1: If some account is actually deleted at an institution but is not deleted in AggCat service. What happens when Intuit pulls data from institutions to update accounts' info? The deleted account is not updated?
2: If some account is added at an institution, how can we discover the newly added account? It seems the only feasible way is to remove all accounts of some client at that institution and have the client register accounts again. Is it correct?
Yes, The deleted account doesn't get updated. If the account doesn't exist in FI, then that account should be categorized as 'Other Account'.
You can call discoverAndAddAccounts for that FI, and call UpdateInstitution login with refresh flag set to true. This will add refreshed data to the user's profile.
Ref - https://developer.intuit.com/docs/0020_customeraccountdata/customer_account_data_api/0020_api_documentation/0020_discoverandaddaccounts
Related
I'm trying to use my delegate account (The principal account is managed by the enterprise owner) to access the PayPal developer and everything is fine until I click on the dashboard link. I'm getting a 403 error message.
Last year I was working with the same account and it was fine. I'm wondering if something have changed since the last time i used the dashboard feature? Did my user need more permissions to access the PayPal developer dashboard?
Any ideas?
if 'delegate' meaning authorized alias user ID; than in 'most' cases I have seen where one couldn't even log into the developer portal with their ALIAS ID. That said, I am aware that only the principal account owner may log into the developer portal using their email and password.
The permissions of an alias cannot be altered to allow such access even if they have the highest permissions on the account itself; ADMIN.
It is possible that this may have changed since last year but this is what I am aware as of 2016.
Hope this helps.
So I was able to test CreateAndSend Successfully in sandbox, and have now moved my credentials to the live versions.
I created a new business account for using the live version, and have gotten my api credentials for it.
Replaced API ID,PASS,SIGNATURE with those credentials.
Connecting to svcs.paypal.com/Invoice/CreateAndSendnvoice.
and an error I'm getting back is user is not allowed to perform this action.
I set the merchant and payeremail to my email (I tried the paypal email and then the api1 email)
I was wondering if my paypal account needs to be verified to do this API call.
Thank you.
Make sure that you have a live app id and that it is approved for this feature.
Following up on this. Having my business account verified fixed the "user is not allowed to perform this action" problem I was having.
I have couple of inquiries regarding the case when an account existing in AggCat is actually removed by the client at his/her institution.
Scenario: There are 4 accounts, A, B, C, D at institution I. The client had the account A removed at his/her institution. The 4 accounts had been discovered and added to AggCat before the A was actually removed at the institution.
1: If we call updateInstitutionLogin (no credentials change), then does getCustomerAccounts return only three accounts B, C, D without calling deleteAccount in AggCat?
2: It seems to me that deleteAccount method must be called if some account is actually removed at an institution to remove the account in AggCat. Is it correct?
When an account is removed from an Institution we will return an error code on the specified account letting you know that it is closed or no longer present on the website.
If you perform a GetAccount, GetCustomerAccounts, GetLoginAccounts there is a field "aggrStatusCode" that will provide an error code for that account. It will show 0 if the account is working fine otherwise it will reference a code on the error code page. The account will show a 106 or a 324 if the account cannot be found for changes such as it being removed or changed in some way such as changing account nickname, and/or account number.
If you wish for this account to not be returned from our system you will need to perform a deleteAccount request as we do not remove accounts automatically.
My question is almost the same as this one
only difference is that users has an option to register (provides his username and password).Users should only have one account registered, if the user has the same email I merged those accounts. and my application has another method for logging in which is via Facebook.
What I basically do is
When The User visits the for site for the first time, he or she then
gets created a User Account where the it only has Username ,password
and mail address after that third-party identity record is created
and then paired with the local account.however the Users table will
have an empty Username and password, but the email will be filled
with the users email that we have retrieved from the third party
service provider
And the Second Scenario
Users attempts Register to the site. check if email exist if the
email exist but it is registered using a third party account, Use
the user populated form and insert it to the user account paired
with the third party account, in short if the users email exist in the database I
will just merged the locally created account and the third party
account.
Now my question is my approach secure and credible? if not what is the best way to merge accounts and at the same time if the user registers with the same email(the one from the third party account) and he has a third party account, those account would be merge?
The way I look at this, there is only one account. One email, one account period. There might be various attributes associated with that account, like for e.g. linked to a set of OAuth credentials etc. But fundamentally there is only one account. If your user has registered once using a social account and then try to register again on your site, send them over to the social site which they used to register the first time and ask them to login there. Then log them into your site automatically. If the user has an account with your site and then tries to register again with a social account, tell them that you already have an account on the site and ask them to login. IMHO, keeping separate accounts and trying to merge them is a messy idea.
I would provide two sets of behavior, one when logged in and one when logged out.
When logged in, you provide the ability to link to new third-party accounts. For example, you sign up with email address and password, then log in, then you can link your Facebook account. To link your Facebook account you authorize with Facebook and then store the Facebook information in that user account record.
When logged out, you must log in with existing credentials. If, when logged out, you try to create an account with an existing email address, you either prevent the log in, saying "an account with that email address already exists", or you immediately challenge the user to log in to merge the account (in which case it works like the logged in case when linking an external account, only with the order of authentication operations reversed).
In case it's not clear from the above, I recommend having a single user account and a way to record linkages between that account and external accounts. You can do this in NoSQL buy just adding fields to the user document or you can do this relationally by having a table representing external accounts with a foreign key linking them to the user ID.
Beware not to use oAuth 2.0 !
The lead author himself resigned as it's not as safe as the 1.0 version.
You should prefer oAuth 1.0 or OpenID.
You can also have a look at Persona from Mozilla
I need to find out if a customer (during checkout) is also currently logged in as a Zen Cart administrator. The purpose is for allowing certain actions to be available for an administrator placing an order on behalf of a customer (say, by telephone).
My first idea was to check $_SESSION['admin_id'].
However this does not seem to be set, instead $_SESSION['customer_id'] is.
I think this is because different session names are chosen in the admin and customer areas (zenAdminId vs zenid).
How can I find out if this customer would be logged in as an admin, had they been in the admin area at the same time?
I am working on the checkout step prior to sending off to a hosted payment service provider.
Edit: the merchant is logged in as an admin and is entering the customer's details, which are different to those of the admin account, into the checkout screens. It is a customer-not-present/MOTO setup.
You are correct - $_SESSION['customer_id'] is set. And there's nothing in the customer's table which indicates if this person is an admin. However, if they use the same email address for their customer account and for their admin account, you can look up their email in the customers table with $_SESSION['customer_id'], then match that against the admin_email field in the emails in Use this to look up table "admin."
It is worth noting that if your admin cookie isn't restricted by path SESSION_USE_ROOT_COOKIE_PATH=True that you can simply check for the cookie zenAdminID. You can read the contents of this cookie by querying zen_sessions, the sesskey being the value in zenAdminID.
You have to base64_decode the value from the result to get the session. It gives a serialised object, although unfortunately you are unable to use unserialize on it. You can load it as the current $_SESSION but this would overwrite your current one.
I simply did this to get the admin_id:
preg_match('/admin_id\|s:1:"([0-9]+?)"/', $admin_session, $admin_matches);
$admin_matches[1] giving the admin id value.