I would like to use Stripe on Android App.
I can read docs and see samples.
I can see that samples show us that Charge should be done by 'our backend'
not by Android app.
but I had heard that client app should be possible to do payment without backend. I mean, directly to Stripe.
I saw old samples, where it was able to use Charge class from android app, but this class is not available now.
Can someone explain, what part should do Charge?
I mean, client or backend?
Its a good approach to send token to your server for charge.The only part which should done at your end is collecting the token which you'll get by stripe api.
The reason behind all this is security and memory usage.As the sever has more memory comparatively app, its good to perform all computations there.
I have been searching for a proper answer to this question, have a bit of background in front end development, but with new concepts like SaaS, PaaS, etc. want to get information from experts out there, that could help any newbie to understand what it's all about.
Say I am trying to develop eBay like an app that takes a product from a user and sells it back to the other user who needs it.
Will my app need a backend server? If so why? I am already uploading my app to Google Play Store or Apple Store.
How will the backend server like HEROKU or FIREBASE or AWS help my app?
Can I implement two different services in single app, say for eg., firebase for backend database and HEROKU for payment processing?
Thanks again for your time and information.
SaaS
Answer: SaaS stands for "Software as a Service". In layman's terms, someone developed some software and hosted it somewhere. You can use that hosted software in your software project/product as a third party service (like public API); or directly use that as individual software under some license like Firebase as mentioned.
PaaS
Answer PaaS stands for "Platform as a Service". In layman's terms, someone configured some hardware and exposed the hardware controls via some web based application or REST APIs. You can use that hardware to deploy/run/manage your application without having the actual hardware on premises.
Backend Server
Answer First of all, let me explain the server. The server is a middle-man who serves whatever is requested of it, and all browsers/mobile apps act as client. So for example, the web is all about client-server communication.
So taking the example you mentioned, an eBay-like app takes a product from a user (client action) and puts it on the server (client requests in background for server to put product on server). Then another user opens the app (client action) and searches for the product (mobile client requests server to return that product, if valid and matching search criteria), and then he can buy it (mobile client will request server to complete the purchase).
You have to understand that for any communication between web application, mobile application or desktop application, there will always be a server. Even in file sharing applications like shareit, one mobile app works as server and same mobile app elsewhere works as client.
Yes, backend servers like Heroku or Firebase or AWS will help your app to complete your application business flow.
Yes, you can implement two different services in single app, say for example, Firebase for backend database and Heroku for payment processing or hosting your application/APIs.
Unless you are experienced with building distributed applications that can persist data across multiple nodes in a consistent manner, and ensure data available, I'd say you most definitely need some kind of backend. Unless of course you only plan to have user-to-user transactions, that can rely on direct messaging between client applications - which seems pretty pointless and quite far from the requirements of an EBAY-like product.
In terms of the architecture, you can follow many different approaches, but in most of them you will require some sort of data access layer. I'd recommend looking into the three-tier software design pattern (https://en.wikipedia.org/wiki/Multitier_architecture) to better understand the way this type of software product is typically designed.
After sorting out which type of data persistence you prefer, you'll need to setup the backend where your mobile app will connect to retrieve the data from (things like products being sold, user profiles and ratings, your own history). Of course you could also connect directly to the database from the app, but that would be a big mistake - it would meaning making the DB access publicly available, and thus exposed to attack, not to mention that you would be hard-pressed to find a solution for user registration and authentication, which would have to be provided by other means anyway. Typically your backend will also manage user registration and authorisation.
Heroku, Firebase and AWS are all very different, each with their strengths and weaknesses, but there's nothing like trying them out to see what fits best. What you refer to as "Google Server" and "Apple Server" sounds like a misconception, and you probably mean the Google Play Store and the Apple Store. These are not applicational servers that you can use as a backend, and serve only as a repository for your mobile app from where users can download it, and nothing else.
Without some sort of backend mechanism, the challenge of making data available for the consumption of multiple users would be overwhelming.
I know this isn't a very specific answer, but your question is quite broad-reaching, and it seems you need to look into some basic fundaments of software engineering before going into more detail.
I have experience handling with database and web services such an API.
Now, my idea is to have some images stored on the server and in-app the user can list/view all of them and then choose one to customize.
After some research on the subject I found that one of the best approach is to have the files itself served as static content using an HTTP server and an API to serve all the remaining information including the static URL to the image.
I'm thinking of using Node.js for the backend and a database such mongoDB.
As this solution may seem good in a web-only environment and I'm not sure if it is on a mobile one.
So my question is: is this a good approach for a mobile + backend solution or there is something else I could try related to the protocol + architecture design for the communications between the client and server.
For my app I'm using Node.js for the backend as well since it's
fast
ideal for data-heavy websites and apps
useful to build APIs
You are on the right way, but if you just want to serve images or data you can also check Firebase which is provided by Google. There are much more you can do with it.
Check this https://firebase.google.com/
It's free. So you don't need to pay for a virtual server, but it's limited.
See also this https://firebase.google.com/pricing/
I am new to backend development and security. I have a LAMP stack setup on AWS and have a Android application with can POST and GET messages to this server. I want to now make the server more secure.
Currently I have no security in place and have no idea where to start. I tried implementing SSL with Apache but didn't have much luck.
Any links to tutorials or reading or any other help will be appreciated.
The first place to get started would be to ensure you are following the best practices for AWS: https://aws.amazon.com/articles/1233
Besides those on the list, setting up your firewall rules as tightly as possible, running something like fail2ban to prevent constant login attempts, running Apache in a chroot jail, and other things like that are all good places to start. Security is a never-ending process.
Setting up SSL (TLS) for your web service is an excellent idea and will prevent anybody from snooping the data going between your app users and your service. Getting SSL up and running can be a bit daunting your first time, but I would suggest starting with the Apache documentation http://httpd.apache.org/docs/2.4/ssl/ssl_howto.html and talking with the representative at the company you purchased your SSL certification to explain everything they provide you. If you don't understand the basics of TLS, the Wikipedia article isn't a bad place to get a nice overview.
I have a MVC application that I would like to port at least a small part of it to a mobile app (android first). My first objective was to try to figure out how to authenticate the users.
It seems that forms based authentication uses cookies and that is not usable by mobile apps? Definitive confirmation would be appreciated.
But it seemed that you could do some form of authentication using a WCF service to create a token. Now I found a lot of sites that discussed how to create and secure the service end point but none really discussed the token generation.
Then quite by accident I stumbled upon WIF and the usersecuritytoken, which seems to what I am looking to accomplish.
So if some could please confirm this is where I need to be looking so I can actually get back to coding rather than reading I would appreciate it.
The way I see this working is:
Secure WCF service.
Using the System.IdentityModel it generates a token for a valid user and passes it back to the mobile app.
Then the app passes the token along anytime a service requiring privilege is called. For example updating the user's profile.
Is that how it is suppose to work? If not could you please point me to an example of how it is suppose to work.
One other question, looking at the WIF site it seems to provide a lot of token types, what is the preferred type for android and iOS?
UPDATE As it was pointed out it would be helpful if I provided more context.
The original website is a MVC3 web app.
I am attempting to write an app for some of the backend administration features using mono touch.
WCF seems to be a bad solution for cross platform and a package called ServiceStack is what I am now leaning towards for my web services. ServiceStack has its own authentication module but it does not interface with the .net membershipprovider which is an issue since the web app was designed with the membership provider.
I have to be overthinking this. It can't be this complicated to have an android or iphone app securely authenticate to a .net membership provider through some form of web service.
Thank you in advance,
Chris