I'm using PayPal's new iOS SDK for a mobile app I'm doing. When a payment is processed, a verification of type: Adaptive Payments (when the user pays with PayPal) and
REST APIs (when the user pays with a credit card) are processed. My question is what am I suppose to do with these verifications. I've read their documentation but it isn't all that clear, obviously verifying helps with fraud, but I'm confused on the steps that are needed to handle these verifications. Do I send it to my server(php), if so what is my server suppose to do with it? Should I save these in the db? I'm new to PayPal if anyone could give some advice, I'd appreciate it thanks.
Example of Verification:
{
"proof_of_payment": {
"adaptive_payment": {
"pay_key": "AP-70M68096ML426802W",
"payment_exec_status": "COMPLETED",
"timestamp": "2013-02-20T00:26:25Z",
"app_id": "APP-91B933855X481767M"
}
},
"payment": {
"short_description": "Hipster t-shirt",
"amount": "9.95",
"currency_code": "USD"
},
"client": {
"platform": "iOS",
"paypal_sdk_version": "1.0.0",
"environment": "live",
"product_name": "PayPal iOS SDK"
}
}
You should send them to your server.
Your server (which you trust) should communicate directly with PayPal to verify that the proof of payments are valid. The documentation on verifying proofs of payment has details on what API calls you can make for verification. If you have specific questions about them, you should ask those separately, with details. The reason to verify them is that, if you don't, someone could give you a fake proof of payment and you wouldn't know it.
You probably want to save them in the db (or at the very least important chunks of them like the pay_key or payment_id).
Related
I'm trying to not allow users access to my app if they decline the payment charge. If the charge was declined then the app shouldn't be installed.
From Shopify API doc, there is return_url when the charge was accepted:
"return_url": "http://super-duper.shopifyapps.com"
The URL where the merchant is redirected after accepting the charge.
But, when the charge was declined, Shopify only redirects user to the Apps tab in store. https://www.screencast.com/t/yCykunWY
Is there any way to handle if the charge was declined?
Yes, there is a way.
First of all, visit the following page from the official Shopify forum and where you will find a summary of the "charge workflow".
Now, let say that you are using the REST API in order to create recurring application charge. According to the documentation, if there is no error, a typical response should look like that:
HTTP/1.1 201 Created
{
"recurring_application_charge": {
"id": 1029266959,
"name": "Super Duper Plan",
"api_client_id": 755357713,
"price": "10.00",
"status": "pending",
"return_url": "http://super-duper.shopifyapps.com/",
"billing_on": null,
"created_at": "2022-04-05T13:28:11-04:00",
"updated_at": "2022-04-05T13:28:11-04:00",
"test": null,
"activated_on": null,
"cancelled_on": null,
"trial_days": 0,
"trial_ends_on": null,
"decorated_return_url": "http://super-duper.shopifyapps.com/?charge_id=1029266959",
"confirmation_url": "https://jsmith.myshopify.com/admin/charges/755357713/1029266959/RecurringApplicationCharge/confirm_recurring_application_charge?signature=BAh7BzoHaWRpBA9eWT06EmF1dG9fYWN0aXZhdGVU--f6da6826caf9441c9fc206dd50a0882bd41fd770"
}
}
There are at least two parameters you shall keep in your records (most likely in a data base together with a relation with the corresponding shop): the status (which is active if the merchant accepted the subscription) and the id of the charge.
Now, next time the merchant attempts to use your app, before allowing access to your app, check from your records if the status is active. If not make a request to update the status using the Retrieve a single charge endpoint with the charge id you got when you created the charge. if it is still not active keep denying access. You may also create a new charge and point the merchant to that charge's page so he can accept the subscription this time.
I use Twilio [currently sandbox] for WhatsApp API.
I post to webhook when message is arrive to sandbox, I get data like this:
{"SmsMessageSid":"xxxxxxxxxx","NumMedia":"0","SmsSid":"xxxxxxxxxx","SmsStatus":"received","Body":"try1","To":"whatsapp:+14xxxxxxxxxx","NumSegments":"1","MessageSid":"xxxxxxxxxx","AccountSid":"xxxxxxxxxx","From":"whatsapp:+97xxxxxxxxxx","ApiVersion":"2010-04-01"}
Is there a way to get the username?
WhatsApp Facebook API does have a name in the payload:
{
"contacts": [ {
"profile": {
"name": "Kerry Fisher"
},
"wa_id": "16315551234"
} ],
"messages":[{
"from": "16315551234",
"id": "ABGGFlA5FpafAgo6tHcNmNjXmuSf",
"timestamp": "1518694235",
"text": {
"body": "Hello this is an answer"
},
"type": "text"
}]
}
Source: https://developers.facebook.com/docs/whatsapp/api/webhooks/inbound
Talking to Twilio my team got the response bellow:
Twilio does not manage a user database. Although this is a data
variable on the WhatsApp API, we are not leveraging it immediately as
it is not mandatory from the WhatsApp docs and our data structure may
not fully support this yet.
