Express Checkout Return URL C# - api

I am using the PayPal API in C# and calling the .SetExpressCheckout() with a return url of:
http://www.MyWebsite.com/Success?transactionId={DynamicToken}
Is it possible that PayPal isn't returning the transactionId token that I have specified or is that improbable? I am trying to diagnose a few random errors (from hundreds of successful transactions) and wondering would it ever drop the parameter I have specified in the Return URL?
Also is it safe to assume that if PayPal returns 'Successful' but I DONT call .DoExpressCheckout() that no money has been taken and I can start again?

SetExpressCheckout will always return a response something like this:
NVP Response:
TOKEN=EC-8FL80454MK5202351
TIMESTAMP=2015-09-10T02:53:36Z
CORRELATIONID=bff60e96e81c4
ACK=Success
VERSION=109.0
BUILD=000000
and you will need to redirect to the checkout page
https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-8FL80454MK5202351
Once the buyer login and completes, it will redirect to your returnurl+EC-token+payerid
http://index.php?action=ECreturn&token=EC-8FL80454MK5202351&PayerID=7SGRP23PR8MWY
So, PayPal always does return the EC-Token and after this you will need to call Doexpresscheckout API to complete the payment without this the transaction is not complete.
VERSION = 109.0
METHOD = DoExpressCheckoutPayment
TOKEN = EC-8FL80454MK5202351
PAYMENTACTION = Sale
PAYERID = 7SGRP23PR8MWY
AMT = 0.01
for example if you have a return url like this
RETURNURL = index.php?action=ECreturn?test=1
then it after Setexpresscheckout is complete, Paypal will redirect to the following URL
index.php?action=ECreturn?test=1&token=EC-5K62958L49079615&PayerID=7SGRP23PR8MWY

Related

intermittent error from rally 'Not authorized to perform action: Invalid key' for POST request in chrome extension

I developed a chrome extension using Rally's WSAPI v2.0, and it basically does the following things:
get user and project, and store them
get current iteration everytime
send a post request to create a workitem
For the THIRD step, I sometimes get error ["Not authorized to perform action: Invalid key"] since end of last month.
[updated]Error can be reproduced everytime if I log in Rally website via SSO before using the extension to send requests via apikey.
What's the best practice to send subsequent requests via apikey in my extension since I can't control end users' habits?
I did see some similar posts but none of them is helpful... and in case it helps:
I'm adding ZSESSIONID:apikey in my request header, instead of user /
password to authenticate, so I believe no security token is needed
(https://comm.support.ca.com/kb/api-key-and-oauth-client-faq/kb000011568)
url starts with https://rally1.rallydev.com/slm/webservice/v2.0/
issue is fixed after clearing cookies for
https://rally1.rallydev.com/, but somehow it appears again some time
later
I checked the cookie when the issue was reproduced, and found one with name of ZSESSIONID and its value became something else rather than the apikey. Not sure if that matters though...
code for request:
function initXHR(method, url, apikey, cbFunc) {
let httpRequest = new XMLHttpRequest();
...
httpRequest.open(method, url);
httpRequest.setRequestHeader('Content-Type', ' application\/json');
httpRequest.setRequestHeader('Accept', ' application\/json');
httpRequest.setRequestHeader('ZSESSIONID', apikey);
httpRequest.onreadystatechange = function() {
...
};
return httpRequest;
}
...
usReq = initXHR ('POST', baseURL+'hierarchicalrequirement/create', apikey, function(){...});
Anyone has any idea / suggestion? Thanks a million!
I've seen this error when the API key had both read-only and full-access grants configured. I would start by making sure your key only has the full-access grant.

