I am creating an app with appengine to manage datastore queries from my Android application.
I want certain parts of the appengine app to be executed only if the request comes from my Android application.
For example, if I want to create a new user, I create a POST request from my Android application and this POST is executed in my appengine app, creating a new entity in the datastore. I don't want people to create a form in a webpage and call the same POST request to create users outside the Android app.
What's the best solution for this?
You could give your app a key that has to be passed to the server to post.
Another approach would be to send a challenge from your server to your client at the beginning of protocole communication and then see if the client can find the solution. A typical challenge like this uses asymetric keys.
Related
I want to connect my Android App to the back-end. The aim of the project is to filter spam messages. So the app receives SMSs and then should forward it to server for spam filtering which uses machine learning. Now, the thing is we have a python program for machine learning but I don't know how to connect these two things - the Android app and the python program. Need guidance on how the app can send data(sms) and receive response(whether spam of not) to and from the server-side.
A common approach is to connect your client with a web backend that offers a web API (might be a REST API).
Here is a short overview over this topic: https://www.webiotic.com/api-for-mobile-apps/
What you need is a web server which can receive web calls and send back information. A web server in this sense is just a program which listens to incoming HTTP calls.
In your case, this might look like this:
The server is programmed to listen to web calls with the HTTP method POST on the route /checkMessage
It expects the message data in a certain format
For example in JSON with this content: {"message":"Your actual SMS message"}
the server checks its database or triggers a ML job
server returns a result in a specified format. For example this JSON: {"isSpam":true}
Your app then needs to send a POST call to https://www.[YOUR_URL]/checkMessage with the specified data and wait for a response
There are libraries for android which help you with that like Retrofit or OKHttp
As for which technology to use: It's up to you. You can create a web backend in pretty much every language. In your case, you should check out which Python libraries are available to listen to HTTP connections.
Keep in mind that if your app can publicly access your backend, then everybody else can as well. You will want to add some kind of authentication as well.
I am currently developing a server for android social network app. I am using Django and I need to add a real-time chat to it. I decided to use django-channels, but I am not sure how to use auth tokens coming to the server from the android to make the authentication in chat. Also, will django-channels even work properly in this situation or should I consider something else?
I would start be reading the following section of the Django channels documentation:
http://channels.readthedocs.io/en/stable/getting-started.html#authentication
As you can see you can use the session key from either the cookie, or from a GET parameter.
There are several decorators available to your web socket methods to retrieve session information.
These are:
#channel_session_user_from_http
#channel_session_user
#http_session
#http_session_user
etc...
By using these you can retrieve current user and other session details.
if you are going to use django-channels check this blog they wrote some decorators that do what channels sessions decorators(like those in #turbotux answer) do but for JWT.
I'm very new to this subject.
I try to build an application server that will interact with clients using Android.
Just before I dive into this field and learn everything, I want to know if there is a proof the design will work.
I build on the fact that the server I want to build can function as well as a client.
For example If a user ask the application server for some data, that my server can POST as a client to another server to get the data to be processed and then handed to the user. Can this work?
again, sorry this is very basic, but I didn't find the specific answer to this and I wanted to make sure I'm not building something "in the air".
All the things you want to do are achievable. It is no problem to let the server make requests to another API to provide the answers back to the client if you want to do sth like this:
Client:
myServer.getWeatherData();
MyServer
public List<WeatherData> getWeatherData() {
//call to local weather station api
}
I have created an AppEngine connected Android application, and I'm trying to modify it to be able to store some user data on the server. I do not know what's the easiest way to do so, because I want it to be as simple as possible. I just want to store some basic data for every user. This data is: Name, Email, and some other Strings. I have created a form in the android side which will allow the user to type all the requested data, but I do not know how to send this information to the GAE server and store it in the datastore. I guess I will have to use a Servlet and some kind of RPC service to call the methods. I'm really lost because it is my first time doing this. I'm not experienced neither in android nor in web apps. I hope you can help me.
Update
Well, maybe I did not explain myself well. The system I've been asked to build consists on a web service that store your personal login credentials for most common sites (facebook, gmail, etc). Using a chrome extension, you ask the server for the credentials on the website you are navigating, and then the server asks to your phone for authorization. It will ask (do you give me permission to send your credentials to "some user"), and you have to ansewer yes or no and then the server will act in consequence. The point is that you have to store your credentials in the server in some way, maybe from the android app (which is what I was trying) or from somewhere else. I will also need authentication.
Pd: I use java for the server side.
Since you already started with AppEngine connected Android application, it makes sense to continue customizing it: App Engine Data Access: Adding Entities and RPC.
Update:
There are of course many ways to exchange data between client and server. The most simple would be a servlet handling GET and POST requests with some query parameters.
Also, most popoular lately is REST:
Android REST client: http://appfulcrum.com/2010/08/20/android-how-to-call-rest-service-using-asynctask/ (try using GSON instead to parse JSON)
Server: use a REST framework. My personal choice is RESTEasy. An example: http://ankiewsky.blogspot.com/2010/08/resteasy-on-googleappengine-corerest.html
Update 2:
The simplest possible way - making/handlin a simple POST request:
Android client - making POST request with parameters: http://www.androidsnippets.com/executing-a-http-post-request-with-httpclient
Server handling POST (or GET) and extracting parameters: http://www.exampledepot.com/egs/javax.servlet/GetReqParam.html
Find and follow thoroughly the Topic Index on this page. Gud luck
I'm trying to get json data from a django view (login required)
into a new android app I'm working on.
I would like to authenticate the user against the django login
and keep the cookie/session for all the django view calls to
get data from the server.
I did some googling but nothing helped me,
even if I guess it should be a quite common task.
Maybe I'm facing the problem from a wrong point of view..
So I'll switch the question to:
how can I do some user authenticated json request/response to a django server?
Any clue?
You have to do as the website expects, and you need to persist the session cookie.
What I did is using XML-RPC to do all the transfers.
Not exactly sure if it's the best way, considering django's xml-rpc support is some kind of a hack.
Here's a very detailed XML-RPC handler for django:
https://code.djangoproject.com/wiki/XML-RPC
then, setup ur client end on android.
When communication is okay. Start writing server end API.
from django.contrib.auth import authenticate
and use this function to do authentication.
Then for sessionId stuff, you need to go to backend db to manually do them: https://docs.djangoproject.com/en/dev/topics/http/sessions/
as u can see, this is why I don't think it's the best way. You can't send httprequest, hence most django build-in functions doesn't work.