I have a app on uber with request_receipt scope avaiable
But when i trying to get a request receipt with a token created in my app i got Forbidden error.
Others endpoints (map, product, history...) are ok.
My authentication request is fine too and return:
{
"expires_in"=>2592000,
"token_type"=>"Bearer",
"refresh_token"=>"[...]",
"last_authenticated"=>0,
"scope"=>"history profile history_lite places ride_widgets all_trips request_receipt",
"user_id"=>"[...]"
}
I made this requests on app and get same error.
You can only access trips that were initiated through your own Uber integration. For instance, if you book a ride through the Uber app and take that request id, you won't be able to access the details of that ride. Here's what the docs state:
The receipt endpoint will only provide receipts for ride requests originating from your application. It is not currently possibly to receive receipt data for all trips.
Related
While using Unity 2020.3.9f1 and Unity IAP 3.2.1 I can send the initial subscription via a regular https request to my Spring backend and receive the user information from backend auth + purchase token via the request. I can then insert the expiry date (which I query from Google API using AndroidPublisher and the token) to my database and give premium features to the given user for that time period.
When the subscription is about to renew, I need to update the users premium feature expiry date in the database accordingly.
I already found out, that I can receive this renewal information, even if the client is not active, via Google Cloud Pub/Sub by linking it with the apps monetization. The backend then receives a purchase token, but this time there is no more user information since the request was not issued through a client/server request.
I also figured out that there is/was a developer payload to use for that purpose. My question is how I can add this to the subscription to link renewal subscription notifications to a certain user on receiving renewal subscription notifications. I do not really want to add a new index on a (at least in test mode always unique) purchase token to my database if I do not have to.
I use Firebase Auth in my app - can I make use of that in any way?
I'm in the process of implementing InApp purchases (subscriptions) with Huawei In App SDK.
Everything's good except token verification against Huawei's servers.
My code is similar to that here: https://developer.huawei.com/consumer/en/doc/development/HMS-References/iap-api-order-service-purchase-token-verification-v4
I'm using an access token which is obtained like so: https://developer.huawei.com/consumer/en/doc/development/HMS-Guides/38054564 - the same code to obtain access tokens already works with Huawei Push SDK by the way.
For verification, my code sends requests to https://orders-dre.iap.hicloud.com/applications/purchases/tokens/verify with this data:
{
"purchaseToken":"00000175799be0e659fc74cb06...5.8.5650",
"productId":"annual"
}
The response comes back as:
{"responseCode":"6","responseMessage":"rights invalid"}
The FAQ here https://developer.huawei.com/consumer/en/doc/development/HMS-Guides/iap-FAQ recommends:
"You are advised to check whether the app ID used for obtaining AccessToken is the same as the app ID associated with purchaseToken in the request".
Now I only have one project / one set of Client ID / Client Secret, so it matches the app ID, by definition.
What could be wrong?
PS - this is happening with a test subscription, i.e. purchased by a user account that's set up as a test account.
According to the code part you provided, you are using Purchase Token Verification for the Order Service, and you should use API for Verifying the Purchase Token for the Subscription Service.
Purchase Token Verification for the Order Service applies only to non-subscription purchases. It is used to verify the purchase token in the payment result sent from the Huawei IAP server to ensure payment accuracy.
API for Verifying the Purchase Token for the Subscription Service applies only to subscriptions. It is used to check whether a product has been successfully purchased and is within the validity period.
Verifying the Purchase Token for the Subscription Service:
Parameter: subscriptionId;purchaseToken
RequestUrl: {rootUrl}/sub/applications/v2/purchases/get
rootURL:
China: https://subscr-drcn.iap.hicloud.com
Germany: https://subscr-dre.iap.hicloud.com
Singapore: https://subscr-dra.iap.hicloud.com
Russia: https://subscr-drru.iap.hicloud.com
AppTouch site of Germany: https://subscr-at-dre.iap.dbankcloud.com
i'm trying to build a server with a rest api and database.
it has ios and android clients, where you can log in with facebook.
the server can receive the access token that the clients get when they log in for the first time, and send it to the server. the server stores it in the database.
now the server can make graph api calls on the clients behalf.
but here's my question:
the next time the client asks the server to do something on it's behalf, what info must it send so that the server knows who the client is? is it just the access token again?
thank you
Just the access token is enough to uniquely identify the user and the app.
You could try it by hitting graph.facebook.com/v2.10/me?fields=id&access_token=... with different tokens to check which user it is and whether the token is still valid.
Off topic, but since you're already using the server as the middle-man for your requests, I suggest using the code flow instead of token flow for added security: https://developers.facebook.com/docs/facebook-login/security#appsecret
I'm trying a simple request to sandbox:
https://sandbox-api.uber.com/v1.2/requests/current
with token generated with my account: tristan.tran89#gmail.com and get a 403: forbidden error.
Same request with a different account does not return a forbidden. Can someone please verify why it's being blocked on my account?
That is typically what the 403 error indicates. Strictly it is saying that the token you sent does not have access to the resource. This could mean it's been corrupted, it expired, or the user revoked access.
If the current application is the one that booked the trip then requests/current should be able to be accessed.
In your case, you are calling GET v1.2/requests/current with an access token that has the request scope but not the all_trips scope. That means that the endpoint will respond with the current trip only if it was booked by your application. In the case that the user is on a current trip but it was booked by another application or the Uber app, you will get a 403. In the more common case that the user is not on a trip at all, you will get a 404.
If you wanted to be able to give status updates for any trip that a user takes, you would want to get the all_trips scope during OAuth.
My app allows third party users to login via PayPal and to authorise it to collect UserInfo such as name and address. I now want to get permission to do a transaction list on their account using the token they provide.
I get 401 Not Authorized using the current tokens and OAuth won't accept 'https://api.paypal.com/v1/payments/.*' as a scope.
Calling api.paypal.com/v1/Payments on behalf of third parties isn't currently supported using the REST APIs.
You can only get payment info (and transaction info) for yourself.
In order to get Transaction data on behalf of third parties, you need to use the Classic APIs, first using the Permission Services to request access, then use the Merchant API Services to get transaction data.
Edit: Jan 6th, 2016
To make requests on behalf of third-parties, you need to use the Permissions Services API to request the proper scope.
As far as I can tell (from reading the documentation), you still cannot request 3rd party payment data using the REST api. You must use the Classic Name-Value Pair/SOAP api.