Explore topic-wise InterviewSolutions in .

The URL that you use in your REQUESTS must EITHER be an exact match to the OAuth Redirect URI in your application on the AT&T Developer Program website or be an extension of that value. The Redirect URI uses the following rules:

• If the redirect_uri parameter is not PRESENT in the request, then the API Gateway uses the value of the OAuth redirect URI that you provided when you created your application.
• If the redirect_uri parameter is present in the request, then this parameter value is validated to ensure that the value of the redirect_uri parameter matches the base URI that you provided when you created your application.

The URL that you use in your requests must either be an exact match to the OAuth Redirect URI in your application on the AT&T Developer Program website or be an extension of that value. The Redirect URI uses the following rules:

The two complimentary strategies that developers MAY consider when handling expired tokens are as follows:

1. Track the creation of the OAuth access token and use the refresh token at appropriate intervals, based on the OAuth access token creation time, in order to generate a new OAuth access token before the expires_in PARAMETER VALUE for the current OAuth access token has elapsed.

Capture the response with the HTTP Status CODE of 401 Unauthorized and invoke logic that retries the appropriate Get Access Token method request, as follows:

• Generate a new OAuth access token.
• Use the new OAuth access token to resubmit any previously failed method requests that failed DUE to an expired OAuth access token.

In the future, AT&T may change the default values of the expiration parameters for the OAuth access token and refresh token. So it is strongly advised that you always check the expires_in parameter value that is returned with the response to the Get Access Token method call.

The two complimentary strategies that developers may consider when handling expired tokens are as follows:

Capture the response with the HTTP Status code of 401 Unauthorized and invoke logic that retries the appropriate Get Access Token method request, as follows:

In the future, AT&T may change the default values of the expiration parameters for the OAuth access token and refresh token. So it is strongly advised that you always check the expires_in parameter value that is returned with the response to the Get Access Token method call.

The AT&T implementation is generally consistent with the OAuth 2.0 DRAFT 13 framework. However, there are SEVERAL nuances to the AT&T implementation, such as the use of COMMAS instead of spaces to delineate parameters within the scope variable.

The AT&T implementation is generally consistent with the OAuth 2.0 Draft 13 framework. However, there are several nuances to the AT&T implementation, such as the use of commas instead of spaces to delineate parameters within the scope variable.

The AT&T ARO Data ANALYZER is supported on Microsoft Windows XP, Windows Vista, Windows Seven, Windows 8 (X86), and on MAC OS X 10.6 and above, including MAC OS X 10.10.

The AT&T ARO Data Analyzer is supported on Microsoft Windows XP, Windows Vista, Windows Seven, Windows 8 (x86), and on Mac OS X 10.6 and above, including MAC OS X 10.10.

No. You MUST USE AT&T's OAuth SERVICE to use any of AT&T's APIs.

No. You must use AT&T's OAuth service to use any of AT&T's APIs.

The UverseConnectedManager initialization will FAIL if you are not on a U-verse network. You must be connected over Wi-Fi to the same access point as the RECEIVER. If it fails for other reasons, you may use the upload LOG FUNCTION, or try again (call startDiscovery again). Ideally, if you are on the Wi-Fi of a U-verse household, discovery should not fail.

The UverseConnectedManager initialization will fail if you are not on a U-verse network. You must be connected over Wi-Fi to the same access point as the receiver. If it fails for other reasons, you may use the upload log function, or try again (call startDiscovery again). Ideally, if you are on the Wi-Fi of a U-verse household, discovery should not fail.

There are two different types of AAP (Application Authentication Package) bundles that could be ISSUED:

• PRODUCTION: This AAP will be issued after your app completes AT&T Quality Engineering testing. Every version update will need to be submitted to AT&T for testing before the version is allowed to run in the production environment. The AAP bundle will contain the environment name prodca.
• ZDEV: This is a test environment that can be used to test your application. This environment can be accessed through the developer channel (9315). If you have a consumer U-verse account, you can APPLY for this channel to be enabled on your U-verse receiver through the Launch Center. The details of this are covered in How to Register and Setup a U-verse Enabled Environment. This channel can also be accessed through the RAKv2. The AAP bundle will contain the environment name zdevca.

There are two different types of AAP (Application Authentication Package) bundles that could be issued:

IOS and ANDROID are the PLATFORMS CURRENTLY SUPPORTED.

iOS and Android are the platforms currently supported.

We recommend using mostRecentlyEngagedSetTopBox property of uverseConnectedManager, as this will be updated each time the user ENGAGES a different receiver. For EXAMPLE, to GET the current CHANNEL details of the currently displayed program:

iOS

UverseConnectedManager *MANAGER = [UverseConnectedManager sharedManager];.

