HOLLER: Secure Payment over API & Titanium Studio - titanium

I am using Titanium studio to build an iphone mobile app, and I want to do the following
Send a user id using API to my server
Server processes payment for that user using the previous card on file
Server sends a success/failure response.
What is the most secure way to do this? I know if I just send the user id then anyone could hack.

Are you sure what your doing is allowed (roll-your-own Payments and credit cards in-app will generally get you rejected)
Make sure your app does not violate any of these guidelines:
11.1 Apps that unlock or enable additional features or functionality with mechanisms other than the App Store will be rejected
11.2 Apps utilizing a system other than the In App Purchase API (IAP) to purchase content, functionality, or services in an app will be
rejected
11.13 Apps that link to external mechanisms for purchases or subscriptions to be used in the app, such as a “buy” button that goes
to a web site to purchase a digital book, will be rejected
Check the latest App store review guidelines here : https://developer.apple.com/appstore/resources/approval/guidelines.html
Also refer to these SO questions for more information:
iPhone Paypal in UIWebView Appstore approval process
iOS - Integrating credit card payments
A more secure way to do this (if you pass all the above guidelines) would be to use a userid, password, and salt, encrypted either over https or SHA256. Note that you have to specify you use encryption if you go the second route, during the review process.
Here is a wikipedia article about Salt and Passwords that I used.
Here is a SHA256 library for JavaSCript that works great with Titanium and is simple to use.

Related

Developer payload (external data) in App Store server notifications

We are using server-to-server purchase notifications for Google Play and App Store mobile apps. User can pay for subscription in several ways: in web broswer (via third-party billing provider), in android application (via google play) and in ios/macos application (via app store). That is why we use custom user/subscription ids - it should be equal across all platforms/devices within single account.
Now, everhing went just fine with other billing providers until we came to App Store. We configured server side notification with callback at our server as we did it before. And now it turns out, that there is no user information in App Store receipt data. And it seems to be no way to pass that data from mobile application. For example, Google Play have so called "developer payload" field for this purposes, other providers also have possibility to add external data into server notification request. Is there any analog for App Store notifications?
Another question is about notifications itself. If there is no user information in the receipt - that means that there is no way to bind user id and receipt id data. Then what is the purpose of such notfications with external server scenario?

Can we use Lydia API or Lydia web sdk with React-Native

Lydia (easy paiement solution) propose Lydia API and web and iOS SDKs
Does anyone has a proof that Lydia auth/paiement actions can work in a React-Native app?
What I actually think:
Using the web sdk will maybe make the auth callbacks impossibles (like a web social auth on cordova => cookies policy errors)
Using the Lydia API using fetch is surelly ok, but without SDK the experience will be limited to create/read data from api.
Thanks by advance
Lydia tech lead here.
All SDKs you can find are just a quick and easy integration of the API : they are mainly distributed to not tech people. Using Lydia to make a payment is easy just one cURL.
Actually, there is no auth required for a payment through Lydia : the only thing you need is a phone number or an email address.
The API will return a link you can redirect the user to. If he has the app, it will open it for a on click payment. If he doesn't he will land on a credit card form. In both case, after the payment, he will redirected to an URL you gave when sending the payment request (meanwhile the payment confirmation will be done by a server to server call).

Can I implement Stripe Connect in IOS App?

I have read all detail about stripe payment section here. https://stripe.com/docs/connect
But unable to understand subscriptions section of this page. Please tell me how to implement stripe connect in ios app using objective-C.
Thanks in Advance.
The difference between Stripe and Stripe Connect is who plays the "merchant" role.
With regular stripe the merchant is the app provider. For example an app created by "Barney's Pizza" - The app can collect payment using Stripe for pizzas. In this case Barney's merchant details are built in to the app.
With Stripe connect the app user can register as the "merchant". For example, you create an app that allows small businesses to invoice clients. After they install the app, the user would configure their Stripe account into the app so that they received the payments. Stripe Connect also allows the app developer to charge a fee that is a percentage of the amount - so your app could be free to download but users would pay you a percentage for every charge they made.
Stripe Connect allows users to create an account with Stripe if they don't already have one, which makes the program flow a bit more complex in an app (On the web, the Stripe web site takes care of it for you, redirecting back to your page once it is done).
This answer suggests one approach to using Stripe Connect in iOS - How to use Stripe Connect in an iOS app

integrate paypal standard in iphone application

I am developing iphone application for a shopping cart, i have done all stuffs but now its turn for online payment, the web version support paypal standard and the client want to stick with paypal standard the user will be redirected and paypal site and log and complete order. Is this possible on iphone?
Some days before apple does not allow any third party payment gateway. But now apple allows it to use the third party payment gateway like Paypal. You can used paypal library which allows you to pay your payment of products which you purchased from the app. For doing all this, paypal provides the library for mobile application development. I had used it in my 3-4 apps & works fine for me.
may be this could help you
link
link
Download Mobile Express Checkout Library from library and add the same to your project.
Why not you using PayPal SDk for Mobile device ? I have integrated PayPal in my app through their MPL library and Modified some stuffs like App Key and price,Store name Receiver account details etc. And its working fine for me.
check this link which is Already answered.
Also you can have a look at Getting started Guide.
PayPal API : How to integrate it in my App? IOS5
https://developer.paypal.com/
You need to implement paypal on your web server first.
Then go to that link from UIWebview….

How to setup environment for BlackBerry in-app payment tests?

I'm trying to implement in-app payment support in a BB application.
Ok, I've read the API/docs and now I need to write a simple test. Here is what API says about testing:
To test the end-to-end purchase flow without being charged money, you can set up a BlackBerry ID as a test account. The test account allows you to download any applications or digital goods that are associated with your BlackBerry App World vendor account without incurring any costs. Local testing must be turned off for this type of testing, otherwise no network connections will be attempted.
From the above I see that I need to achieve 2 goals:
(1) "set up a BlackBerry ID as a test account" (what ever it means).
(2) "Local testing must be turned off for this type of testing" (what ever it means).
The API is vague on how to do that. I can only guess that point (1) can be done on the side of my customer (whom I'm writing the app for) via his AppWorld account. Is it true? And I'm totally out of ideas on point (2). Could anyone point me in the right direction?
Ah yes, the Payment API is particularly vague on testing, and in the latest version (1.5) RIM have removed the ability to test locally, so all testing must be done via App World. Here's how:
Setup a 'sandbox' account using the BlackBerry App World vendor portal
Upload your app into BlackBerry App world but don't publish it, just save it and leave it in draft state
Also in the vendor portal, set up your digital goods (the things available for in-app purchase)
On your BlackBerry, load App World and login with your sandbox account email address.
Within any screen in App World press ALT+TST and enter the SKU or ID of your test app.
You can then download the test version of your app (which is not available to anyone else)
Once the app is downloaded and installed you will be able to test your in app payments.
Bit of a faff, but not too hard once you've got the process sorted.