Our friends at SpiceMyLogo produced a new video tutorial for Facebook Voicetag. Its a step by step walk through the application features along with a staged role play illustrating every day use of the app. Take a look at it and post your comments on other use cases that we should put on video:
Wednesday, November 26, 2008
Monday, November 17, 2008
Writing a Quick and Worthy Mobility Mashup
While working on the registration forms for our Open ID service (openid.ringful.com), we wanted to implement a process that prevents malicious bulk registrations. A captcha widget was one option, but we didn't like it much, because it does not prevent people with time (or mechanical turks) to register many accounts. Captcha is also difficult for legitimate users. Sometimes it takes several retries to guess what's on a captcha image.
After a little brainstorming we decided to implement a simpe alternative, which is straightforward to implement and is also easy on the end user. The idea is to use a person's phone as a way to prove identity. A web wigdet would ask the user to enter their phone number and choose whether they prefer a text message or a voice call to deliver a secret code that the user will then enter on the registration form. The widget could be used not only for registration, but also for two factor authentication on login. The user has to know the password and has have the physical phone handy at the time of login.
We called the new service Ringful ID Check. It is now available for public use at http://idcheck.ringful.com. A demo web widget is available for instant trial.
As we will see the demo widget is a simple mash up of Web 2.0 AJAX code, a small python script and the Ringful REST API. We will walk through the steps it took to build it. The end result is shown below:
Here is the outline of the process:
Now let's look into detail at each of the steps.
It takes a few easy steps to obtain a Ringful Developer account.
Start by registering a Ringful user account at http://openid.ringful.com.
Next, go to the ringful Developer Zone site http://devzone.ringful.com. It is accessible from a link at the top of the home page:
Once at the DevZone home page, click on Login. This will take you to our single sign-on Open ID server. After successful login, you will be redirected back to the dev zone site. Now you should see your newly created Dev Zone account. It would look like this:
You will notice a complimentary $5 is added to your account. This is our gesture to you during the open Beta testing period. Thank you for joining!
There is some important information on your Developer Account page that you should understand well in order to use the API properly. In particular the following three items are crucial:
There are many ways to host a web widget, but Google App Engine is probably one of the least expensive (FREE) and easiest to get going for many web developers.
We will just point out to the GAE home page, which has great instructions how to setup an account and get started: http://code.google.com/appengine/.
We need to have a server side script with the following functions:
Since the focus of this article is on using the Ringful RESTful APIs in your apps, we will skip steps 1,2 and 4 and only go into detail on step 3. The following code implements step 3. Its commented richly and is hopefully straightforward to understand. The main function is deliverCode(). The other function invokeRemote() offers a generic way to invoke Ringful API methods.
import time
import logging
import hashlib
from google.appengine.api import urlfetch
# The following values are just examples.
# You will obtain the actual values for your application from your Ringful Dev Zone account page.
APP_KEY = "746b1d1214b5c6c40198c73825dea3e34c2fcdf8"
APP_SIG_KEY = "**************************"
def deliverCode(callee):
'''
Generates a 5 digit code and send it to user's phone
'''
pass_code = str(random.randint(10000, 99999))
params = {
"callee": callee,
"code": pass_code
}
resp = invokeRemote("idcheck", params)
if resp.status_code == 200:
# the generated code is sent to the phone.We keep a copy in the session
self.session['verificationCode'] = code
# we expect the user to receive the code and enter it in the web widget.
# It should match the value generated on the server
else:
# for some reason the idcheck API invokation failed
setFlashMessage("Server error. Please try again later.")