eBay Browse API: shopping cart add item doesn't work

Working with Ebay's Browse API I'm having an issue with the /shopping_cart/add_item method, when I call it, it systematically returns an error 204.
I'm working on the API's sandbox. The calls are made from an iOS application in Canada. Until then, I had no issues requesting and retrieving data from responses.
Here's how I proceed:
Using the sandbox, I retrieve mock items with /item_summary/search.
The user goes through the OAuth process and grants his shopping cart access to my app. It returns a user access token that I use for the following request.
Finally, I call add_item with the following parameters:
Request JSON parameters:
{"quantity": 1, "itemId": "v1|110385018358|0"}
Request headers:
Authorization: Bearer [sandbox user access token from step 2.]
Content-Type: application/json
X-EBAY-C-MARKETPLACE-ID: EBAY_US
Then I get an empty response (aka error 204), while it shouldn't as mentioned in the documentation.
The response I get only contains headers which are the following:
{
Status Code: 204, Headers {
Connection = ( "keep-alive" );
"Content-Encoding" = ( gzip );
"Content-Length" = ( 0 );
"Content-Type" = ( "application/json" );
Date = ( "Thu, 22 Nov 2018 15:14:32 GMT" );
RlogId = ( "t6q%60ktkjvdbwrfsl%2Bbmsgcufboja%7Ct6n%3C%3Dsm%7Eufhuoluefqqgwj%284%3F34%3F11%2Busqdrrp%2Bufmadh%7B%2Bceb%7Ce4-fij-1673bfca0ca-0x133" );
"Set-Cookie" = ( "dp1=bu1p/QEBfX0BAX19AQA**5dd7fb58^;Domain=.ebay.com;Expires=Sat, 21-Nov-2020 15:14:32 GMT;Path=/" );
"X-EBAY-C-REQUEST-ID" = ( "ri=LVOZVdAO%2FSpS,rci=n76DxeaOd61P0WBf" );
"X-EBAY-C-VERSION" = ( "1.0.0" );
"X-EBAY-REQUEST-ID" = ( "1673bfca0a9.a0962ac.25e7e.fffdc702!/buy/browse/v1/shopping_cart!10.9.98.172!esbnewesbngcos[]!add_item!10.9.103.137!r1remshopcartapi-envadvcdhidzs5k[ItemClient[!Ginger.ViewItemServiceV1.litedetails!10.9.99.212!r1viappsvc-envadvcdhidzs5k[]]!ShopcartServiceClient[!Ginger.shopcase.v2.POST!10.9.101.40!r1scartsvc-envadvcdhidzs5k[]]]" );
"X-EBAY-SVC-EP-COOKIELET" = ( "321=0001542899671242" );
"X-EBAY-SVC-TRACKING-DATA" = ( "<a>nqt=AA**&!_epec=7,6,8&nqc=AA**</a>" );
}
}
Moreover, logged in the ebay sandbox website with the test user I used above, if I open the cart, I get an error page stating:
We were unable to load your cart. Please try again. If the problem persists, contact Customer Support or send us feedback.
Still from the sandbox website, when I open any item, I get another error stating:
Unfortunately, access to this particular item has been blocked due to legal restrictions in some countries. [...]
I still hope the problem is on me and not on Ebay as their API is still a Beta.
Well ... It was nowhere in the API documentation, but hidden somewhere on the Sandbox website page "unsupported feature list for the sandbox":
Cart is not supported. You may see some functionality working, like adding items to your cart, but please do not depend on or expect cart to function properly.
Although it states that AddItem may work, it actually does not, so I guess it is expected and that I should take this as the answer to my question.
Quite frustrating...
I guess I all I can do is to wait for Ebay's partnership approval.

How to make a shopify API request inside webhook callback script

I am writing my first Shopify app that will unpublish a product once its inventory level goes below threshold.
For that I register a webhook with callback URL http://example.com/script.php that will be called by Shopify once product update event occurs.
In script.php how do I obtain Shopify API token to make PUT request to products/update to unpublish it?
Here is my script.php so far (I know I am missing hmac validation but that is not the point):
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST'){
session_start();
require 'shopify.php';
$api_key = 'api_key';
$secret = 'secret';
$sc = new ShopifyClient($_SERVER['HTTP_X_SHOPIFY_SHOP_DOMAIN'], $_SERVER['HTTP_X_SHOPIFY_HMAC_SHA256'], $api_key, $secret);
$inventory = $_POST['inventory_quantity'];
$old_inventory = $_POST['old_inventory_quantity'];
if($inventory <= 0){
$args = array("product" => array("id" => $_SERVER['HTTP_X_SHOPIFY_PRODUCT_ID'], "published" => false));
$sc->call("PUT","/admin/products/".$_SERVER['HTTP_X_SHOPIFY_PRODUCT_ID'].".json",$args);
}
}
I am trying to use $_SERVER['HTTP_X_SHOPIFY_HMAC_SHA256'] but obviously that is wrong.
Shopify sends you the name of the shop in the header of every webhook. So your webhook can now authenticate the incoming call, and with the shop name, you simply query your persistence layer for the matching shop credentials. If you find the shop, you can open up an API session very easily, since you have the two things you need:
shopify domain name of the store
shopify access token
Note that a better way to hide products is to consider listening to the orders webhooks, which provide orders and products, and then query the inventory level of the product sold. Working off of product/update webhooks could be super obnoxious in terms of the number of calls you might have to process in comparison to orders.

