I'm trying to not allow users access to my app if they decline the payment charge. If the charge was declined then the app shouldn't be installed.
From Shopify API doc, there is return_url when the charge was accepted:
"return_url": "http://super-duper.shopifyapps.com"
The URL where the merchant is redirected after accepting the charge.
But, when the charge was declined, Shopify only redirects user to the Apps tab in store. https://www.screencast.com/t/yCykunWY
Is there any way to handle if the charge was declined?
Yes, there is a way.
First of all, visit the following page from the official Shopify forum and where you will find a summary of the "charge workflow".
Now, let say that you are using the REST API in order to create recurring application charge. According to the documentation, if there is no error, a typical response should look like that:
HTTP/1.1 201 Created
{
"recurring_application_charge": {
"id": 1029266959,
"name": "Super Duper Plan",
"api_client_id": 755357713,
"price": "10.00",
"status": "pending",
"return_url": "http://super-duper.shopifyapps.com/",
"billing_on": null,
"created_at": "2022-04-05T13:28:11-04:00",
"updated_at": "2022-04-05T13:28:11-04:00",
"test": null,
"activated_on": null,
"cancelled_on": null,
"trial_days": 0,
"trial_ends_on": null,
"decorated_return_url": "http://super-duper.shopifyapps.com/?charge_id=1029266959",
"confirmation_url": "https://jsmith.myshopify.com/admin/charges/755357713/1029266959/RecurringApplicationCharge/confirm_recurring_application_charge?signature=BAh7BzoHaWRpBA9eWT06EmF1dG9fYWN0aXZhdGVU--f6da6826caf9441c9fc206dd50a0882bd41fd770"
}
}
There are at least two parameters you shall keep in your records (most likely in a data base together with a relation with the corresponding shop): the status (which is active if the merchant accepted the subscription) and the id of the charge.
Now, next time the merchant attempts to use your app, before allowing access to your app, check from your records if the status is active. If not make a request to update the status using the Retrieve a single charge endpoint with the charge id you got when you created the charge. if it is still not active keep denying access. You may also create a new charge and point the merchant to that charge's page so he can accept the subscription this time.
Related
We are running a Shopify app. On our dashboard, we are showing a plans screen from where users can select a specific package. When a user selects a plan, on our backend we have called Shopify API.
https://{storeUrl}/admin/api/2021-04/recurring_application_charges.json
and passing it data:
recurring_application_charge: {
"name": plan name,
"price": plan value,
"return_url": url,
}
The problem is, I also want our customers to subscribe to our app recurring yearly. But this Shopify endpoint doesn't take any property like "interval" (which enables us to charge yearly). Asking you guys, maybe you've implemented the same scenario. Thanks.
I have a webhook subscribed to Page feed events.
I want it to tell me when a public event has been created on the page OR a page the user manages.
The app dashboard tells me this is the JSON object that will get sent to me:
{
"field": "feed",
"value": {
"item": "status",
"post_id": "44444444_444444444",
"verb": "add",
"published": 1,
"created_time": 1536110879,
"message": "Example post content.",
"from": {
"name": "Test Page",
"id": "1067280970047460"
}
}
}
Is the event id delivered in the post_id field?
If not, how is it passed to me?
How can I test this further?
Is my only choice to create events by hand, record the event id and fill it in as the returned post_id?
Can this webhook receive notification from multiple user's pages?
If so, how do I configure it to do so?
If not, how do I do something like that? Do I need multiple webhooks?
As per relevant webhooks doc reference https://developers.facebook.com/docs/graph-api/webhooks/reference/page/#feed
event_id is not delivered in the post_id.
event_id is passed inside value as event_id, you may need to check you app, seems like event_id is being filtered out in the response.
Testing it further is a broad query, although you could use curl to perform testing with the configured FB account.
In a more generic context, the above webhook response can be used to autogenerate/handle the post, that is the core purpose of the existence of the webhooks(to trigger and automate events as and when occurred).
No, this webhook is page specific.
You need to configure the webhook for each page separately. (Find the page_ids that can be used to work with other pages corresponding to the user)
The same webhook shall work, although the only difference shall be the page parameter, so you would have to configure another set of webhooks for each page, with a unique page_id related to that user account.
Note: Refer to https://developers.facebook.com/docs/graph-api/webhooks/getting-started for testing the webhooks.
We have classified goods website where we do not have login but users can view products listed by other users. To view details of other users, they have to provide their contact details. To verify if user has provided the correct mobile number, we send back OTP code to the number. The API flow looks like:
//API to be hit when user fills form to get seller details of particular stock (this expects "stockId" and "mobile" as input):
POST /api/lead/
{
"stockId": 123,
"mobile": 9890384328
}
Response of API if "mobile" is already verified (Response code: 200):
{
"sellerName": "xyz",
"sellerMobile": "+123232312",
"sellerAddress": "21, park street, new york"
}
Response if "mobile" is NOT already verified (Response code: 403):
{
"OTP verification required. OTP is sent to the mobile number."