# show a user friendly text message in the web widget
return resp
def invokeRemote(apiMethod, params={}, body=None):
'''
Invokes a remote Ringful API method and returns the method HTTP response
'''
params['seq'] = long(time.time()*1000) # sys time in micorseconds
param_str = urllib.urlencode(params)
# calculate signature parameter for the API invocation
sig = hashlib.sha1(param_str + APP_SIG_KEY)
sig_str = hash.hexdigest()
# construct full HTTP GET URL
url = "http://devzone.ringful.com/%s/apikey/%s?%s&sig=%s" % (apiMethod, app_key, param_str, sig_str)
httpMethod = urlfetch.GET
headers = {}
logging.debug("Invoking Remote: %s" % url)
resp = urlfetch.fetch(url, body, httpMethod, headers)
if resp.status_code != 200:
if 'X-RingfulErrMessage' in resp.headers:
# Ringful provides info on API invocation problems in a response header
resp_err_msg = resp.headers['X-RingfulErrMessage']
else:
resp_err_msg = '(None)' # it is possible that the problem was outside Ringful. For example network connectivity issues.
err_msg = 'Error invoking %s API. [URL: %s] , Error [code: %d], [message: %s]' % (apiMethod, url, resp.status_code, resp_err_msg)
logging.warning(err_msg)
return resp
We hope the code above illustrates clearly how to write mobility mashups with the Ringful API. You should be now able to write your own mashups. We would love to hear about your work.
Feel free to post any questions or comments to this article. If you prefer private email communication, please send messages to support at ringful.com.
After a little brainstorming we decided to implement a simpe alternative, which is straightforward to implement and is also easy on the end user. The idea is to use a person's phone as a way to prove identity. A web wigdet would ask the user to enter their phone number and choose whether they prefer a text message or a voice call to deliver a secret code that the user will then enter on the registration form. The widget could be used not only for registration, but also for two factor authentication on login. The user has to know the password and has have the physical phone handy at the time of login.We called the new service Ringful ID Check. It is now available for public use at http://idcheck.ringful.com. A demo web widget is available for instant trial.
As we will see the demo widget is a simple mash up of Web 2.0 AJAX code, a small python script and the Ringful REST API. We will walk through the steps it took to build it. The end result is shown below:
Here is the outline of the process:
- Obtain Ringful Application Developer account
- Obtain Google App Engine account
- Write a Python script to serve the ID Check widget
- Write an HTML web form with a little AJAX code for coolness
- Wire the python code with the Ringful idcheck API.
Now let's look into detail at each of the steps.
Obtaining Ringful Application Developer account
It takes a few easy steps to obtain a Ringful Developer account.
Start by registering a Ringful user account at http://openid.ringful.com.
Next, go to the ringful Developer Zone site http://devzone.ringful.com. It is accessible from a link at the top of the home page:
You will notice a complimentary $5 is added to your account. This is our gesture to you during the open Beta testing period. Thank you for joining!
There is some important information on your Developer Account page that you should understand well in order to use the API properly. In particular the following three items are crucial:
- Application Key is a hexadecimal string which uniquely identifies your application developer account. You will need it in each invocation to the ringful API. All calls will start with this prefix: http://devzone.ringful.com/
/apikey/ 1234, where 1234 will be replaced with your actual application key. - Signature Key is a very important hexadecimal string that you should keep to yourself and possibly a small circle of trusted developers on your team. Anyone who has this key will be able to use the Ringful API on your behalf... And you will pay the bill. This key is used to sign each API invocation. It is the last parameter on a HTTP GET URL and is an sha1 function of the query string without the sig parameter. For example in:
http://devzone.ringful.com/SomeAPIMethod/apikey/1234?param1=abcd¶m2=efgh&seq=67&sig=26a4bc369fc884e29f43d2075d7199a853cb8a5c
The signature is calculated as follows sig=26a4bc369fc884e29f43d2075d7199a853cb8a5c=hexadec(sha1('param1=abcd¶m2=efgh&seq=67' + signature_key))
To be more specific, the server executes signature verification code algorithmically equivalent to the following python snippet:
sig = http_request.get('sig')
qs = http_request.query_string
unsigned_qs = qs.split('&sig',1)[0]
hash = hashlib.sha1(unsigned_qs + signature_key)
hashstr = hash.hexdigest()
if hashstr != sig:
logging.debug("Invalid signature parameter. API request rejected.")
