I want to use Shopify API of “payment” - api

Thank you for browsing.
I want to use this API’s “Create a new payment”.
https://shopify.dev/docs/admin-api/rest/reference/sales-channels/payment?api[version]=2020-07
But, I got HTML on “POSTMAN”.
The details are as follows.
Url
https://XXXXXXXXXXXX.myshopify.com/admin/api/2020-07/checkouts/0076fd26194e9a11e1ad2fef27e6d369/payments.json
Body
{
"payment": {
"request_details": {
"ip_address": "114.179.82.76",
"accept_language": "en-US,en;q=0.8,fr;q=0.6",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36"
},
"amount": "11000.00",
"session_id": "east-a2fe97e4239a2141004a2586da22babd",
"unique_token": "7d80c851451dcbe1d36af87c55c573a3"
}
}
Result
<html>
<body>
<noscript>
Continue
</noscript>
<script type="text/javascript" defer>
window.location = "https:\/\/accounts.shopify.com\/oauth\/authorize?client_id=7ee65a63608843c577db8b23c4d7316ea0a01bd2f7594f8a9c06ea668c1b775c\u0026destination_uuid=194909e9-a17a-40dd-bfb7-61a6a8739c9c\u0026nonce=28f174d1a0c3dcad2ee819c1ab6772eb\u0026prompt=merge\u0026redirect_uri=https%3A%2F%2Fdrupal-integration.myshopify.com%2Fadmin%2Fauth%2Fidentity%2Fcallback\u0026response_type=code\u0026scope=email%20https%3A%2F%2Fapi.shopify.com%2Fauth%2Fdestinations.readonly%20openid%20profile%20https%3A%2F%2Fapi.shopify.com%2Fauth%2Fpartners.collaborator-relationships.readonly%20https%3A%2F%2Fapi.shopify.com%2Fauth%2Fbanking.manage\u0026state=0ed03b89f02f335f13bdc36f4813a822\u0026ui_locales=en\u0026ux=shop";
</script>
</body>
</html>
I don’t know what I am doing wrong. But, I think the following is suspicious.
I used token on URL “0076fd26194e9a11e1ad2fef27e6d369". This is “web_url”. I got it at “Creates a checkout”.
https://shopify.dev/docs/admin-api/rest/reference/sales-channels/checkout?api[version]=2020-07#create-2020-07
I used parameter of “session_id” on body. I got it at “Stores a credit card in the card vault”.
https://shopify.dev/docs/admin-api/rest/reference/sales-channels/payment?api[version]=2020-07#create_payment_session-2020-07
I used parameter of “unique_token” on body. I got it this way.
I want to use Shopify API of "payment" but I didn't understand parameter of "unique token"
Sorry for my poor English, but I want help.

Your API call is running into issues at API Authentication step. This problem arise, when you are sending cookies with POST request.
From the Shopify documentation,
Shopify prevents HTTP Basic Auth POST requests that have cookies,
which can cause POST calls to fail. If your POST call fails, then you
should try clearing your cookies.
To clear the cookies, use the Cookie manager in Postman app that can be accessed using Cookies button located below the Send and Save buttons.
Clearing Cookies in Postman
For sending authentication information, Shopify uses Basic Auth. You can read more about generating credentials and sending request at Shopify Docs for Authetication.

Related

Why can't add headers to axios.get?

I'm using axios and vue.js to play with the Fortnite Tracker API.
In their documentation it's clearly said that we need to include the "TRN-Api-Key" in header.
I tested with Postman and It works.
And this is my axios function to make the request:
let url = `https://api.fortnitetracker.com/v1/profile/${this.platform}/${this.username}`;
// username and platform are from my Vue Component.
axios.get(url, {
headers: {
"TRN-Api-Key": "xxxxxxxx-xxxx-xxxx-xxxx-xxxx" // of course from my account on their website.
}
})
.then(response => console.log(response.data))
I expect the output in json like in Postman but I had a 404 Error: "Network Error".
And in the Browser Network Debug I can't see the request header 'TRN-Api-Key'.
[EDIT]
If your app is running on a server you can write a short PHP-Script and use curl in it to access the API (I think it's even possible to generate PHPcode from Postman).
Just address this script with axios and submit your platform and usernameproperties to build the right url.
Or have a look at this post alternatively. Maybe the use of an other API like #kecinotrab provided in the acceptet answer will help you too.

