I am using Rest API to get security token using unique securityID and other parameters.Please suggest. I am using following code :
HttpRequest httpRequest = new HttpRequest();
httpRequest.setEndpoint('https://pilot-payflowpro.paypal.com');
String body = 'PARTNER=Paypal&PWD=pwd&VENDOR=abc&USER=abc&CREATESECURERTOKEN=Y&SECURETOKENID=9a9ea8208de1413abc3d60c86cb1f4ce&TRXTYPE=C&AMT=23.0&MODE=TEST';
httpRequest.setBody(body);
httpRequest.setMethod('GET');
Http htt = new hTTP();
HttpResponse httpRe = htt.send(httpRequest);
system.debug(httpRe.geTbody());
But I am getting following error : RESULT=2&PNREF=A7X06D187FF7&RESPMSG=Invalid tender
You are missing one parameter here while posting data to "https://pilot-payflowpro.paypal.com". You need to include TENDER=C in your request parameters.
Second, you need to replace the TRXTYPE=C to TRXTYPE=S because TRXTYPE=C indicates it'sa refund transaction but you are performing a sale transaction .
It should similar to the below :
NVP Request:
VENDOR=XXXXXXXXX&PARTNER=XXXXXXXXX&USER=XXXXXXXXX&PWD==XXXXXXXXX&AMT=12.72&TRXTYPE=S&TENDER=C&SECURETOKENID=wsw.big7jsa8la531f4x31ec3ssael7esef1.4521352289&CREATESECURETOKEN=Y
NVP Response:
RESULT=0
RESPMSG=Approved
SECURETOKEN=99UhUOS2ZWk6wDJn8kdNNeAZf
SECURETOKENID=wsw.big7jsa8la531f4x31ec3ssael7esef1**
Hope this helps you debug your issue .
Related
I'm building an oauth2 client with Flask and Authlib. My code to register the oauth is:
google = oauth.register(
name='google',
client_id='',
client_secret="",
access_token_url="https://accounts.google.com/o/oauth2/token",
access_token_params=None,
authorize_url="https://accounts.google.com/o/oauth2/auth",
authorize_params=None,
api_base_url="https://www.googleapis.com/oauth2/v1/",
client_kwargs={'scope': 'openid email'},
server_metadata_url="https://accounts.google.com/.well-known/openid-configuration",
)
And my /authorize endpoint looks like this:
#app.route('/authorize')
def authorize():
google = oauth.create_client('google')
token = google.authorize_access_token()
resp = google.get('userinfo')
resp.raise_for_status()
userinfo = resp.json()
return str(userinfo)
But I am getting the error
authlib.jose.errors.InvalidClaimError: invalid_claim: Invalid claim "iss"
I had this issue and removing the openid value from scope fixed it. I guess my google config didn't accomodate it,
I am verifying the payment status done using the razorpay payment links using a webhook. I have added the webhook to the RazorPay webhook section with payment_links as the active elements. I am getting a payment completed indication while using the payment link. But the webhook is throwing this error.
This is how I am verifying the signature
webhook_secret = "abc"
webhook_signature = request.headers['X-Razorpay-Signature']
client = razorpay.Client(auth=("xyz", "pqr"))
payload_body = json.dumps(request.json, separators=(',', ':'))
verify = client.utility.verify_webhook_signature(payload_body, webhook_signature, webhook_secret)
print(verify)
Also tried it with
payload_body = json.dumps(request.data, separators=(',', ':'))
But I keep getting the error,
razorpay.errors.SignatureVerificationError: Razorpay Signature Verification Failed
I tried like this
verify = client.utility.verify_webhook_signature(request.data.decode('utf-8'), webhook_signature, webhook_secret)
print(verify)
The output is None
Edited
I have tried the below methods but none of them work
1) verify = client.utility.verify_webhook_signature(json.dumps(request.data, separators=(',', ':')), webhook_signature, webhook_secret)
print("verification of signature {}".format(verify))
Resulted in TypeError: Object of type bytes is not JSON serializable.
2) verify = client.utility.verify_webhook_signature(json.dumps(request.json, separators=(',', ':')), webhook_signature, webhook_secret)
print("verification of signature {}".format(verify))
#razorpay.errors.SignatureVerificationError: Razorpay Signature Verification Failed
3) verify = client.utility.verify_webhook_signature(json.dumps(body, separators=(',', ':')), webhook_signature, webhook_secret)
print("verification of signature {}".format(verify))
2 and 3 resulted in razorpay.errors.SignatureVerificationError: Razorpay Signature Verification Failed
If your are using Django the use request.body instead of request.json to get raw body and send it to verify_webhook_signature method after decoding. Here is the example code -
def verify_payment(request):
payload_body = request.body.decode()
webhook_secret = "abc"
webhook_signature = request.headers['X-Razorpay-Signature']
client = razorpay.Client(auth=("xyz", "pqr"))
verify = client.utility.verify_webhook_signature(payload_body,
webhook_signature, webhook_secret)
print(verify)
You have to decode the body before verifying because of this issue https://github.com/razorpay/razorpay-python/issues/121 otherwise it will raise a TypeError.
And If you are using Flask the use request.data instead of request.json and other steps are same.
If you are using django with rest_framework, request.data will give a dict and don't do json.dumps(response.data).Instead use response.body.decode() and pass it to verify_webhook_signature.it will work.
Reference - https://github.com/razorpay/razorpay-python/issues/65#issuecomment-485752662
I have an apache camel application that requires sending log files to an endpoint and this requires Basic Authentication. I was able to pass the authMethod, authusername and authPassword to the url as specified in the camel documentation but the challange I'm having is that I keep getting null response from the endpoint after starting the application.
