I am trying to generate a recurring payment using our test accounts and I am getting response on status url as well which is mentioned below.
Implemented as per Instructions which are mentioned on page number: 12 & 35
Here is the code which we are posting to Skrill:
<form action="https://pay.skrill.com" target="_blank" class="skrill-form">
<input type="hidden" name="pay_to_email" value="email#gmail.com">
<input type="hidden" name="currency" value="EUR">
<input type="hidden" name="return_url" value="http://domain/dev-test-page-2/">
<input type="hidden" name="return_url_text" value="Return to main website">
<input type="hidden" name="return_url_target" value="4">
<input type="hidden" name="cancel_url" value="http://domain/dev-test-page-2/">
<input type="hidden" name="cancel_url_target" value="4">
<input type="hidden" name="status_url"
value="http://domain/wp-admin/admin-ajax.php?action=skrill_response">
<input type="hidden" name="status_url2" value="mailto:email#gamil.com">
<input type="hidden" name="logo_url" value="https://domain/wp-content/uploads/2018/07/logo.png">
<input type="hidden" name="rec_amount" value="2">
<input type="hidden" name="rec_start_date" value="17/01/2019">
<input type="hidden" name="rec_end_date" value="27/01/2019">
<input type="hidden" name="rec_period" value="2">
<input type="hidden" name="rec_cycle" value="day">
<input type="hidden" name="rec_grace_period" value="2">
<input type="hidden" name="rec_status_url"
value="http://domain/wp-admin/admin-ajax.php?action=skrill_rec_status_url">
<input type="hidden" name="rec_status_url2"
value="http://domain/wp-admin/admin-ajax.php?action=skrill_rec_status_url">
<input type="text" name="amount" value="1">
<input type="submit" value="Pay" class="btn">
</form>
Response:
[action] => skrill_response
[transaction_id] => 2605308006
[mb_amount] => 39
[amount] => 39
[md5sig] => 72EE69AA174B377A6E488129CA4F5063
[merchant_id] => 111682769
[payment_type] => WLT
[mb_transaction_id] => 2605308006
[mb_currency] => EUR
[pay_from_email] => email#gmail.com
[pay_to_email] => email#gmail.com
[currency] => EUR
[customer_id] => 111683528
[status] => 2
We are not getting any response on rec_status_url. Further, we have also tried to access the recurring transaction status of above test transaction as per mentioned instructions in PDF in return I received an email that my account temporarily locked.
Am I skipping some of essential parameters?
Query string as per instructions to access the status of a recursion:
https://www.skrill.com/app/query.pl?action=status_rec&email=email#gmail.com&password=123456&trn_id=2605308006
Response:
401 Your account is currently locked. Please contact our Merchant Team at:merchantservices#skrill.com
Implemented as per Instructions which are mentioned on page number: 30
Have you solved your issue?
Most probably you merchant account is not enabled from Skrill's side to receive recurring payments. Please ask their support to enable it for you.
Also i would highly recommend you to user server-to-server request to generate 'session' for your payments, not leaving your payment parameters/data on the user's front-end(html form).
As far as i am aware about rec_status_url, it should be called only in when customer was subscribed and there was at least one sub/recurring payment, then if he cancels the plan, you should receive correct http post message.
About query.pl?action=status_rec - all MQI/API queries should contain your MQI/API password as md5 hash value - not plain text password.
Make sure that "MQI" service is enabled for your account(My Account->Settings->Developer Settings)
Cheers,
Related
As mentioned in this question's title, when using the boto3.client('s3').generate_presigned_post to generate an upload URL as per here and injecting the response of the function into the following form:
<form class="s3-upload" action="URL_VALUE" method="post" enctype="multipart/form-data">
<input type="hidden" name="key" value="VALUE"/>
<input type="hidden" name="AWSAccessKeyId" value="VALUE"/>
<input type="hidden" name="policy" value="VALUE"/>
<input type="hidden" name="signature" value="VALUE"/>
<input type="hidden" name="success_action_redirect" value="VALUE"/>
<input type="file" name="file" class="upload-input">
<p class="drag-text">Drag your file here or click in this area.</p>
<button id="uploadS3" type="submit" title="">Upload</button>
</form>
I receive the following error from AWS: The AWS Access Key Id you provided does not exist in our records.