how to skip Preflight Requset in vue with content-type:application/json

error :"405 not allowed Method" in post method type call in request command vue
i need call api function with content-type:application/json and post Method type with request command in vue ,but browser add preflight request with options method type and it causes this error :"405 not allowed Method"
var options = {
method: "POST",
url: "http://api.sample.com/login",
headers: {
"Access-Control-Request-Method":"POST",
"cache-control": "no-cache",
"content-type": "application/json",
},
body: '{ Username: "demo", Password: "demo", Domain: "test" }'
};
request(options, function(error, response, body) {
if (error) throw new Error(error);
body.data;
alert("ok");
});
The OPTIONS call is done whenever you do a cross-origin request. This means the domain your application is running on is different from the domain where the api is. A pre-flight request is mandatory for these requests, because the browser needs to figure out if you are allowed to do these requests. A 405 error means that the server thinks you are not allowed to make that request.
To solve this problem you can move your api to the same domain as your frontend. Please note that it cannot be on a subdomain.
A different way of solving this, is by sending back the correct headers. In your case you seem to at least miss the Access-Control-Allow-Methods response header. Make sure to send this header and either dynamically figure out which methods are allowed, or do something like the following. That would allow the most common methods to work.
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
In the comments you said that you do not have control over the api, and as such cannot change the response header. In that case your best bet is to contact whoever maintains the api and ask how to best use their api.
In the comments you said that this worked fine when you did the same thing in ASP.NET. ASP.NET is a server-side language, which means that requests in that context do not have a concept of "cross-origin". Cross-origin only comes into play in the browser, where the application runs on an actual domain.
Assuming you can set up a proxy on your application domain, you can also create a proxy that proxies all requests to the api you actually want to communicate with. You would deploy your domain on https://example.com and do your requests to https://example.com/api/endpoint. Your proxy will listen for requests that begin with https://example.com/api and proxy it to https://whatever.the.api.is/ with the appropriate endpoint and data.
Please keep in mind that while some api's might just be configured incorrectly, a lack of cross-origin response headers might just mean that the api is nog meant to be consumed through the browser. Part of this could be that the request contains a secret that should not be exposed to users that use your application, but should instead only be on the server. Using a proxy in that case would set you up for impersonation attacks, because you would expose the secret to your application, but defeat the cross-origin headers by making it appear to the application that the api is on the same domain.

Angular 2 and Symfony 3 (OAuth and API calls)

I have a project in Angular 2.4.0 where I want to call endpoints from a Symfony 3 REST API. Both projects are launched locally. To get rid of CORS errors in Http calls in Angular, I set some proxy rules as follows :
{
"/api/*": {
"target": "http://myapi.dev:8000",
"secure": false,
"changeOrigin": true,
"pathRewrite": {"^/api" : ""},
"logLevel": "debug"
}
}
The first step is the authentication with Google OAuth, so I open a new popup window (in my Angular project) :
window.open('api/connect/google', '_blank', 'location=yes,height=570,width=520,scrollbars=yes,status=yes');
Then I chose a Google account to authenticate with, then the API close the popup window automatically when successfully authenticated.
Then I call the API again to get the current logged-in user :
get(): Observable<User> {
return this.http.get('api/user')
.map((response: Response) => response.json())
.catch((error: any) => Observable.throw(error));
}
The problem is that the API throws the following :
Request URL:http://localhost:2222/api/user
Request Method:GET
Status Code:302 Found
Remote Address:127.0.0.1:2222
Access-Control-Allow-Origin:*
cache-control:no-cache, private
connection:close
content-type:json
date:Wed, 22 Mar 2017 10:20:32 GMT
location:http://myapi.dev:8000/login
server:nginx/1.11.10
transfer-encoding:chunked
x-debug-token:128b90
x-debug-token-link:http://myapi.dev:8000/_profiler/128b90
x-powered-by:PHP/7.1.3
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:no-cache
Connection:keep-alive
Cookie:PHPSESSID=18c73caec383e91904dfd239d1a95faa
Host:localhost:2222
Pragma:no-cache
Referer:http://localhost:2222/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
It seems the API don't know I'm already authenticated and tries to redirect me to the /login route for every other Http calls I want to make.
The API works as following :
/login is a twig page with a link to /connect/google (the Google OAuth)
/connect/google allows you to choose one Google Account to authenticate with
If you call any API endpoint without being authenticated, it redirects you to /login
If you're authenticated, you can call every API endpoint
If I try all above Angular Http calls directly into the browser (eg: http://myapi.dev:8000/connect/google, http://myapi.dev:8000/user) everything works well.
I really have no idea where this issue comes from.
As you said in comments, Angular app is hosted on http://localhost:2222/, but api is hosted on http://myapi.dev:8000. Those two origins are completely different. It means that when myapi.dev will begin session, set cookie, it will be unavailable on localhost. Browser is not allowed to send cookies from different origins (due to CORS). That's why api doesn't see your session id key.
Possible ways to overcome problem:
Store both apps (angular and api) on the same origin (it means same domain, same protocol, and same port) - it's the easiest way.
Catch session ID cookie value (just after it will be set) and store it inside sessionStorage. Next, create Angular's request interceptor which will add SESSION cookie to all requests which're going to myapi.dev