Notice that the sig parameter is expected to be the last one in the HTTP GET URL.
The signature is calculated as follows sig=26a4bc369fc884e29f43d2075d7199a853cb8a5c=hexadec(sha1('param1=abcd¶m2=efgh&seq=67' + signature_key))
To be more specific, the server executes signature verification code algorithmically equivalent to the following python snippet:
sig = http_request.get('sig')
qs = http_request.query_string
unsigned_qs = qs.split('&sig',1)[0]
hash = hashlib.sha1(unsigned_qs + signature_key)
hashstr = hash.hexdigest()
if hashstr != sig:
logging.debug("Invalid signature parameter. API request rejected.")
Notice that the sig parameter is expected to be the last one in the HTTP GET URL.
- seq is is a monotonously increasing positive integer that should be included in each API request. It is your responsibility to ensure that each consequitive API call from your application has a new seq value that is greater than any previous value. The recommendet way to implement a seq value generator is to use system time with microseconds granularity.
There rest of the information on your Ringful DevZone home page is self explanatory. In case you have any questions, feel free to send them to support at ringful.com.
Obtaining Google App Engine Account
There are many ways to host a web widget, but Google App Engine is probably one of the least expensive (FREE) and easiest to get going for many web developers.
We will just point out to the GAE home page, which has great instructions how to setup an account and get started: http://code.google.com/appengine/.
Writing the server side script
We need to have a server side script with the following functions:
- Host the HTML and JavaScript code for the web widget
- Process form post from the widget with user phone number and kind of pass code delivery
- Generate pass code and deliver it to user phone by invoking Ringful idcheck method via HTTP GET
- Take pass code input from user and verify whether it matches the pass code sent to phone
Since the focus of this article is on using the Ringful RESTful APIs in your apps, we will skip steps 1,2 and 4 and only go into detail on step 3. The following code implements step 3. Its commented richly and is hopefully straightforward to understand. The main function is deliverCode(). The other function invokeRemote() offers a generic way to invoke Ringful API methods.
import time
import logging
import hashlib
from google.appengine.api import urlfetch
# The following values are just examples.
# You will obtain the actual values for your application from your Ringful Dev Zone account page.
APP_KEY = "746b1d1214b5c6c40198c73825dea3e34c2fcdf8"
APP_SIG_KEY = "**************************"
def deliverCode(callee):
'''
Generates a 5 digit code and send it to user's phone
'''
pass_code = str(random.randint(10000, 99999))
params = {
"callee": callee,
"code": pass_code
}
resp = invokeRemote("idcheck", params)
if resp.status_code == 200:
# the generated code is sent to the phone.We keep a copy in the session
self.session['verificationCode'] = code
# we expect the user to receive the code and enter it in the web widget.
# It should match the value generated on the server
else:
# for some reason the idcheck API invokation failed
setFlashMessage("Server error. Please try again later.")
# show a user friendly text message in the web widget
return resp
def invokeRemote(apiMethod, params={}, body=None):
'''
Invokes a remote Ringful API method and returns the method HTTP response
'''
params['seq'] = long(time.time()*1000) # sys time in micorseconds
param_str = urllib.urlencode(params)
# calculate signature parameter for the API invocation
sig = hashlib.sha1(param_str + APP_SIG_KEY)
sig_str = hash.hexdigest()
# construct full HTTP GET URL
url = "http://devzone.ringful.com/%s/apikey/%s?%s&sig=%s" % (apiMethod, app_key, param_str, sig_str)
httpMethod = urlfetch.GET
headers = {}
logging.debug("Invoking Remote: %s" % url)
resp = urlfetch.fetch(url, body, httpMethod, headers)
if resp.status_code != 200:
if 'X-RingfulErrMessage' in resp.headers:
# Ringful provides info on API invocation problems in a response header
resp_err_msg = resp.headers['X-RingfulErrMessage']
else:
resp_err_msg = '(None)' # it is possible that the problem was outside Ringful. For example network connectivity issues.
err_msg = 'Error invoking %s API. [URL: %s] , Error [code: %d], [message: %s]' % (apiMethod, url, resp.status_code, resp_err_msg)
logging.warning(err_msg)
return resp
We hope the code above illustrates clearly how to write mobility mashups with the Ringful API. You should be now able to write your own mashups. We would love to hear about your work.