Sagepay token system delete token

I'm using Sage Pay token system, evrithyng is working fine I store the tokens on my side. The question is if I want to remove a token is it fine to remove it only from my side, and then if some one wants to add tha card again to create another token or I have to send a request to sagepay with StoreToken = 0 param?
You can remove the token from your side only, but I would recommend sending a REMOVETOKEN request to Sage Pay to remove it (or setting StoreToken=0 on usage) - token storage is charged above a certain threshold. No point paying for something you can't use.....
Your end user can create another token if required.
Here goes the code:
# REMOVE TOKEN REQUEST
if(YourCondition=='OK')
{
$strRemoveTokenURL = "https://test.sagepay.com/gateway/service/removetoken.vsp";
$sToken = 'Token Stored your side';
$strPost = "VPSProtocol=3.00&TxType=REMOVETOKEN&Vendor=yourvendorid&Token=".$sToken;
$arrRemoveResponse = requestPost($strRemoveTokenURL, $strPost);
}
# REMOVE TOKEN RESPONSE
echo '<hr>';
print"<pre>";print_r($arrRemoveResponse);print"<pre>";
exit;

Negative Testing for PayPal using Sandbox with VB.NET - how to simulate different scenarios?

I have a website written in VB.NET that implements PayPal for payments. This is all working fine for successful payments, but I need to be able to simulate scenarios of a failed transaction, pending transaction, etc.
I have read the documentation, which starts on page 47. I enabled Negative Testing in a business account that I created in a Sandbox, but I am not getting desired results.
To simulate an error, as specified in the documentation, I'm passing an error code to Token, which is then used in a request to DoExpressCheckoutPayment - code below - but instead of this raising the error 10417, the response says Invalid Token:
Dim oldToken As String
With RequestDetails
oldToken = .Token
.Token = "10417"
End With
Dim request As New DoExpressCheckoutPaymentRequestType
request.DoExpressCheckoutPaymentRequestDetails = RequestDetails
Dim response As DoExpressCheckoutPaymentResponseType
response = DirectCast(caller.Call("DoExpressCheckoutPayment", request),
DoExpressCheckoutPaymentResponseType)
Questions:
What am I doing wrong in the code above so that I can't trigger a correct error?
How do I simulate a response where the status is Pending, Processed, Failed, etc.?
I was testing this about a week ago and was receiving the same problem, now, I no longer receive an error:
API Request:
METHOD=DoExpressCheckoutPayment
VERSION=82
token=10755
PayerID=GNT5WLV6WKLYW
PAYMENTACTION=Sale
AMT=456
PAYMENTREQUEST_0_AMT=458
PAYMENTREQUEST_0_ITEMAMT=458.00
PAYMENTREQUEST_0_SHIPPINGAMT=20.00
PAYMENTREQUEST_0_TAXAMT=46.20
PAYMENTREQUEST_0_CURRENCYCODE=USD
PAYMENTREQUEST_0_DESC=test EC payment
L_PAYMENTREQUEST_0_NAME0=Books
L_PAYMENTREQUEST_0_AMT0=154.00
L_PAYMENTREQUEST_0_NUMBER0=ABC123
L_PAYMENTREQUEST_0_QTY0=2
L_PAYMENTREQUEST_0_NAME1=CDs
L_PAYMENTREQUEST_0_AMT1=50.00
L_PAYMENTREQUEST_0_NUMBER1=BY-Z4736
L_PAYMENTREQUEST_0_QTY1=3
API Response:
TIMESTAMP=2011-09-27T20:39:57Z
CORRELATIONID=13126abeb4615
ACK=Failure
VERSION=82
BUILD=2133933
L_ERRORCODE0=10755
L_SHORTMESSAGE0=Unsupported Currency.
L_LONGMESSAGE0=Currency is not supported
L_SEVERITYCODE0=Error
I did find an article on x.com that deals with this issue as well.