Skip to main content

FreeAgent Geckoboard widgets....its a trust thing

So I've been looking at how simple it would be to get Geckoboard widgets up and running to visualise your FreeAgent data....and the answer is, pretty easy really. The idea I had was for a text widget to display your due invoices. The FA api is pretty comprehensive and this data is available via REST as XML - authentication is http basic using your FA username and password.

I created a new FA widget user for my account and assigned it permissions up to the Invoicing Level - this protects my more sensitive data. Wrap all this up in a Google-AppEngine (GAE) app and there you have it - your FA pending invoices....

In glorious public view....oh dear

Ok, no problem - we use the Geckoboard ApiKey to secure it so that only requests with the correct ApiKey (that we set in the widget configuration) will be allowed access to the feed. Or rather I use my Apikey - it works in my GAE app as I can hard code the apikey check into it...this app instance cannot be used to provide FA data for your account as it means sharing your ApiKey with me...hhmmm - as trustworthy as I am and with a lock down FA user it's still too unsecure for my GAE widget to provide your FA data. I could generate and share a unique ApiKey for your widget but that's not what I want - I don't want to have to administer this in any form!

Furthermore - my GAE app would also need your FA widget user credentials to be able to make the FA api call to grab the data - you don't want to provide this on the url as querystring params and it can't be POSTed from your Geckoboard widget. Ideally you would tell me them - I would store them and use them when your widget called for the data - not something I want to do/offer from my what was once simple FA widget data feed!

So this problem makes something like GeckoboardApps make a hell of a lot of sense. They already have the ApiKey problem licked with a random key and feed url and I suspect storing any credentials securely is also part of the package! Nice...

Comments

Popular posts from this blog

Walk-Thru: Using Wolfpack to automatically deploy and smoke test your system

First, some history... The advent of NuGet has revolutionised many many aspects of the .Net ecosystem; MyGet, Chocolatey & OctopusDeploy to name a few solutions building upon its success bring even more features to the table. I also spotted that NuGet could solve a problem I was having with my OSS System Monitoring software Wolfpack ; essentially this is a core application framework that uses plugins for extension ( Wolfpack Contrib ) but how to unify, standardise and streamline how these plugins are made available? NuGet to the rescue again - I wrapped the NuGet infrastructure (I deem NuGet to be so ubiquitous and stable that is has transcended into the software "infrastrucuture" hall of fame) with a new OSS project called Sidewinder . Sidewinder allows me to wrap all my little extension and plugins in NuGet packages and deploy them directly from the Wolfpack application - it even allows me to issue a new version of Wolfpack and have Wolfpack update itself, sweet huh

Configuration in .Net 2.0

11-Dec-2007 Update I've updated this post to fix the broken images and replaced them with inline text for the example xml and accompanying C# code. This post has been by far the most hit on this blog and along with the comments about the missing images I thought it was time to update it! Whilst recreating the examples below I zipped up the working source code and xml file and loaded this onto my Project Distributor site - please download it to get a full working custom configuration to play with! Just click on the CustomConfigExampleSource link on the right hand side, then the "Source" link to get the zip. We are in the process of converting our codebase to .Net 2.0. We've used Enterprise Library to great effect so decided that we should continue with this in the form of the Jan 2006 release which targets 2.0 and I've got the job of porting our Logging, Data Access etc wrappers to EntLib 2.0. ...And so far so good - the EntLib docs aren't bad and the migrati

Castle/Windsor schema enables Visual Studio intellisense

There has been a lot of noise recently about Inversion of Control (IoC) with .Net recently (stop sniggering at the back java guys!).... I've been using IoC via the Spring.NET framework for over 2 years now - it's a completely different approach to coding and once you get your head around it everything just falls into place and development is a real joy again. As I mention, Spring.NET is my framework of choice but a recent change in employer has seen me bump up against Castle/Windsor . First impressions are that I like it - it's not as powerful or feature rich as Spring but that's not always a bad thing! The one thing I did miss though was Visual Studio intellisense when editing the configurations - Spring has an online schema that can be associated with a Spring configuration. This got me thinking - if the VS intellisense can be hooked into that easily why not create one for Windsor configuration? So I did...you can download it from my new google code site here . Remem