PayPal Refund Transaction Authorisation Issue - paypal

I'm working on Odoo version 12.0, developing the process of Refund Sale Transaction using their API. I've taken reference from the following link: https://developer.paypal.com/docs/api/payments/v1/#sale_refund
But there is some authorization issue with their API of the refund transaction.
I've example request/response parameters like the following:
import requests
headers = {'Content-Type': 'application/json','Authorization': 'Bearer Access-Token'}
data = '{\n "amount": {\n "total": "2.34",\n "currency": "USD"\n },\n "invoice_number": "INV-1234567"\n}'
response = requests.post('https://api.sandbox.paypal.com/v1/payments/sale/2MU78835H4515710F/refund', headers=headers, data=data)
It gives me the following response:
{'message': 'Authentication failed due to invalid authentication credentials or a missing Authorization header.', 'links': [{'rel': 'information_link', 'href': 'https://developer.paypal.com/docs/api/overview/#error'}], 'name': 'AUTHENTICATION_FAILURE'}
Can anyone help me to resolve this issue?
And how to generate bearer token using PayPal Payment API?

The Authorization header needs to contain an actual Access Token after the word 'Bearer '. Sending the string 'Access Token' will not work.
Here is how to obtain an actual access token: https://developer.paypal.com/docs/api/overview/#get-an-access-token

Related

Spotify API demanding a parameter that is not required

I know this is a particular issue that I'm having but I'm struggling with it for ages...If anyone could give me a hint on how to proceed It would be great.
I'm trying to integrate my flutter app to Spotify API and according to Spotify docs, after the user accepted the conditions at their site, it would be redirected back with a code - In my application I'm already retrieving this code. After that, I need to make a request for another endpoint to "trade" my code for an auth.
The docs demand a POST with 3 parameters(grant_type,redirect_uri and code). But even though I send all of this informations I get a (400 -Bad Request) with the description:
{"error":"invalid_request","error_description":"code_verifier
required"}
But note that code_verifier is only required for a PKCE request, as far as I understand.
My post method is the following:
Future getUserAccessToken(String authorizationCode) async {
// Get the Access Token in exchange for the Authorization Code
var url = 'https://accounts.spotify.com/api/token';
var body = {
'grant_type': 'authorization_code',
'code': authorizationCode,
'redirect_uri': redirectUrl,
};
var response = await post(Uri.parse(url), body: body, headers: {
'Content-Type': "application/x-www-form-urlencoded",
'Authorization':
'Basic ${base64Encode(utf8.encode('$clientID:$clientSecret'))}',
});
}
They also demand this at the authorization header:
Base 64 encoded string that contains the client ID and client secret key. The field must have the format: Authorization: Basic
I would recommend going forward with PKCE. It will protect your app against CSRF and authorization code injection attacks. It's also not too bad to implement.
All you should have to do is:
Generate a random string using the characters A-Z, a-z, 0-9, and the punctuation characters -._~ (hyphen, period, underscore, and tilde), between 43 and 128 characters long. This is your code_verifier
Hash that string with SHA256. This is your code_challenge.
Send those values in the requests as the documentation indicates, which means base64 url encoding them, as well. The Spotify doc says "The body of this POST request must contain the following parameters encoded in application/x-www-form-urlencoded".
Also, in case you haven't seen it, there's a OAuth flow example implemented in JS here: https://github.com/spotify/web-api-auth-examples/blob/master/authorization_code/app.js Their copy of this portion looks like:
var authOptions = {
url: 'https://accounts.spotify.com/api/token',
form: {
code: code,
redirect_uri: redirect_uri,
grant_type: 'authorization_code'
},
headers: {
'Authorization': 'Basic ' + (new Buffer(client_id + ':' + client_secret).toString('base64'))
},
json: true
};
request.post(authOptions, function(error, response, body) {...})
The example has "request": "~2.83.0" in the package.json.
Notice how they use form which I would assume is base 64 url encoding the body, as the docs indicate. Not sure how the post method you're using with dart/flutter works with respect to base 64 url encoding, so that's something to investigate, as well.
Credit to https://www.oauth.com/oauth2-servers/pkce/authorization-request/ for providing some of the text in this response

JWT Bearer Token flow in keycloak

Does keycloak support
'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer'?
In my tests I receive status: 400 and msg
{'error': 'unsupported_grant_type', 'error_description': 'Unsupported grant_type'}. Also in documentation, I was not able to find any information about this type of grant type.
Thanks
Looks like this is what you are looking for - https://www.keycloak.org/docs/latest/securing_apps/#client-authentication-with-signed-jwt
I have not tried it myself yet, but accordingly to the specification "grant_type" has to be "authorization_code", but "client_assertion_type" is "urn:ietf:params:oauth:client-assertion-type:jwt-bearer".

