Cross-site request forgery and IBM Connections Micro Blog

I was helping a fellow developer with creating entries for a community’s IBM Connections Microblog.  He was using IBM Connections Cloud and IBM Connections 5.0 and higher.

In the IBM Connections, there is some advanced support for requests which come from third party domains to protect against Cross-site Request Forgery and Replay Attacks.

You can make a POST request to https://apps.na.collabserv.com/connections/opensocial/rest/ublog/urn:lsid:lconn.ibm.com:communities.community:{communityId}/@all and get an HTTP 403 response forbidden (even if a GET works with the same Bearer or Basic HTTP Authorization header. 

If you run into this issue, you should add the X-Update-Nonce header to your request.  You can get the Nonce value from the http://apps.na.collabserv.com/files/basic/api/nonce .

The request will now work and return a 201 Content Created.

Simple workaround, and handy to know for ActivityStreams and the Microblog.

IBM Connections Developers Launch

CloudRelationshipCoin

As announced on the IBM website, IBM SmartCloud for Social Business is now IBM Connections Cloud.   Users can still take advantage of the “… access to business-grade file sharing, social networking, communities, online meetings, instant messaging, email, and calendar.”

Along with the re-launched website – IBM Connections Cloud, my team has relaunched the IBM Connections Developershttps://developer.ibm.com/social/.   We are focused on making sure Developers have the tools and information to rapidly build applications with our cloud.  Luis Benitez did a great job describing all the changes with the Cloud and the Developer Experience on his blog.

The team came up with this summary, which has since become our tagline, “Think Social. Develop with Web Standards. Deliver outstanding Apps.”  My colleagues and I are going to show you the way to quickly get started, adopt social patterns and develop compelling and repeatable integrations and social applications.

Connect with me here, or the team on the website.  I look forward to it.

Preconfigured Development Environment – How to provision instance IBM Collaboration Quickstart for Social Business 3.0

(Repost from ibmdw.net/social)

How many times have you setup IBM Connections, IBM Sametime and IBM Domino to replicate a complete customer environment?  100 times, 10 times, 1 time?

How many times have you done it to develop code? 100 times? 10 times? 1 time?

Well, the IBM Social Business Toolkit and Application Development team has saved you time and energy, and you focus on development. 

The IBM Collaboration Quickstart for Social Business is a pre-configured development, test and demonstration environment which includes IBM Connections, IBM Sametime, IBM Domino, IBM Connections Mail, IBM Domino Social Edition and IBM Social Business Toolkit.  The software is configured to work together using single sign and integrated feature sets with the developer optimizations turned on.  These software are also setup to work with 85 pre-configured users and service specific users.  More details are at the AppDev Wiki. An instance can be provisioned in just about one hour.

The newest Quickstart 3.0 contains:

  • IBM Connections 4.5 CR1
  • IBM Sametime 8.5.2 IF1
  • IBM Domino 9.0 and Social Edition
  • IBM Social Business Toolkit 2013 07 10
  • IBM Connections Mail 1.3

The Quickstart is available for use on the IBM SmartCloud Enterprise. The image is  “IBM Collaboration QuickStart for Social Business v3.0 64b”.  There is also an ongoing trial available. Details on provisioning the instance to your SmartCloud account is available at http://www.slideshare.net/paulbastide/quickstart-provision30