So I've been looking at how simple it would be to get Geckoboard widgets up and running to visualise your FreeAgent data....and the answer is, pretty easy really. The idea I had was for a text widget to display your due invoices. The FA api is pretty comprehensive and this data is available via REST as XML - authentication is http basic using your FA username and password.
I created a new FA widget user for my account and assigned it permissions up to the Invoicing Level - this protects my more sensitive data. Wrap all this up in a Google-AppEngine (GAE) app and there you have it - your FA pending invoices....
In glorious public view....oh dear
Ok, no problem - we use the Geckoboard ApiKey to secure it so that only requests with the correct ApiKey (that we set in the widget configuration) will be allowed access to the feed. Or rather I use my Apikey - it works in my GAE app as I can hard code the apikey check into it...this app instance cannot be used to provide FA data for your account as it means sharing your ApiKey with me...hhmmm - as trustworthy as I am and with a lock down FA user it's still too unsecure for my GAE widget to provide your FA data. I could generate and share a unique ApiKey for your widget but that's not what I want - I don't want to have to administer this in any form!
Furthermore - my GAE app would also need your FA widget user credentials to be able to make the FA api call to grab the data - you don't want to provide this on the url as querystring params and it can't be POSTed from your Geckoboard widget. Ideally you would tell me them - I would store them and use them when your widget called for the data - not something I want to do/offer from my what was once simple FA widget data feed!
So this problem makes something like GeckoboardApps make a hell of a lot of sense. They already have the ApiKey problem licked with a random key and feed url and I suspect storing any credentials securely is also part of the package! Nice...
I created a new FA widget user for my account and assigned it permissions up to the Invoicing Level - this protects my more sensitive data. Wrap all this up in a Google-AppEngine (GAE) app and there you have it - your FA pending invoices....
In glorious public view....oh dear
Ok, no problem - we use the Geckoboard ApiKey to secure it so that only requests with the correct ApiKey (that we set in the widget configuration) will be allowed access to the feed. Or rather I use my Apikey - it works in my GAE app as I can hard code the apikey check into it...this app instance cannot be used to provide FA data for your account as it means sharing your ApiKey with me...hhmmm - as trustworthy as I am and with a lock down FA user it's still too unsecure for my GAE widget to provide your FA data. I could generate and share a unique ApiKey for your widget but that's not what I want - I don't want to have to administer this in any form!
Furthermore - my GAE app would also need your FA widget user credentials to be able to make the FA api call to grab the data - you don't want to provide this on the url as querystring params and it can't be POSTed from your Geckoboard widget. Ideally you would tell me them - I would store them and use them when your widget called for the data - not something I want to do/offer from my what was once simple FA widget data feed!
So this problem makes something like GeckoboardApps make a hell of a lot of sense. They already have the ApiKey problem licked with a random key and feed url and I suspect storing any credentials securely is also part of the package! Nice...
Comments