Feel free to post any questions or comments to this article. If you prefer private email communication, please send messages to support at ringful.com.
Saturday, October 11, 2008
Three conferences next week
Next week is a busy week for the Ringful team.
On Tuesday, we are invited to attend the annual Seed Stage Forum hosted by the Austin Technology Incubator and University of Texas at Austin. We will have a table in that event to meet investors and showcase some of our cool voice / facebook / iPhone mashup applications. We are not pitching for money at this time. But we are very much interested in meeting potential advisors, investors, clients, or anyone interested in this general space. Hope we will make some good connections there!
On Thursday, I will sit on Raven Zachary's iPhone panel at the InnoTech conference. We will be discussing the marketing opportunity for iPhone applications -- both the native SDK apps and web apps. You would not want to miss that if you are interested in the iPhone!
Then, on Wednesday and Thursday, the Ringful team will participate in the Texas Wireless Summit (TWS). The TWS is one of the premium conferences on the future of the wireless technology. It features speakers such as the CTO of AT&T, President of Nokia, and CTO of Ericsson North America etc. I am excited to meeting cool people and hear the vision from industry heavy weights.
If you are attending any of these events, let's hook up. You can get hold of me by leaving a comment or emailing me at michael AT ringful DOT com.
Saturday, October 4, 2008
Obama's iPhone app is an excellent mobility mashup
The Obama campaign released an official iPhone application last week. The application is developed by a team of developers led by Raven Zachary. It has a chokeful of useful features for Obama fans. But what caught my eye is the way the app mashs up voice calls with web and social features.
At the bottom of the app's start page, there is a small "donate" button. When you click on it, it actually makes a phone call to connect you to an operator to make the donation. That really leverages the voice infrastructure the campaign already built, and beat the typical enter-your-credit-card-number approach by a large margin.
Then, another cool feature is that the app organize your contacts in the address book into a priority list with "battle ground state" residents listed at the top. It even encourages you to call those friends by keeping track of the calls you made, and compare you against other people! (Well, guess I do not know many people in battle ground states!)
Of course, none of those features are revolutionary on its own. But they really show how voice mashup can improve user experience. I'd like to see many more iPhone applications utilizing the voice features! It is a "phone" after all!
Friday, October 3, 2008
What is mobility mashup
Welcome to the Mobility Mashup blog! This is the team blog from technologists at Ringful.com. We are primarly interested in mashing up mobile services with SaaS and social media applications. Why do you need to mashup mobile services with those existing services? Well, a couple of scenarios we have in mind include:
1. Enable interactive voice and messaging features in CRM, project management, enterprise IT, and e-commerce applications. That is a huge and under-served market, espcially for small businesses.
2. Help businesses, community leaders, or artists keep in touch with consumers / fans via mobile voice and messaging apps. It is not only a more personal way to engage consumers but also enables consumers to react right there on the phone.
3. Help social media users to have richer interactions via instant group calls or interactive messages boardcasted to mobile phones. It could multiple the effectiveness of social media apps.
4. Enable rich mobile apps or mobile web apps to support multi-party phone conversations, and voice / SMS messaging, from inside the app. Voice is the killer app on mobile. With mobility mashup, developers can continue to take advantage of this important feature in
applications.
At Ringful, we are building many of those applications. But more importantly, we are building a RESTful mashup platform that drastically simplifies telco application development. It lets any small business to create their own mobility mashup solutions.
Stay tuned!
Michael
Subscribe to:
Posts (Atom)
