The First RichCoin Bank of Santa Barbara CS290B – Spring 2014 Hiranya – Alex – Chris – Emre - Stratos.

Slides:

Advertisements

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Advertisements

Running Your Startup on Amazon Web Services Alex Iskold Founder/CEO AdaptiveBlue Feature Writer ReadWriteWeb.

Login to Top Hat Password Log In Need a Top hat Account – sign up here. I forgot my password You must log in first Display error Messages here.

Welcome to EXPRESS Your Online Enrollment Tool Guided Tour Please use the Navigation Buttons at the bottom of each screen to proceed through the tour and.

Using the Self Service BMC Helpdesk

Profile Support Team Setting Up Your User Account on Profile e-portfolio Click to progress through this tutorial.

Five Steps in 5 Minutes Close deals faster, more easily, more often! 1.Start a Quote: Input deal amounts and review the available lease options 2.Create.

Recruitment Booster.

FI-WARE Testbed Access Control temporary solution.

OAuth 2.0 By “PJ” (JP on meetup.com) iOS and PHP developer, and occasional lawyer Contact me via:

- RichCoin Bank - Changes You Should Know About Hiranya – Alex – Stratos – Emre - Chris.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Introduction to Online Data Collection (OLDC) Community Based Abstinence Education September, 2009.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

WebGoat & WebScarab “What is computer security for $1000 Alex?”

ASP.NET Programming with C# and SQL Server First Edition Chapter 8 Manipulating SQL Server Databases with ASP.NET.

Getting Started with Pearson Mastering products This presentation is designed to help you get started with any of the following Pearson online technologies:

How to get your free Windows Store Access

Service Broker Lesson 11. Skills Matrix Service Broker Service Broker, provides a solution to common problems with message delivery and consistency that.

Setting up in Outlook Express. Select “Tools” from the toolbar menu.

Individual User Logins

Google App Engine Google APIs OAuth Facebook Graph API

Amazon EC2 Quick Start adapted from EC2_GetStarted.html.

Google App Engine Danail Alexiev Technical Trainer SoftAcad.bg.

Public Key Encryption An example of how a bank might accomplish encryption.

Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.

TAM STE Series 2008 © 2008 IBM Corporation WebSEAL SSO, Session 108/2008 TAM STE Series WebSEAL SSO, Session 1 Presented by: Andrew Quap.

1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.

Electronically approve and create Suppliers in Oracle Financials using a combination of APEX and Oracle Workflow. NZOUG Conference 2010 Brad Sayer Team.

PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

AQS Web Quick Reference Guide Changing Raw Data Values Using Maintenance 1. From Main Menu, click Maintenance, Sample Values, Raw Data 2. Enter monitor.

Google Cloud Messaging for Android (GCM) is a free service that helps developers send data from servers to their Android.

Getting Started with:. Registering for Pearson MasteringNutrition is easy! Go to the home page to get started

How KeePass password safe can save you time and energy

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

1 OPOL Training (OrderPro Online) Prepared by Christina Van Metre Independent Educational Consultant CTO, Business Development Team © Training Version.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP Library Encryption - LTO4 Key.

Support Training Module. Support Manual 1.“On The Lot” – How it all works… 2.Craigslist Settings 3.Post to Craigslist 4.Backpage Settings 5.Post to Backpage.

Chapter 6 Server-side Programming: Java Servlets

Diagnostic Pathfinder for Instructors. Diagnostic Pathfinder Local File vs. Database Normal operations Expert operations Admin operations.

Guidelines for ENSCONET partners in the use of the e-forum.

Getting Started with OPC.NET OPC.NET Software Client Interface Client Base Server Base OPC Wrapper OPC COM Server Server Interface WCF Alternate.

MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.

Using LastPass. Great password management is impossible w/o a great tool Auto-fill (hands-free login) will save you approximately one hour per month You.

Controlling Web Site Access Using Logins CS 320. Basic Approach HTML form a php page that collects the username and password  Sends them to second PHP.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

1 © Donald F. Ferguson, All rights reserved.Modern Internet Service Oriented Application Development – Lecture 2: REST Details and Patterns Some.

1 Objectives Discuss File Services in Windows Server 2008 Install the Distributed File System in Windows Server 2008 Discuss and create shared file resources.

Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.

COOKIES AND SESSIONS.

© 2015 Eaton. All Rights Reserved.. Supplier Registration and Access.

Online Self Enrollment & Statement Access UCM Business Procurement Card (BPC) Bank of America Merrill Lynch.

Interstage BPM v11.2 1Copyright © 2010 FUJITSU LIMITED INTEGRATION.

FHA Training Module 1 This document reflects current policy related to this topic. Its content is approved for use in all external and internal FHA-related.

U.S. Department of Agriculture eGovernment Program eAuthentication Initiative eAuthentication Solution Screens Review Meeting October 7, 2003.

Copyright © SkyeyTech, Inc. CRMdesk Power and elegance.

SFDC Integration Basics Gerry Winning. SFDC Starting point to hammer out your own framework Ovid back office is fully integrated with SFDC (before REST.

Getting Started with.

Project Management: Messages

Unit 7 Learning Objectives

Data Virtualization Tutorial… CORS and CIS

All about social networking

Testing REST IPA using POSTMAN

Step by step guide on IoT data synchronization using MQTT

This presentation has been prepared by Vault Intelligence Limited (“Vault") and is intended for off line demonstration, presentation and educational purposes.

Getting Started with:.

Cookies and sessions Saturday, February 23, 2019Saturday, February 23,

This presentation document has been prepared by Vault Intelligence Limited (“Vault") and is intended for off line demonstration, presentation and educational.