The application runs inside a docker on AWS Fargate and has an AWS role attached to it. This must probably have something to do with the solution because the whole functionality works fine on my local machine. Furthermore, all other AWS related operations with S3 (also with SQS) work fine with that AWS Fargate/AWS role setting. I'm looking forward to any suggestions about what to do.
i am working with angular5 , i need to integrate PayUMoney payment gateway in my application , for that i added following form and test with "https://test.payu.in/_payment" domain.
Error :
Error Reason Transaction failed due to incorrectly calculated hash
parameter.
Corrective Action Please ensure that the hash used in transaction
request is calculated using the correct formula. Please note the
correct formula for calculating the value of hash:
sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||SALT)
Based on above formula and applying for this transaction, hash should
be calculated as mentioned below : hash =
sha512(gtKFFx|ba7816bf8f01cfea414140de5da|500|merit application
fees|bhagvat lande|landebm#gmail.com|||||||||||eCwWELxi) = Array
As seen above, correct hash value should have been - Array
But the hash posted in the transaction request from your end was -
e95bd46ce3cf4b3c32a63ba5f51934ef8506e0e47027512f41bff125be02cd14
My Component with Form
<form #f method="post" id="payu-payment-form" action="https://test.payu.in/_payment">
<input type="hidden" name="hash" value="e95bd46ce3cf4b3c32a63ba5f51934ef8506e0e47027512f41bff125be02cd14"/>
<input type="hidden" name="key" value="gtKFFx" />
<input type="hidden" name="txnid" value="ba7816bf8f01cfea414140de5da" />
<input type="hidden" name="amount" value="500" />
<input type="hidden" name="productinfo" value="merit application fees" />
<input type="hidden" name="firstname" value="bhagvat lande" />
<input type="hidden" name="email" value="******#gmail.com" />
<input type="hidden" name="phone" value="+91**********" />
<input type="hidden" name="surl" value="http://localhost:4200/#/payment/payment-success" />
<input type="hidden" name="furl" value="http://localhost:4200/#/payment/payment-error" />
<input type="hidden" name="service_provider" value="" />
<button class="btn btn-info" type="submit" (click)="f.submit()" value="submit" formtarget="_blank"> <i class="fa fa-money"></i> Proceed To Pay</button>
</form>
in above form i just generate one dummy hash key(SHA-256) and put their.
Questions :
how to integrate PayUmoney payment gateway in ANgular2/4/5 ?
they provided formula on their documentation for generation hash key , it tooks all other forms fields and generate hash key (SHA-256) , is their any way to create hash key at client side and how to use that ?
thanks
I need to get customer first and last names and email address for the server side logic.
As I see it there are 2 options:
Form submit with the data in the body of the request to the proxied URL
GET request to the proxied URL with the customer ID in the URL, then using the shopify API to get all customer's info
I tend to use option #1 as it saves a call to Shopify, I will send the data over https.
How would you suggest doing so?
If you are submitting to a proxy form you should check out Gavin Ballard's post about validating the customer with a hash.
I do something similar where I respond to the app proxy get with application/liquid. See the reqHash field in the sample below. This processed through ejs whose tags don't conflict with liquid for any dynamic values:
e.g.