NSString *channel = manager.mostRecentlyEngagedSetTopBox.currentProgram.channel;.

Android

uveManager manager = uveManager.getUverseEnabledManager(this,null,AAP_FILE_NAME, RESOURCE_TOKEN);

manager.getMostRecentlyEngagedSetTopBox();

We recommend using mostRecentlyEngagedSetTopBox property of uverseConnectedManager, as this will be updated each time the user engages a different receiver. For example, to get the current channel details of the currently displayed program:

iOS

UverseConnectedManager *manager = [UverseConnectedManager sharedManager];.

NSString *channel = manager.mostRecentlyEngagedSetTopBox.currentProgram.channel;.

Android

uveManager manager = uveManager.getUverseEnabledManager(this,null,AAP_FILE_NAME, RESOURCE_TOKEN);

manager.getMostRecentlyEngagedSetTopBox();

USING the SHARED instance of Uverse Connected Manager, call the start Discovery METHOD on APPLICATION load to initiate the discovery process:

iOS

[[UverseConnectedManager sharedManager] startDiscovery];

Android

uveManagerInstance.startDiscovery(uveListenerInstance);

Using the shared instance of Uverse Connected Manager, call the start Discovery method on application load to initiate the discovery process:

iOS

[[UverseConnectedManager sharedManager] startDiscovery];

Android

uveManagerInstance.startDiscovery(uveListenerInstance);

Yes, to RUN the SDK Sample Apps you MUST FIRST create a new app in My Apps to acquire an App Key and App Secret.

The short code is optional. It is only needed by SDKs that require AT&T WIRELESS customer consent to allow the apps to use the customer’s AT&T Wireless mobile NUMBER.

Yes, to run the SDK Sample Apps you must first create a new app in My Apps to acquire an App Key and App Secret.

The short code is optional. It is only needed by SDKs that require AT&T Wireless customer consent to allow the apps to use the customer’s AT&T Wireless mobile number.

This NORMALLY indicates that the AAP is not valid. If you receive this ERROR, PLEASE check that you are using the correct AAP BUNDLE for your test environment.

This normally indicates that the AAP is not valid. If you receive this error, please check that you are using the correct AAP bundle for your test environment.

To add a device to your receiver, you must have the AT&T U-verse Enabled Application installed on your device. Launch the application on your device and navigate to the U-verse Receivers screen. The process below is based on an application that follows the U-verse End User Design Guidelines.

If the receiver name appears in the list with no icons next to it, which is when the receiver is in open mode, select it to connect your device to that receiver and start using the application. No ADDITIONAL action is needed. If the receiver name displays a lock icon pictured next to it, which is when the receiver is in custom/managed mode, you will NEED to enter a four DIGIT PIN on your device to connect:

• Select the receiver name, on your device.
• Tune to channel 9301 on that receiver.
• Arrow over to Add a Device.
• Enter the 4 digit code on the TV into the device and select Done.

You should see the receiver is now unlocked. If you don't see the receiver name on your device, tune to channel 9301 on that TV receiver, select +Add New Receiver on your device and follow the instructions to RUN the Set-up Wizard.

To add a device to your receiver, you must have the AT&T U-verse Enabled Application installed on your device. Launch the application on your device and navigate to the U-verse Receivers screen. The process below is based on an application that follows the U-verse End User Design Guidelines.

If the receiver name appears in the list with no icons next to it, which is when the receiver is in open mode, select it to connect your device to that receiver and start using the application. No additional action is needed. If the receiver name displays a lock icon pictured next to it, which is when the receiver is in custom/managed mode, you will need to enter a four digit PIN on your device to connect:

You should see the receiver is now unlocked. If you don't see the receiver name on your device, tune to channel 9301 on that TV receiver, select +Add New Receiver on your device and follow the instructions to run the Set-up Wizard.

The AAP (Application Authentication Package) bundle is a zip file that contains resource files including your Application Certificate and your DEVELOPER Key. The resource files differ DEPENDING on whether your app is certified for a development environment or a production environment. After you submit your app information to the AT&T Launch CENTER, development resource files will be available in your developer dashboard, and after your app passes AT&T Quality ENGINEERING testing, production resource files will be available.

The AAP (Application Authentication Package) bundle is a zip file that contains resource files including your Application Certificate and your Developer Key. The resource files differ depending on whether your app is certified for a development environment or a production environment. After you submit your app information to the AT&T Launch Center, development resource files will be available in your developer dashboard, and after your app passes AT&T Quality Engineering testing, production resource files will be available.