However, the same endpoint returns response code and response body using postman.
Below is my code:
from("{{routes.feeds.working.directory}}?idempotent=true")
.process(new Processor() {
#Override
public void process(Exchange exchange) throws Exception {
MultipartEntityBuilder multipartEntityBuilder = MultipartEntityBuilder.create();
multipartEntityBuilder.setMode(HttpMultipartMode.BROWSER_COMPATIBLE);
String fileName = exchange.getIn().getHeader(Exchange.FILE_NAME, String.class);
File file = exchange.getIn().getBody(File.class);
multipartEntityBuilder.addPart("file",
new FileBody(file, ContentType.MULTIPART_FORM_DATA, fileName));
exchange.getOut().setBody(multipartEntityBuilder.build());
Message out = exchange.getOut();
int responseCode = out.getHeader(Exchange.HTTP_RESPONSE_CODE, Integer.class);
log.info("response code "+responseCode);
}
})
.setHeader(Exchange.HTTP_QUERY,
constant("authMethod=Basic&authUsername="+username+"&authPassword="+password+""))
.to(TARGET_WITH_AUTH +"/"+uuid+"/files")
.log(LoggingLevel.DEBUG, "response code >>>>"+Exchange.HTTP_RESPONSE_CODE)
.log(LoggingLevel.INFO, "RESPONSE BODY ${body}")
.end();
Kindly help review and advise further
For HTTP basic authentication I use this before sending a request
<setHeader headerName="Authorization">
<constant>Basic cm9vdDpyb290</constant>
</setHeader>
cm9vdDpyb290 - Encoded Base64 root:root(username and password) string
This was fixed by using httpClient to send my requests with Basic Authentication. Apparently, authMethod in apache camel doesn't send the credentials along with the Post Request and that's why I was getting the initial 401 response code.
Thank y'all for your contributions.
I stuck with sending request with Akka HTTP singleRequest(). I'm trying to deal with Stripe API and it requires application/x-www-form-urlencoded content type for the incoming requests.
I tried to use following structure of HTTP request:
val authorization = Authorization(OAuth2BearerToken("some_token"))
Http().singleRequest(HttpRequest(
uri = Uri("https://api.stripe.com/v1/customers"),
method = HttpMethods.POST,
headers = List(authorization),
entity = FormData(Map("email" -> HttpEntity("test_1#email.com"))).toEntity(),
protocol = HttpProtocols.`HTTP/1.1`)
)
But in the Stripe logs I see following in the Parsed Request POST Body section:
(multipart form: 162)
So the question is how to set content type to application/x-www-form-urlencoded?
The problem was related to FormData type. In order to perform application/x-www-form-urlencoded request you need to use FromData from package akka.http.scaladsl.model
So here is working example:
Http().singleRequest(HttpRequest(
uri = Uri("https://api.stripe.com/v1/customers"),
method = HttpMethods.POST,
headers = List(authorization),
entity = akka.http.scaladsl.model.FormData(Map("email" -> "user#email.com")).toEntity(HttpCharsets.`UTF-8`),
protocol = HttpProtocols.`HTTP/1.1`)
)
I am trying to log on this website: http://www.broadinstitute.org/cmap/index.jsp. I am using python 3.3 on Windows. I followed this answer https://stackoverflow.com/a/2910487/651779. My code:
import http.cookiejar
import urllib
url = 'http://www.broadinstitute.org/cmap/index.jsp'
values = {'j_username' : 'username',
'j_password' : 'password'}
data = urllib.parse.urlencode(values)
binary_data = data.encode('ascii')
cookies = http.cookiejar.CookieJar()
opener = urllib.request.build_opener(
urllib.request.HTTPRedirectHandler(),
urllib.request.HTTPHandler(debuglevel=0),
urllib.request.HTTPSHandler(debuglevel=0),
urllib.request.HTTPCookieProcessor(cookies))
response = opener.open(url, binary_data)
the_page = response.read()
http_headers = response.info()
It runs without erros, however the html in the_page is just the log in page. How can I log onto this page?
The site is using a JSESSIONID cookie to create session since HTTP requests are stateless. When you're making your request, you're not getting that session id first.
I sniffed a session to log into that site using Fiddler and found that the POST is made to a different URL, but it has that JSESSIONID cookie set. So you need to make a get to the URL first, capture that cookie using the cookiehandler, then POST to this URL:
post_url = 'http://www.broadinstitute.org/cmap/j_security_check'
You don't need to save the HTTP GET request at all, you can simply call opener.open(url), then in your code change the response line to this:
response = opener.open(post_url, binary_data)
Also the payload was missing the submit method. Here's the whole thing with the changes I suggest:
import http.cookiejar
import urllib
get_url = 'http://www.broadinstitute.org/cmap/index.jsp'
post_url = 'http://www.broadinstitute.org/cmap/j_security_check'
values = urllib.parse.urlencode({'j_username': <MYCOOLUSERNAME>,
'j_password': <MYCOOLPASSSWORD>,
'submit': 'sign in'})
payload = bytes(values, 'ascii')
cj = http.cookiejar.CookieJar()
opener = urllib.request.build_opener(
urllib.request.HTTPRedirectHandler(),
urllib.request.HTTPHandler(debuglevel=0),
urllib.request.HTTPSHandler(debuglevel=0),
urllib.request.HTTPCookieProcessor(cj))
opener.open(get_url) #First call to capture the JSESSIONID
resp = opener.open(post_url, payload)
resp_html = resp.read()
resp_headers = resp.info()
Any other requests using the opener you created will re-use that cookie and you should be able to freely navigate the site.