{% if customer %}
<input name="firstName" id="firstName" type="hidden" value="{{customer.first_name}}">
<input name="lastName" id="lastName" type="hidden" value="{{customer.last_name}}">
<input name="defaultAddr" type="hidden" value="{{ customer.default_address.id }}">
<input type="hidden" name="custid" value="{{customer.id}}">
<input type="hidden" name="reqHash" value="{{customer.id | append: '<%= custSecret %>' | md5}}">
<div class="form-group">
<label for="emailAddress">Email</label>
<input name="emailAddress" id="emailAddress" type="text" value="{{customer.email}}" placeholder="Email">
</div>
{% else %}
<div class="form-group">
<label for="firstName">Name</label>
<input name="firstName" id="firstName" type="text" value="" placeholder="First Name">
<input name="lastName" id="lastName" type="text" value="" placeholder="Last Name">
</div>
<div class="form-group">
<label for="emailAddress">Email</label>
<input name="emailAddress" id="emailAddress" type="text" value="" placeholder="Email">
</div>
<div class="form-group">
<label for="CreatePassword" class="hidden-label">Password</label>
<input type="password" name="customer[password]" id="CreatePassword" class="input-full" placeholder="Password">
</div>
{% endif %}
and then validate the reqHash when the form is posted.
Responding to a comment:
The question is what are you trying to keep secret from who. The customer already knows their info. Shopify maintains the session so they trust the info is associated with the correct id. SSL is a secure transport so the customer info is only clear in the browser. The hash lets the app be sure that the customer info is associated with the correct id. It’s the app’s way to verify the login. Otherwise a bad actor can send arbitrary info to the app. The poster who wrote they’d look up the customer info from the id still needs to verify the id so that they know they have the correct id of a valid logged in customer.
In fact since I wrote this 2016 I’ve started hashing all the info that I’m including in the hidden inputs.
The hash protects your app from hackers and bored script kiddies.
implies you will possibly receive garbage. The incoming data means nothing since a bot could fill in a form and submit.
at least implies you have an actual logged in customer. If you have the ID you also have the email and name, from Liquid. If your Proxy call is from a script tag that has no access like that, you can send the customer ID from the secret customer ID cookie value, and yes, make an API call. That is not a big deal at all.
I generated a vb.net website to sell some quantity of a book. it's a vb.net site using a SQL server backend. I modeled the book's order form on the paper form the company was using. The form allows customers to specify: name, organization, address, city/state/zip, and quantity.
Once the form is complete, they submit the form to another page which records the form values in a database. I then have them press the add to cart button which is supposed to upload the cart information to paypal for checkout. For some reason the cart opens empty without any errors.
Here is my add to cart info:
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_cart" />
<input type="hidden" name="upload" value="1" />
<input type="hidden" name="business" value="XXXXXX#XXX.XXX" />
<input type="hidden" name="item_number_1" value="2015" />
<input type="hidden" name="item_name_1" value="2015 Catholic Directory" />
<input type="hidden" name="amount_1" value="15.00" />
<input type="hidden" name="quantity_1" value="<%= Request.Form("add")%>" />
<input type="hidden" name="currency_code" value="USD" />
<input type="hidden" name="notify_url" value="http://10.5.0.43/catholicDirectory complete_order.aspx" />
<input type="hidden" name="no_shipping" value="2" />
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_cart_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" style="width:120px; height:26px;" target="_self"/></center>
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
What I need to know is how do I:
Why is my cart opening empty?
Get PayPal to redirect back to my website so I can mark the transaction as paid by storing maybe a PayPal transaction ID in my database I researched this and was able to direct them back if they click a link to return, but I don't want them to have to click anything. Research directed me to seller settings in my account but can't find them to set auto return url.
You're going to want to use PayPal's IPN listener. There is an IPN simulator which you can use to make sure it's hitting your site correctly.
https://developer.paypal.com/webapps/developer/applications/ipn_simulator
https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNSetup/
You'll need to setup 2 accounts within sandbox. A personal and a business. The business account is where you send transations. You can use the personal account to login and test payments.