Forbidden !! while trying to access the hereapi traces service

I've been working on here API from past one week, I've tested the geofencing and other rest services. I am trying to work on tracking, Where we have to generate a token by giving all the valid credentials. At last, I've got the token as well but when am trying to access the traces one for which the endpoint URL is
https://tracking.api.here.com/traces/v2/{trackingid}
here I've given the trackingid(deviceid) which I've used to generate an access token and included this token as a bearer in authorization I am using postman to test these, my token is valid for only 23 hours
Authorization Bearer {mytoken}
As mentioned I've also provided this x-request-id, I've no idea regarding this x-request-id but came to know about this from this thread and tried to generate uuid and use it for x-request-id
x-request-id 5506b7d0-2fe6-4967-8ad8-cf0f08fdedbf
And I am receiving the response as
{
"code": 403,
"id": "5506b7d0-2fe6-4967-8ad8-cf0f08fdedbf",
"message": "Forbidden",
"error": "Forbidden\n\nThe account does not have the correct
privileges\n"
}
The similar case even when I am trying to access the allotted geofences for that device and how many devices are in that particular geofence. I've read about whitelisting but whatever the service I am requesting for is not on their list. My account was a 90days free trial account
I am new to this hereapi Kindly correct me if I am doing anything wrong.
Kindly Help me out with this issue
Thanks in advance
--Meghana Goud
I've figured it out, I'll include the details here follow the step by step process as mentioned in the documentation
refer this HERE Tracking | API Reference
And follow the step by step process as mentioned in this documentation
The first one, you'll get your bearer token from this endpoint URL https://tracking.api.here.com/users/v2/login which is post
method and set its Content-Type to application/json and provide the username and password in JSON format and send a POST request to it
EndpointURL :https://tracking.api.here.com/users/v2/login
Headers :{"Content-Type":"application/json"}
Input :{"email":"XXXXXX", "password":"XXXX"}
Expected Response:{
"userId": "XXXXXX",
"accessToken": "XXXXX",
"tokenType": "bearer",
"expiresIn": 86399,
"refreshToken": "XXX"
}
the token is valid for only 24 hours. Now use this token for all the rest services you want to access from here-API
Now I would like to get the traces of my device using this endpointURL https://tracking.api.here.com/traces/v2/{trackingid}?count=1 , send a get request to this endpointURL by giving your trackingID, I repeat TrackingID is different from your deviceId TrackingId will be HERE-XXX(UUIDv4) whereas deviceId will be XXXX(UUIDv4)
now set the authorization to Bearer Token and pass an x-request-id which is a UUIDv4
Your request should look like
EndpointURL :https://tracking.api.here.com/traces/v2/{trackingid}?count=1
Headers :{"Authorization":"Bearer XXXXXX","x-request-id":"XXXX(UUIDv4)"}
Expected Response:{
"count": 1,
"data": [
{
"position": {
"lat": 17.44936354,
"lng": 78.36296417,
"accuracy": 45,
"alt": 539
},
"timestamp": 1531462419813,
"payload": {
"refAppData":
{
"batteryState": {
"charging": false,
"level": 52,
"temperature": 25
}
}
}
}
],
"pageToken": "1531462359711"
}
In order to update any data from your device, you'll require your device token which is generated from this endpoint URLhttps://tracking.api.here.com/v2/token you'll get your access token by OAuth1.o Authorization give the respected values as mentioned in the documentation. you'll get the response as
{
"accessToken": "XXXXXX",
"expiresIn": 86399
}
Similarly, you can test other services,
Hope this helps
Meghana

Demandware OCAPI modify order

I've built a tiny program that helps Identify orders in Demandware that have incorrect status, e.g: (status: new, open, completed and shipping-status: not-shipped, shipped).
I basically just use order_search from OCAPI and compare the results with our ERP.
However now I want to automate some of the fixing of status, which would require me to use the /orders/{order_no} GET and PATCH calls, however when I do so, I get the following message:
{ type: 'AccessWithoutUserForbiddenException',
message: 'An authenticated user is required in order to access resource.' }
According to the docs OAUTH for order_search uses: "Authentication via OAuth token.", however orders/{order_no} uses: "Authentication via OAuth token. A valid user is required."
So what would be the right strategy for becoming a valid user?
a valid user for getting oAuth tokens is a Business Manager user. So please login to Business Manager and create a new user for your use cases and grant the necessary permissions.
After that you are able to execute the particular resources.
Christian
If you are using account.demandware.com as the host then it will throw below error
{ error: 'unauthorized_client', error_description: 'Client id
\'xxxxxxxxxxxxxxxxxxx\' has invalid credentials to use grant type
\'urn:demandware:params:oauth:grant-type:client-id:dwsid:dwsecuretoken\'.'
}
Instead you can change the host to your sandbox host. And try once again. It should work. I was also facing the same issue.
const key = new Buffer('business_manager_email_id' + ":" + 'business_manager_pwd' + ":" + 'client_pwd').toString("base64");
const options = {
url: 'https://<sandbox_host>/dw/oauth2/access_token?client_id=your_client_id',
method: "POST",
headers: {
'Authorization': "Basic " + key,
"Content-Type": "application/x-www-form-urlencoded",
},
body: "grant_type=urn:demandware:params:oauth:grant-type:client-id:dwsid:dwsecuretoken"
};

Paypal Adaptive Payments Pay API operation returns Invalid Request Parameter "receiver" even though provided

I am attempting an implicit Pay API operation. I keep receiving a "Invalid request parameter: receiver cannot be null" error though I am sending along the receiver as specified in the paypal api docs. I include the API credentials as request headers.
Here is the request payload
request['payload']={
'actionType' : 'PAY',
'senderEmail': 'sender#company.com',
'receiverList' : {'receiver': [{ 'amount': '10.0', 'email':'recepient#company.com' }]},
'currencyCode' : 'SGD',
'requestEnvelope' : {
"errorLanguage":"en_US", # Language used to display errors
"detailLevel":"ReturnAll" # Error detail level
},
'ipnNotificationUrl': 'http://xxxxxxxx',
'cancelUrl': 'http://xxxxxxxxx',
'returnUrl': 'http://xxxxxxxxxx'
}
The error was on my side - though paypal's error message didn't help much. I did
not encode the python dict object to json before sending the request to paypal.
import json
payload = json.dumps(request['payload'])
Hope this helps someone.