PayPal - 10001 internal error: timeout processing request Express Checkout - vb.net

I have a problem with the Express Checkout. I tried all the solution provided in the web but I cannot make it work!
I'm using VB 2012 for Web and ASP.NET. I built a cart in the web site and try to integrate PayPal Express Checkout (for now using the test account in Sandbox).
When I click on the PayPal button it shows me the error:
10001 Internal Error: Timeout processing request
Debugging the application I found that the problem is when he try to make the call:
Try
Using myWriter As New StreamWriter(objRequest.GetRequestStream())
myWriter.Write(strPost)
End Using
Catch e As Exception
End Try
Where strPost is the following:
METHOD=SetExpressCheckout&RETURNURL=http%3a%2f%2flocalhost%3a63223%2fCheckout%2fCheckoutReview.aspx&CANCELURL=http%3a%2f%2flocalhost%3a63223%2fCheckout%2fCheckoutCancel.aspx&BRANDNAME=PayPal+Sample+Application&PAYMENTREQUEST_0_AMT=36&PAYMENTREQUEST_0_ITEMAMT=36&PAYMENTREQUEST_0_PAYMENTACTION=Sale&PAYMENTREQUEST_0_CURRENCYCODE=USD&L_PAYMENTREQUEST_0+_NAME=Modena&L_PAYMENTREQUEST_0_AMT=36&L_PAYMENTREQUEST_0_QTY=1&USER=minni_1356740302_biz_api1.gmail.com&PWD=1356740320&SIGNATURE=AlYEmGf5ECuFHhwJgGlXJ.tMCTY0AFMcAx3nUjv6Ssg4RlD7YYwyoOJb&VERSION=88.0&BUTTONSOURCE=PP-ECWizard
What could be wrong?
I really need help..​Any and all help is appreciated.
Thanks in advance!

This error could simply mean there's an issue with the PayPal sandbox servers, or it could mean you have a problem with your request. I was able to successfully hit the sandbox with SetExpressCheckout just now, though, so I'm guessing it must have something to do with your request.
One thing I see right away is that you won't be able to use localhost in your ReturnURL and CancelURL because at the time that gets used it will be running from PayPal's server. As such, "localhost" will be their server, not yours, and the redirect won't work. You'll need to use your own public IP address or setup a domain of some sort to point to your test server. That could be what their server isn't liking.
Another thing I notice is that you're just using the value 36 for your amounts. PayPal documentation specifies you need to use two decimal places on amount values, so you need to make sure and pass 36.00 instead.
The next thing I notice, which is probably what's causing your problem, is that one of your parameter names is invalid: [L_PAYMENTREQUEST_0+_NAME]
You need to get that + out of there. I bet that'll fix your issue, but I'd still get those other things fixed up, too.

Related

Localhost API for TD Ameritrade

I was creating an API for TD Ameritrade (my first time creating or dealing with APIs) and I needed to put in my own call back URL. I know that callback URL is where the API sends information to and i heard that I can just use my localhost API. I scoured the internet and I dont know how that would work and I was wondering if i can just use http://localhost?
Sorry if I seem like a noob because I am
In short, yes.
Follow the excellent directions at
https://www.reddit.com/r/algotrading/comments/c81vzq/td_ameritrade_api_access_2019_guide/. (Even with them, I spent excessive time on trial and error!)
Since stackoverflow has a limit of 8 links in a response, and the localhost text string looks like a link, I’m showing it with the colon replaced by a semicolon, i.e., http;//localhost to reduce the link count. Sorry.
I used the Chrome browser after first trying Brave, which did not work for, possibly because of my option selections.
Go to https://developer.tdameritrade.com/user/me/apps
Add a new app using http;//localhost (delete existing app if there is one).
Copy the resulting consumer key text string (AKA client_id or OAuth User ID).
Go to https://developer.tdameritrade.com/content/simple-auth-local-apps, follow instructions. Note: leading/trailing blanks were inserted by MSWord due to copy/paste of the auth code, which had to be manually deleted after wasting excessive time identifying the problem. The address string looks like:
https://auth.tdameritrade.com/auth?response_type=code&redirect_uri=http%3A%2F%2Flocalhost&client_id=ConsumerKeyTextString%40AMER.OAUTHAP
This returns a page stating the server refused to connect, but the address bar now contains a VeryLongStringOfCharacters in the address bar:
https;//localhost/?code= VeryLongStringOfCharacters
Copy the contents of the address bar, go to https://www.urldecoder.org/, decode the above, and extract the text after “code=”. This is your refresh_token
Go to: https://developer.tdameritrade.com/authentication/apis/post/token-0, fill out the fields with
grant_type=authorization_code
refresh_token=<<blank>>
access_type=offline
code=RefreshTokenTextString
client_id=ConsumerKeyTextString#AMER.OAUTHAP
redirect_uri=http://localhost
Press SEND.
If the resulting page starts with HTTP/1.1 200 OK, you have succeeded.
Try updating your redirect to:
redirect_uri=https://localhost
They may require https now and you need a colon instead of a semicolon. Everything looks correct. This process generally takes me more then one attempt, and 15 minutes to an hour to get my refresh token squared away every 90 days.
dont use #AMER.OAUTHAP in client_id
If you generate a new code and based on that try to get a new access token. it should work.