As for redirecting back after payment, you can set this in both your return URL and inside PayPal
<input type="hidden" name="return" value="https://yoursite.com/payment-success">
You can set auto return by following the directions here: http://wemakewebsites.com/blog/how-to-get-paypal-to-auto-return-to-your-website-after-a-customer-payment
EDIT:
<form name="_xclick" action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post" >
<input id="element_1" name="amount" type="text" />
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="yourbusiness#email.com">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="item_name" value="Payment">
<input type="hidden" name="return" value="http://yourwebsite.com/payment-success">
<input type="hidden" name="rm" value="1">
<input type="image" src="http://yourwebsite.com/images/btn-donate.png" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<input type="hidden" name="notify_url" value="http://yourwebsite.com/includes/paypal_ipn.aspx" />
</form>
Once payment is made the user will head over to PayPal to complete the payment. As long as you have the notify_url set with a working listener PayPal will hit it. In that file is where you want to put a few more db collections. PayPal can send you back a bunch of information (https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNandPDTVariables/) depending on what data you are looking for. In the following example (https://github.com/paypal/ipn-code-samples/blob/master/paypal_ipn.vb) You'd want to add your db collection after line 35 where the user has completed payment:
If strResponse = "VERIFIED" Then
The idea was not to use an IPN listener (way more than I need), but rather to ask the customer how many books they wanted and add a single item to the PayPal cart: "# - 2015 Catholic Directory" where # is the quantity. The price for the book then becomes Quantity * $15. This way I can sell any quantity I want.
My database gets filled with customer information including quantity as a separate field when they fill out the order form and then that info gets sent on to PayPal to complete payment. Also I setup PayPal to auto return back to my site when the payment is complete and then mark the order as paid. This way I can develop reports for the office selling the books indicating who ordered how many books and if payment has been received.
Problem solved. The only thing I found difficult with the process was the fact that the sandbox environment does not have auto return like the live payment system does. I had to run a dummy sale for a penny and then refund the penny to verify the auto return was working.
im trying out paypals html api where you specify price, item_name, customer information and so on in the html:
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" id="payPalForm">
<input type="hidden" name="cmd" value="_cart" />
<input type="hidden" name="upload" value="1" />
<input type="hidden" name="no_note" value="1" />
<input type="hidden" name="business" value="your#paypalaccount.com" />
<input type="hidden" name="currency_code" value="SEK" />
<input type="hidden" name="return" value="http://freelanceswitch.com/payment-complete/" />
<input type="hidden" name="tax_rate" value="25" />
<input type="hidden" name="item_name_1" value="Apple Macpro" />
<input type="hidden" name="item_number_1" value="01 - Product 1" />
<input type="hidden" name="amount_1" value="25000" />
<input type="hidden" name="item_name_2" value="Apple Macbook" />
<input type="hidden" name="item_number_2" value="02 - Product 2" />
<input type="hidden" name="amount_2" value="12500" />
<input type="hidden" name="item_name_3" value="Apple Macbook Air" />
<input type="hidden" name="item_number_3" value="03 - Product 3" />
<input type="hidden" name="amount_3" value="12500" />
<input type="submit" name="Submit" value="Submit" />
</form>
when the user clicks submit it takes him/her to paypals payment page.
but doesn't this mean that a hacker could change the order by manipulating the html code?
i can´t figure out how paypal prevents this security problem.
Of course, it does appear as if someone could just change the HTML and re-submit the form.
I'm not sure about PayPal, but Google Checkout handles this by instead of setting HTML, it gets you to create XML, encrypt it using your merchant key, and use the encrypted string in your HTML to pass across to Google. Google then decrypts it using your merchant key and voila - tamper-free.
Have a look in PayPal's documentation for something along the lines of "cart signing" or "request encryption." They may also do a callback to your server, telling you what was sent and you can compare it to your database to see if the prices are still correct.
If this is anything like other html integrations, there should be a callback directly from Paypal to your server with all the fields that were entered. You can compare these to see if any have changed. There are usually various security mechanisms such as a shared hidden key so that you can validate that the callback is genuine.
It doesn't seem like it is safe by itself. On Paypal's Securing Your Website Payments Standard Buttons page, they talk about being able to create protected payment buttons. However further on they indicate that it doesn't work if Javascript is disabled which makes the protection useless! Then they talk about other manual processes that can be performed including reconciliation and instant notifications which should occur in any sound accounting process anyway.
Encrypted website payments really seems like the only secure option to me.