Again the Beta Nature of the Product will unveil product needs and
features in which we have not moved forward with how or if we plan to
support this.
There is at least one provider that I know that has this feature.
For me looks like Twilio recycled all the architecture they have for SMS without any regret of any drawbacks. We just found one, the absence of WhatsApp username in the message payload.
I reached Twilio asking for a deadline for this feature but until now I didn't receive any news yet.
The From is the WhatsApp username, do you mean how to programmatically extract the username (and if so, is there a particular language you are using)?
"From":"whatsapp:+97xxxxxxxxxx
There is no username, all you will get is the number of the user that sent the message, which is the "From" value, unless the sender tells you its username through the message body.
While syncing contacts using the People API, I've run into a quota limit error which I don't understand and haven't found any information about it on the net. The error is the following:
"error": {
"code": 429,
"message": "Resource has been exhausted (e.g. check quota).",
"status": "RESOURCE_EXHAUSTED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.QuotaFailure",
"violations": [
{
"subject": "QUOTA_EXCEEDED",
"description": "FBS quota limit exceeded."
}
]
}
]
Does anyone have any idea what this error is related to ?
Thanks
I have decided to create an answer from my comment, for future reference.
The error 429 indicates that you maybe violating the google's terms of service (especially under d. API Limitations). To quote it:
d. API Limitations
Google sets and enforces limits on your use of the APIs (e.g. limiting
the number of API requests that you may make or the number of users
you may serve), in our sole discretion. You agree to, and will not
attempt to circumvent, such limitations documented with each API. If
you would like to use any API beyond these limits, you must obtain
Google's express consent (and Google may decline such request or
condition acceptance on your agreement to additional terms and/or
charges for that use). To seek such approval, contact the relevant
Google API team for information (e.g. by using the Google developers
console).
When you made too many calls you were probably put on a blacklist, which expires in some time. The limit for People API. You need to apply for higher quotas.
For example, Google Play Developer API has a 200 000 calls per day, you have to request if you need more.
The google probably wants you to have a good reason to have more and also is protecting from the DDOS attacks.
I have a webhook subscribed to Page feed events.
I want it to tell me when a public event has been created on the page OR a page the user manages.
The app dashboard tells me this is the JSON object that will get sent to me:
{
"field": "feed",
"value": {
"item": "status",
"post_id": "44444444_444444444",
"verb": "add",
"published": 1,
"created_time": 1536110879,
"message": "Example post content.",
"from": {
"name": "Test Page",
"id": "1067280970047460"
}
}
}
Is the event id delivered in the post_id field?
If not, how is it passed to me?
How can I test this further?
Is my only choice to create events by hand, record the event id and fill it in as the returned post_id?
Can this webhook receive notification from multiple user's pages?
If so, how do I configure it to do so?
If not, how do I do something like that? Do I need multiple webhooks?
As per relevant webhooks doc reference https://developers.facebook.com/docs/graph-api/webhooks/reference/page/#feed
event_id is not delivered in the post_id.
event_id is passed inside value as event_id, you may need to check you app, seems like event_id is being filtered out in the response.
Testing it further is a broad query, although you could use curl to perform testing with the configured FB account.
In a more generic context, the above webhook response can be used to autogenerate/handle the post, that is the core purpose of the existence of the webhooks(to trigger and automate events as and when occurred).
No, this webhook is page specific.
You need to configure the webhook for each page separately. (Find the page_ids that can be used to work with other pages corresponding to the user)
The same webhook shall work, although the only difference shall be the page parameter, so you would have to configure another set of webhooks for each page, with a unique page_id related to that user account.
Note: Refer to https://developers.facebook.com/docs/graph-api/webhooks/getting-started for testing the webhooks.
I am trying to use google play games services for web.
gapi.load('auth2', function() {
GA = gapi.auth2.init({
client_id: "...",
scope: "https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/games"});
});
I have two account, one with google+ and one without.
I can signin with both.
GA.signIn()
But when I try to submit score
gapi.client.games.scores.submit
The account without google+ returns error
{
"error": {
"errors": [
{
"domain": "global",
"reason": "UserRegistrationIncomplete",
"message": "User has not completed registration."
}
],
"code": 401,
"message": "User has not completed registration."
}
}
I guess it means Account needs a google+ upgrade.
So, how can I require this when user signIn?
Or maybe there is another solution?
Actually, Google+ is no longer used by Play Game Services. Starting last year, "Games Lite" was rolled out which makes players create a profile that is not publicly linked to their identity. This was done to reduce the amount of friction created by having the player accept a permission consent before playing the game. More info: https://android-developers.googleblog.com/2016/01/play-games-permissions-are-changing-in.html
Unfortunately, the profile creation is Android only, so if the player has not signed into a game on Android, they will not have a profile and you will get this error.