The OAuth 2.0 Authentication Management API is more secure than the typical USER NAME and password paradigm as the credentials are not STORED on the mobile DEVICE.

The OAuth 2.0 Authentication Management API is more secure than the typical user name and password paradigm as the credentials are not stored on the mobile device.

Applications MUST always use an OAuth token in the API request header called Authorization: in ORDER to CONSUME any of the APIs provided by AT&T.

An OAuth access token is obtained by invoking the OAuth API which triggers the authorization process. This process may involve interaction between the application and the API Platform only, as in the case of OAuth Token request, or it may involve interaction between the user's browser and the API platform. In the latter case, the secure interaction is INITIATED by the developer's application but the secure authentication is INTENTIONALLY routed around the developer's application and, in so doing, assures the end-user that their user credentials are kept secure and are only passed between AT&T and the user's browser.

Applications must always use an OAuth token in the API request header called Authorization: in order to consume any of the APIs provided by AT&T.

An OAuth access token is obtained by invoking the OAuth API which triggers the authorization process. This process may involve interaction between the application and the API Platform only, as in the case of OAuth Token request, or it may involve interaction between the user's browser and the API platform. In the latter case, the secure interaction is initiated by the developer's application but the secure authentication is intentionally routed around the developer's application and, in so doing, assures the end-user that their user credentials are kept secure and are only passed between AT&T and the user's browser.

Yes, you can stream (chunk) audio data as input. There is no NEED to RECORD the audio FIRST.

Yes, you can stream (chunk) audio data as input. There is no need to record the audio first.

The Speech API, INCLUDING the Speech-to-Text transcription and Text-to-Speech functionality, is offered as a RESTful API that runs on the AT&T platform. This MEANS that the API can be used from almost any mobile device, including those using other U.S. wireless carriers and on non-mobile devices, such as backend APPLICATIONS running on servers.

The Speech API, including the Speech-to-Text transcription and Text-to-Speech functionality, is offered as a RESTful API that runs on the AT&T platform. This means that the API can be used from almost any mobile device, including those using other U.S. wireless carriers and on non-mobile devices, such as backend applications running on servers.

Most APIs are AVAILABLE, but some may have additional REQUIREMENTS such as:

• FINANCE APIs such as Advertising require banking & tax INFORMATION to receive funds.
• APIs that are in closed beta may require that you request and be accepted into the closed beta.
• Specific APIs because of their nature may require volume COMMITMENTS under a separate high volume or enterprise agreement.

You can find out more information for specific APIs by visiting our pricing page and clicking on the API you are interested in.

Most APIs are available, but some may have additional requirements such as:

You can find out more information for specific APIs by visiting our pricing page and clicking on the API you are interested in.

This error occurs because the SDK JAR file is not added to the APPLICATION. Steps to FIX this ISSUE:

• Go to the properties of the application.
• Select Java BuildPath.
• In Libraries Tab, Press "Add Jar" button and add the SDK_NAME.jar file.
• Now go to "Order and Export" tab and Check/Select the "SDK_NAME.jar" file and press OK.
• Rerun the application now.

This error occurs because the SDK jar file is not added to the application. Steps to fix this issue:

After the lifetime that is specified in the expires_in parameter has elapsed, the OAuth access token is no longer valid. When that occurs, any ATTEMPT to use the expired OAuth access token RESULTS in an OAuth 2.0 Authentication Management API response with the HTTP Status Code of 401 Unauthorized. A developer must PROVIDE logic in their app to handle CONDITIONS when the expired OAuth access token may be used.

After the lifetime that is specified in the expires_in parameter has elapsed, the OAuth access token is no longer valid. When that occurs, any attempt to use the expired OAuth access token results in an OAuth 2.0 Authentication Management API response with the HTTP Status Code of 401 Unauthorized. A developer must provide logic in their app to handle conditions when the expired OAuth access token may be used.

OPENID is about AUTHENTICATION (i.e. proving who you are). OAuth is about authorization (i.e. granting ACCESS to functionality, DATA, etc., without DEALING with the original authentication).

OpenID is about authentication (i.e. proving who you are). OAuth is about authorization (i.e. granting access to functionality, data, etc., without dealing with the original authentication).

No. An OAUTH ACCESS TOKEN can be USED until it EXPIRES.

No. An OAuth access token can be used until it expires.

Notary MANAGEMENT can be used with any other API and is not restricted to the PAYMENT API, OAUTH, or any other API. However, if the Payment API is used, the Notary SERVICE must be used to facilitate those APIS.

Notary Management can be used with any other API and is not restricted to the Payment API, OAuth, or any other API. However, if the Payment API is used, the Notary service must be used to facilitate those APIs.