C# HttpRequest sequence succeeds while running Fiddler, but otherwise fails

Background: I'm trying to log into an HTTPS site with my valid credentials, navigate to a page that has a frequently updated list, and then scrape the list.
I was using code someone else wrote, which worked until a few weeks ago. I am new to this, but even i can see that the code was not very good, so i am trying to rewrite.
First I log into the site and create an tunnel. Then I move to the page where my list is and grab the list, etc.
Here's what's weird. The login fails every time, until I turn on Fiddler. With Fiddler running it succeeds every time.
Any idea about why this would happen and how to fix?
Many thanks.
I got it working!
For anyone who finds themselves in the same situation (I've seen a number of posting of similar questions - but the answers hadn't worked for me, so I expect I am not alone), I eventually saw that I needed to set the security protocol to TLS. The specific syntax I used was:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
The setting needs to be specified before the Httpwebrequest get or post event occurs.
If you have a similar problem, I hope this helps.
I had an invalid "User-Agent" header. It contained invalid characters (ä, ö, ü).

Accessing Metacritic API and/or Scraping

Does anybody know where documentation for the Metacritic api is/if it still works. There used to be a Metacritic API at https://market.mashape.com/byroredux/metacritic-v2#get-user-details which disappeared today.
Otherwise I'm trying to scrape the site myself but keeping getting a blocked by a 429 Slow down. I got data like 3 times this hour and haven't been able to get anymore in the last 20 minutes which is making testing difficult and application possibly useless. Please let me know if there's anything else I can be doing to scape I don't know about.
I was using that API as well for an app I wrote a while ago. Looks like the creator removed it from Mashape. I just sent him an email to ask whether it'll be back up. I did find this scraper online. It only has a few endpoints but following the examples given you could easily add more. Let me know if you make any progress!
Edit: Looks like CBS requested it to be taken down. The ToS prohibits scraping:
[…] you agree not to do the following, or assist others to do the following:
Engage in unauthorized spidering, “scraping,” data mining or harvesting of Content, or use any other unauthorized automated means to gather data from or about the Services;
Though I was hoping for a Javascript way of doing this, the creator of the API also told me some info.
He says I was getting blocked for not having a User agent in the header and should use a 429 handling procedure i.e. re-request with longer pauses in between.
A PHP plugin available as well: http://datalinx.io/shop/metacritic-api/
I had to add a user agent like JCDJulian said and now it allows me to scrape. So for Ruby:
agent = Mechanize.new
agent.user_agent_alias = "Mac Firefox"
Then it stopped giving me the 403 Forbidden error.

Trello API | Move card to a new list

I'm trying to move a card from one list to another however, I keep getting this error:
23:32:04.273 - PUT https://api.trello.com/1/cards/CardId/idList?key=Key&token=Token: Trust check failed, The operation completed successfully.
I'm using this from a virtual game server via "HttpService", these are the arguments for a POST requeset(screen capture link): http://gyazo.com/d9c24682c73973473720119c7a5939f8
A request would look something like this: game:GetService("HtttpService"):PostAsync("url", data, HttpContentType (can be left empty))
My question is, Is the Syntax correct for the PUT request, and if so, any idea why I'm getting a "trust check failed" ?
The reason the trust check fails: ROBLOX disabled it for normal scripts because it creates a huge security threat to many sites including ROBLOX itself. They only allow their own scripts to run this because of this reason.
Short fix (not easy):
If you have a website, send a get request to a php page that sends put to trello.

Why would "/id" as a HTTP GET parameter would be a security breach?

While trying to debug my openid implementation with Google, which kept returning Apache 406 errors, I in the end discovered that my hosting company does not allow to pass a string containing "/id" as a GET parameter (something like "example.php?anyattribute=%2Fid" once URL encoded).
That's rather annoying as Google openid endpoint includes this death word "/id" (https://google.com/accounts/o8/id) so my app is returning 406 errors every time I log in with Google because of this. I contacted my hosting company who told me this has been deactivated for security purposes.
I could use POST instead, for sure. But has anyone got an idea why this could cause security problems ???
It can't, your host is being stupid. There's nothing magical about the string /id.
Sometimes people do stupid things with the string /id, like assuming no one is going to guess what follows, so that example.com/mysensitivedata/id/3/ shows my data because my user has id 3, and being the sneaky sort, I wonder what happens if I navigate to example.com/mysensitivedata/id/4/, and your site blindly lets me through to see someone else's stuff.
If that sort of attack breaks your site, no amount of mollycoddling by your host will help you anyway.
One reason a simple ID in the URL could be a security concern is that a user could see their ID and then type another one in, such as if its an integer they may select the next integer up, and potentially see another users info if it is not protected.