when something happens to the doc, and I would like the email to be sent from the owner account of the spreadsheet, and not from the Android user authenticated via the API.
I know I can trigger functions implicitly like by adding rows to a doc, but is there a way to directly run a specific function?

Yes. You can make GET and POST requests to Google apps-scripts. from anywhere that can make REST type calls including clients. If you need authentication there is also the apps-script client libraries. I wrote a short script for emailing from a request from one apps-script to another here. But, it would work if you called the emailing script from your client also.

Deploy your Google Apps Script as Web Apps > reference, by this way you can run function Get(e) or Post(e) and invoke other functions inside one of them with conditions....

You might have gotten the answer to your question. Just in case you have not, below are some points that may help with your development:
1) Create the server side script (i.e., Google Apps Script) function like usual:
function myFunction(inputVar) {
// do something
return returnVar;
}
2) Create a doGet(e) or doPost(e) function like below - can be in the same .gs file with the function in 1) :
function doGet(e) {
var returnVar = "";
if (e.parameter.par1 != null) {
var inputVar = e.parameter.par1;
returnVar = myFunction(inputVar);
}
return HtmlService.createHtmlOutput(returnVar);
}
3) Publish and deploy your project as webapp. Note the deployed URL.
4) From your Android client do HTTP call with the URL as: your_webapp_url?par1="input value"

Related

mobile and web api error case in nodejs

I need to develop an API for web as well as mobile with NodeJS as backend. Since, both have common endpoints --> I was wondering how to handle error cases like for e.g. --> if there is an error and user is on web I can do res.redirect and the user will be redirected whereas if the request was from mobile then I will have to set an 'action' variable which will guide the mobile app to take the next action for e.g. ask the user to login again.
app.get('/users/musicList', function(req, res){
// check with db.
// lets say there is some error --> the API token is not valid so user needs to
// login
if (req was from web) {
res.redirect('/signin');
} else {
var result = {action : 'SIGNIN'};
res.status(200).json(result);
}
});
Is this the correct way to go ? It makes code look a bit messy. Any suggestions.
An Easy way to do this is to have two different endpoints for mobile and web. (Wait I have two more solution).But this would result in code duplication.
web: domain/route
mobile: domain/api/route
Another way is to have only api/route which uses only json. And to handle the error and routing in front end. This works if you are using front-end frameworks like angular and using AJAX requests.
Third one is to check for the client need and acting as in your question. Check this link for how to determine what client needs.
NodeJS : Validating request type (checking for JSON or HTML)

Can I execute a Google App scripts via Sheets URL?

Can't get OAuth to work, so I settled for a public spreadsheet, able to download data via URL (range/value). Struggling to get upload data via JSON embedded in POST, then I thought I saw some other approach: Is it somehow possible to write an app script that writes a value to cell and embed that data in the URL together with the request to execute the app script ?
Basically, download data via GET and upload data via GET, sounds crazy ?
Sure. You just need a function called doGet and then you can deploy the script as a web app. Here is an example.
function doGet(e) {
return ContentService.createTextOutput(JSON.stringify(e, null, 2));
}
If you then open the web app url with some parameters added to it e.g. https://script.google.com/macros/s/.../exec?a=3&b=4 you should see that those parameters are now contained in e so your script can just read them and add them to your spreadsheet.

Google Place Autocomplete on Android

I want to create an app that autocompletes a destination text box. I read this documentation about it:
Adding Place Autocomplete to your Android App
However it says that you can't use your API key internally and that you must instead access an external web service to make the autocomplete submission and return the results to your app. I then came across this:
Place Autocomplete in response to an HTTP request
This states that you can make a request with your API key as part of the URL for the HTTP request. Can you do this internally from your app or would you have to submit that HTTP request from an external web service as well? If you can just make this HTTP request from within the app, how would I go about doing this?
Try this solution:
1) Get an application's API key from the Google console.
Create Api Key
2) Use this module from GitHub to make Google Place Auto Complete. It's easy to integrate: Android GooglePlaceAutoComplete