No. The OAuth 2.0 AUTHENTICATION Management API MAY only be used with RESTful APIS provided by AT&T.

No. The OAuth 2.0 Authentication Management API may only be used with RESTful APIs provided by AT&T.

To access protected data stored on Google services, use OAuth 2.0 for authorization. Google APIs support OAuth 2.0 flows for different types of client applications. In all of these flows, the client APPLICATION requests an access token that is associated with only the client application and the owner of the protected data being accessed. The access token is also associated with a limited scope that defines the kind of data the client application has access to (for example, "Manage your tasks"). An important goal for OAuth 2.0 is to provide secure and convenient access to the protected data, while minimizing the potential IMPACT if an access token is stolen.

The typical work flow for OAuth 2.0 requests:

• When a user first attempts to use functionality in your application that requires the user to be logged in to a Google Account or YouTube account, your application INITIATES the OAuth 2.0 authorization process.
• Your application directs the user to Google's authorization server. The link to that page specifies the scope of access that your application is requesting for the user's account. The scope specifies the resources that your application can RETRIEVE, insert, update, or delete when acting as the authenticated user.
• If the user consents to authorize your application to access those resources, Google RETURNS a token to your application. Depending on your application's type, it either validates the token or exchanges it for a different type of token.
• For example, a server-side web application exchanges the returned token for an access token and a refresh token. The access token lets the application authorize requests on the user's behalf, and the refresh token lets the application retrieve a new access token when the original access token expires.

To access protected data stored on Google services, use OAuth 2.0 for authorization. Google APIs support OAuth 2.0 flows for different types of client applications. In all of these flows, the client application requests an access token that is associated with only the client application and the owner of the protected data being accessed. The access token is also associated with a limited scope that defines the kind of data the client application has access to (for example, "Manage your tasks"). An important goal for OAuth 2.0 is to provide secure and convenient access to the protected data, while minimizing the potential impact if an access token is stolen.

The typical work flow for OAuth 2.0 requests:

If not using administrative authentication, then an OAuth 2.0 CHALLENGE requires user actions in order to authorize MigrationWiz to ACCESS their data. After submitting a migration for mailbox(es), MigrationWiz will send an email to each user mailbox in order to ask for access privileges. Once the user confirms access privileges, their migration will begin.

Note: 

• Non-paid Google account migrations will also follow the above OAuth 2.0 challenge methodology. It is necessary to migrate these accounts using the individual user name and PASSWORDS for each account.
• Previously Google USED "ClientLogin" for such migrations. This has been deprecated and replaced by OAuth 2.0.

Here are some more generic (non-specific to MigrationWiz) questions and answers about OAuth and OAuth 2.0. These have been included here to provide some more detail about how it works.

If not using administrative authentication, then an OAuth 2.0 challenge requires user actions in order to authorize MigrationWiz to access their data. After submitting a migration for mailbox(es), MigrationWiz will send an email to each user mailbox in order to ask for access privileges. Once the user confirms access privileges, their migration will begin.

Note: 

Here are some more generic (non-specific to MigrationWiz) questions and answers about OAuth and OAuth 2.0. These have been included here to provide some more detail about how it works.

FOLLOW the directions in the Knowledge Base article KB005019 to set up the G Suite account to USE OAuth 2.0. In order to PROVIDE us administrative AUTHENTICATION access to your G Suite data, add certain allowed scopes to the MigrationWiz project, as described in the article. Also, the article shows how to enable API access, which is required for performing a Google Drive migration.

Follow the directions in the Knowledge Base article KB005019 to set up the G Suite account to use OAuth 2.0. In order to provide us administrative authentication access to your G Suite data, add certain allowed scopes to the MigrationWiz project, as described in the article. Also, the article shows how to enable API access, which is required for performing a Google Drive migration.

• OAUTH 2.0 is used by all accounts, i.e., both paid and non-paid G SUITE accounts.
• For administrative authentication, BitTitan uses OAuth 2.0 ServiceAccount workflow.
• For user authentication, BitTitan uses OAuth 2.0 WebApplication workflow.

Note: Previously, OAuth 1.0 was only available to paid G Suite accounts, namely G Suite for BUSINESS and Education. 

Note: Previously, OAuth 1.0 was only available to paid G Suite accounts, namely G Suite for Business and Education. 

We use OAuth 2.0 in order to AUTHENTICATE to G Suite accounts for all Google services. This INCLUDES email, CONTACTS, calendars, and documents under Google DRIVE.

We use OAuth 2.0 in order to authenticate to G Suite accounts for all Google services. This includes email, contacts, calendars, and documents under Google Drive.