}
User sends back request again with OTP received on mobile to the same lead API:
Request Payload:
{
"stockId": 123,
"mobile": 9890384328,
"otp": 1234
}
It sends back seller details in response if OTP is correct. If OTP
provided is not correct, the response is:
{
"Incorrect OTP."
}
I see few issues in this API design:
This API is doing lots of working i.e. returning back seller details, returning back OTP, verifying OTP etc. We can easily break OTP related functionality to some other API. For example one API to generate OTP i.e. GET /api/otp/, other API to verify OTP i.e. POST api/verifyotp/. This would increase number of API calls from client i.e first client will initiate POST lead API, if number is not verified, client will hit OTP API. To verify by OTP it will call verifyOTP api. If it gets verified, it will call leads API to fetch seller details. So, basically it makes 4 API calls vs 2 API calls in above approach.
This is non-complaint with HATEOS which suggests "A REST client enters a REST application through a simple fixed URL. All future actions the client may take are discovered within resource representations returned from the server."
Can someone suggest which approach is better?
Simple answer: no.
It is called single responsibility principle for a reason.
Allowing for more than one responsibility in the your public API means that the API "endpoint" has to understand the different responsibilities to "dispatch" to the "correct" implementation for each of these aspects. Or you allow your dual-responsibility API design to corrupt your implementation by having a single thing providing that implementation.
And beyond that: when you have different responsibilities, the range of OK/error return codes simply turns more complicated. That simply makes "everything" harder. For you to write tests - but also for the clients using your API.
In your case, the user does:
use /api/lead first
to be told about "not verified"
use OTP generation API to get the verification code
to then use a specific OTP API to submit verification code
to then use /api/lead again
I am trying to call this API with my eBay user auth token on the eBay API Explorer:
https://api.ebay.com/sell/inventory/v1/inventory_item
The Headers:
Authorization:Bearer [MY_EBAY_SELLER_USER_TOKEN]
Accept:application/json
Content-Type:application/json
Now I'm receiving this in response:
{
"total": 0,
"size": 0
}
Now I definitely have some items listed for sale and they are showing up on eBay. I also made sure that I am in production mode and that my auth token is also a production token.
What's going on with you eBay??? See image below:
So it turns out that eBay's Inventory API is fairly new.
Only items created via the Inventory API's can be queried with the Inventory API. Total waste of time.
Just use eBay's Trading API:
http://developer.ebay.com/DevZone/xml/docs/Reference/ebay/index.html
To list an item:
http://developer.ebay.com/DevZone/xml/docs/Reference/ebay/AddItem.html
http://developer.ebay.com/DevZone/xml/docs/Reference/ebay/AddFixedPriceItem.html
To revise an item:
http://developer.ebay.com/DevZone/xml/docs/Reference/ebay/ReviseFixedPriceItem.html
http://developer.ebay.com/DevZone/xml/docs/Reference/ebay/ReviseItem.html
To revise price or quantity of item:
http://developer.ebay.com/DevZone/xml/docs/Reference/ebay/ReviseInventoryStatus.html
Stupid eBay. All the quality engineers must have left to go work for Google or Apple. No support for json - still using tech from the 1990's
I'm using PayPal's new iOS SDK for a mobile app I'm doing. When a payment is processed, a verification of type: Adaptive Payments (when the user pays with PayPal) and
REST APIs (when the user pays with a credit card) are processed. My question is what am I suppose to do with these verifications. I've read their documentation but it isn't all that clear, obviously verifying helps with fraud, but I'm confused on the steps that are needed to handle these verifications. Do I send it to my server(php), if so what is my server suppose to do with it? Should I save these in the db? I'm new to PayPal if anyone could give some advice, I'd appreciate it thanks.
Example of Verification:
{
"proof_of_payment": {
"adaptive_payment": {
"pay_key": "AP-70M68096ML426802W",
"payment_exec_status": "COMPLETED",
"timestamp": "2013-02-20T00:26:25Z",
"app_id": "APP-91B933855X481767M"
}
},
"payment": {
"short_description": "Hipster t-shirt",
"amount": "9.95",
"currency_code": "USD"
},
"client": {
"platform": "iOS",
"paypal_sdk_version": "1.0.0",
"environment": "live",
"product_name": "PayPal iOS SDK"
}
}
You should send them to your server.
Your server (which you trust) should communicate directly with PayPal to verify that the proof of payments are valid. The documentation on verifying proofs of payment has details on what API calls you can make for verification. If you have specific questions about them, you should ask those separately, with details. The reason to verify them is that, if you don't, someone could give you a fake proof of payment and you wouldn't know it.
You probably want to save them in the db (or at the very least important chunks of them like the pay_key or payment_id).