Presentation transcript:

The First RichCoin Bank of Santa Barbara CS290B – Spring 2014 Hiranya – Alex – Chris – Emre - Stratos

Roadmap Introduction APIs Tutorial and demo AWS for RichCoin Questions

Introduction Central storage for all the RichCoins you’re going to mine this quarter. Validates submitted coins for correctness and uniqueness. Keeps score. Accessible via a secure REST API.

System Design Web Server Database Queue Coin Validator Client (You) Client (You)

API Features Secured – OAuth 2.0 bearer token profile Throttled (Rate Limited) – Gold, Silver and Bronze tiers Separate production and sandbox environments Versioned

APIs Vault API – Mint new coins – Retrieve already minted coins Scoreboard API – Retrieve current score Admin API – Only for admins

Accessing the APIs: Step 1 Send an to Specify following details: –Group name: avengers2014 –Group members: Steve Rogers Tony Stark Bruce Banner You will get a reply back with login credentials for the RichCoin API Store.

Accessing the APIs: Step 2 Change your password… Login using the username and password sent in the . Click on “Configure” tab left to the main menu. Select “Users and Roles”. Click on “Change My Password”.

Accessing the APIs: Step 3 Register your applications… Login using your username and password. Select “My Applications”. Enter a meaningful name for the application you’re going to implement using the APIs.

Accessing the APIs: Step 4 Subscribe to the APIs… Click on each API, select the application you registered in the previous step, select a throttling tier and click “Subscribe”.

Accessing the APIs: Step 5 Obtain API keys… Select “My Subscriptions”. Make sure your application is selected in the dropdown. Click “Generate Keys”. – You can generate separate keys for production and sandbox environments.

Accessing the APIs: Step 6 At this point you are all set. Simply send your API key to the server along with all your requests. API key should be sent as a HTTP Authorization header: – Authorization: Bearer

Production & Sandbox Setups You can get separate keys to access the production and sandbox environments. APIs and their URLs are identical in the two environments. Use the sandbox environment to test your application. For the contest we will only consider the score in the production environment. Note: Sandbox environment is not backed up and your data may get lost.

Throttling/Rate Limiting The access tier you selected when subscribing to an API determines how many requests you can send to an API in a minute. – e.g. Gold tier: Allows 20 req/minute Once you exceed your per-minute quota, you will start receiving errors (503 Service Unavailable).

Vault API Minting a new coin POST a JSON payload to /vault/1.0.0 – solution: Your solution matrix encoded into a string of 1’s and 0’s (row-major form) – clientTimestamp: A UTC timestamp generated from the client machine (milliseconds since epoch) { “solution”: “ ”, “clientTimestamp”: }

Vault API: Response When you submit a new solution, you will get a unique ID back in return. Use this ID to query the status of your solution. – GET /vault/1.0.0/ { “coinId” : “1ab3jshfshns”, “ status” : 0, …. }

Scoreboard API Retrieve the current score Send a GET request /scoreboard/1.0.0 You get a JSON payload back with all the users and the number of coins they have mined – Application details available in payload for each user – Scores are sorted in descending order

API Quick Reference API CallDescription POST /vault/1.0.0Mint a new coin GET /vault/1.0.0Get all coins mined so far GET /vault/1.0.0/ Get a specific coin GET /scoreboard/1.0.0Get the current scoreboard GET /scoreboard/1.0.0/ Get the score of a specific user

Coin Status Codes CodeDescription 0Pending validation 1Coin validated successfully (Yay!) 2Coin failed to validate (Back to the mines) Every RichCoin resource you obtain from the API has a “status” attribute. You can get a coin status of “2” due to many reasons. The exact reason is sent as an error code in the “reason” field (see next slide).

Error Codes Error CodeDescription clientTimestamp was unacceptable Solution was incorrect Solution was isomorphic to an existing solution Solution was malformed Provided coin ID was invalid Database error Unexpected runtime error. Last 2 are not your fault. Send us an if you ever see them.

Common Errors/Mistakes Calling APIs without subscribing or without the API key Sending the API key in a wrong format – Must be sent in the Authorization header prefixed by the string “Bearer ” (there should be a space between “Bearer” and the API key) Getting the production and sandbox keys mixed up

Common Errors/Mistakes Invalid clientTimestamp value in the request to mint coins – Must be a UTC timestamp (Milliseconds elapsed since Unix epoch) – Make sure your clock is synchronized against some well-known time service Exceeding your throttling limit (per-minute, per-API quota)

Known Issues Location header on the response to /vault/1.0.0 is wrong. We are working on getting a more static hostname for the service endpoint. – Until then some changes may occur – Do not hardcode the hostnames to your apps yet API Console feature in API store doesn’t work. If you see any other weirdness, let us know asap.

Application Development Best Practices Log all important events and API calls. – With timestamps Keep local copies of the RichCoins mined. – Make a copy of the solution matrix before submitting to the bank “In large distributed systems, component failures are the norm rather than the exception.” – GGL03

Sample Client App We implemented an interactive tool to invoke and test the APIs – Implemented in Python – Can use as an example on how to call the API programmatically Simply add your API key to settings.yaml and fire away

AWS for RichCoin CS290B – Spring 2014 Alex Pucher

AWS for RichCoin Single account per group – Only EC2 and S3 – Limited to USD per group – Using spot instances recommended You go over, you get nuked – You’ll get a warning (maybe) – Don’t store critical data on AWS

AWS for RichCoin You’ll receive: – Group account and password – AWS creds – EC2 Key pair – S3 bucket Must use your key pair and assigned bucket – Else, access is blocked

Disclaimers Policy enforcement questionable – Message if something doesn’t work but should – Stuff may disappear DO NOT store critical data on AWS

Questions?