github API unsupported media type 415

I was using github API in Meteor but could not solved this issue:
This code tries to get the total number of traffic for a certain repo.
HTTP.call( 'GET', 'https://api.github.com/repos/hackmdio/hackmd/traffic/views',
{
headers:
{
'Content-Type':'application/json',
"Accept":"application/vnd.github.v3+json",
"User-Agent": "whales"
},
},
function( error, response ) {
if ( error ) {
console.log('---------------------------error occurred-----------------------------------')
console.log('---------------------------error occurred-----------------------------------')
console.log( error );
} else {
console.log('--------------------------data got it!!-------------------------------------')
console.log('--------------------------data got it!!-------------------------------------')
console.log(response);
}
});
Error:
{
"message": "If you would like to help us test the Repo Traffic API during its preview period, you must specify a custom media type in the 'Accept' header. Please see the docs for full details.",
"documentation_url": "https://developer.github.com/v3"
}
I searched for similar issues and added "Content-Type" and "Accept" but it's still not working.
I then tried doing this in Postman and also in terminal with the same headers but this error kept happening.
Thanks a lot.
You will need to add an Accept: application/vnd.github.spiderman-preview header to your request in order to access the Repo Traffic API whilst it is in preview form. From the API docs:
APIs for repository traffic are currently available for developers to preview. During the preview period, the APIs may change without advance notice. Please see the blog post for full details.
To access the API you must provide a custom media type in the Accept header:
application/vnd.github.spiderman-preview
The Commit Search API is currently available for developers to preview. During the preview period, the APIs may change without advance notice.
To access the API you must provide a custom media type in the Accept header:
Accept: application/vnd.github.cloak-preview
☝️This header is required.
check docs
To anyone who ends up on this page after googling why GitLab API has started throwing 415 when sending POST requests:
Make sure you pass the Content-Type: application/x-www-form-urlencoded header if you're sending stuff via post-data fields. Their docs never mention this b/c apparently many clients (like curl) do this automatically.

How to log external in .net web api 2

I'm trying to log in and register with external authentication using MVC5, web api 2 and templates from it.
I don't know how to do it. I read
asp.net web api 2: how to login with external authentication services?.
When I call
GET /api/Account/ExternalLogins?returnUrl=%2F&generateState=true
response is
{
"Name": "Facebook",
"Url": "/api/Account/ExternalLogin?provider=Facebook&
response_type=token&
client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A6685%2F&
state=Yj1...hU1",
"State": "Yj1...hU1"
}
(I don't know what is State for)
Then i can use the Url above (authentication is with cookies) and response is OK html status and some html page (i dont know why)
This call
GET /api/Account/UserInfo
response info with null loginProvider.
I want to register user with FB or Google, so i need token, but i don't know whitch access_token and how can i get it. In example (link above) is this:
POST /api/Account/RegisterExternal
Authorization: Bearer VPcd1RQ4X... (access_token from url)
Content-Type: application/json
{"UserName":"myusername"}
but what is
access_token from url ?
So, my questions are:
How can I external register / login with web api 2 templates?
What is State for? (seems like useless)
External login is Web Api is supported out of the box and can be easily plugged in using the Owin pipeline. Gettting the access token and performing all the oauth related calls are done by the Facebook Owin Provider.
You can find a sample of facebook login with a web site here