Protecting my Google App Engine API Endpoints

I have been doing a lot of research recently on securing my app engine. Currently, I've been reading through the question below and the links in that question:
How do I restrict Google App Engine Endpoints API access to only my Android applications?
However, it doesn't answer my problem. My question is similar to the question above, restricting access to my endpoint API to only my app. The guy seemed to have got it working when he inputs a correct email into the credentials.
My question is if I can achieve the same results without having to input any credentials. I want it so that only my app can use my endpoint API so to prevent other apps from abusing it and using up my quota. I already got a client id for my android application, and have placed it within my #API annotation. To test if it worked, I made a random value for the client id in the #API notation of another api class. However, my app was still able to use methods from both class. Any help?
-Edit-
From reading from the docs and researching further, the endpoint way of authorizing apps is by authenticating the user and for my API to check if user is null. My question is that in the process of authenticating the user, is Google somehow able to read my app's SHA1 fingerprint and authorize it to its list of client ids? If so, how can I replicate this process in my endpoint so that I check the SHA1 fingerprint of the app making the request and compare it to a set value? I don't understand the mechanics behind the endpoints very well, so correct me if I am understanding this wrong.
If the android app has access, then the user has access. A motivated party has many options for inspecting your protocol, including putting the device behind transparent proxy or simply running the app through a debugger. I do suggest running your app through ProGuard before publishing, as this will make the process [a bit] more difficult.
Ultimately, you'll need to make your appengine API robust against untrusted parties. This is simply the state of the web.
How you can protect your endpoint API is described here: http://android-developers.blogspot.com/2013/01/verifying-back-end-calls-from-android.html
The secret is that you request a token from Google Play using the following scope: audience:server:client_id:9414861317621.apps.googleusercontent.com where 9414861317621.apps.googleusercontent.com is your ClientId.
Google Play will look up the id at your endpoints app and return a Google-signed JSON Web Token if it finds the id. Then you pass that id in with your request. Above article says you should pass it in with the body. I would possibly rather add another parameter for that because otherwise you can't pass your own entities anymore. Anyway, your server backend receives the token, and you ask Google as described if it is authentic, before you process the API request.
If you pass in the token using an extra parameter, you can catch it on the server side by adding HttpServletRequest to your endpoint signature and then using request.getHeader("Yourname") to read it out. Make sure you never add the parameter as a URL parameter as it may be logged somewhere.
public void endpointmethod(
// ... your own parameters here
final HttpServletRequest request
) throws ServiceException, OAuthRequestException {
request.getHeader("YourHeaderName") // read your header here, authenticate it with Google and raise OAuthRequestException if it can't be validated
On the Android side you can pass in your token when you build the endpoint api, like this, so you don't have to do it with each and every request:
Yourapiname.Builder builder = new Yourapiname.Builder(AndroidHttp.newCompatibleTransport(), getJsonFactory(), new HttpRequestInitializer() {
public void initialize(HttpRequest httpRequest) {
httpRequest.setHeader(...);
}})
Hope this helps you make your endpoints API secure. It should.

HttpAuthorizer() for Pusher

I need a private channel on Pusher in order to enable a bunch of Android clients to communication with each other. Pusher was recommended to me, although it is really complicated. I've read all the docs many times, so I'm hoping someone (Mr. Leggetter?) could give me a hand.
I've installed the Pusher Android JAR on the client and am able to subscribe to public channels that I trigger from the "Event Creator" (very neat), but in order to get the private channel working, in order to trigger events, I need this:
HttpAuthorizer authorizer = new HttpAuthorizer("http://example.com/some_auth_endpoint");
PusherOptions options = new PusherOptions().setAuthorizer(authorizer);
Pusher pusher = new Pusher( YOUR_APP_KEY, options );
According to http://pusher.com/docs/authenticating_users, the HttpAuthorizer() needs a URL that points to an app server that is going to respond with a JSON authentication token. Do I have to set up my own app server to provide authentication, like the example at https://raw.github.com/pusher/pusher-android-example/master/src/com/pusher/android/example/MainActivity.java, or can Pusher provide this? This seems like something Pusher should provide.
In the Ruby server code example for my app (why is there no Java?) I see this: Pusher.url = "http://{key}:{secret}#api.pusherapp.com/apps/{app_id}". This URL, however, does not exist. I tried it in HttpAuthorizer() and got a java.io.FileNotFoundException. (I just found the "Enable Clients Events" checkbox under Settings - checking it did not help, but I'm guessing that's an important step.)
If I have to set up my own app server for authentication, I'd like to use Java with GAE. http://pusher.com/docs/authenticating_users#implementing_private_endpoints has a Python/GAE example, but no Java, and I don't know Python. Is there a library for this? Will https://github.com/marcbaechinger/gae-java-libpusher# do the trick? It doesn't seem like it would.
token. Do I have to set up my own app server to provide authentication, like the example at https://raw.github.com/pusher/pusher-android-example/master/src/com/pusher/android/example/MainActivity.java, or can Pusher provide this?
You need to set up your own authentication server. The point in this is to allow you to authenticate subscriptions. This means you can authenticate the user in any way you see fit, against any existing or new authentication mechanism you may use e.g. user sessions (more applicable to web apps) or authentication tokens your own application may provide upon initial connection (via some username/password login to your system).
In the Ruby server code example for my app (why is there no Java?) I see this: Pusher.url = "http://{key}:{secret}#api.pusherapp.com/apps/{app_id}". This URL, however, does not exist.
There is a Java server library but Pusher don't directly maintain that. It's a community contributed one.
I'm not sure where you got the URL from. Maybe from the Web API reference, but unless you are writing your own Pusher Web API library I wouldn't expect you to be using that URL directly. There are Pusher and contributed helper libraries for that sort of thing.
If I have to set up my own app server for authentication, I'd like to use Java with GAE. http://pusher.com/docs/authenticating_users#implementing_private_endpoints has a Python/GAE example, but no Java, and I don't know Python. Is there a library for this? Will https://github.com/marcbaechinger/gae-java-libpusher# do the trick?
Yes, you need to set up your own authentication server. You could create a client-side authorizer, but that would mean exposing your app_secret in client code - which you shouldn't do.
The PusherUtil class provides a number of helper methods that you could use to add subscription authentication support to the library. But - you are right - it doesn't appear to offer this functionality.
The Pusher Play module (also Java) does appear to have an appropriate method so this could be ported. See:
https://github.com/regisbamba/Play-Pusher#generating-the-authentication-string
I don't work for Pusher any more, but I would be happy to contribute to an improved Java library.

Categories

Resources