I am new to this payment gateway and was trying to implement Paytm Gateway.
What I have understood about checksum is that it is used to find out if the request is tempered or not and to implement it, we are creating the checksum before sending the request to the paytm gateway and checking the same in response that we are getting from the paytm gateway.
I have gone through the sample Paytm gateway code mentioned in the below Github URL and couldn't understand how it is validating the checksum in the paytm response. Its calling the verifyCheckSum method on line 73 after that its just checking if the transaction is successful or not irrespective of the verifyCheckSum returned value.
https://github.com/Paytm-Payments/Paytm_Web_Sample_Kit_NodeJs/blob/master/checksum/server.js
Am I missing anything??
Paytm has upgraded the checksum library. The github link for the latest library is mentioned on the developer page of paytm. Also mentioning the link of github here as well:
https://github.com/paytm/Paytm_Node_Checksum
Related
We are using twilio to send/receive SMS messages. We have a webhook configured to receive the messages sent by a customer. We want to validate if the request infact originated from twilio. I was going through the documentation and found that there is a method called validated in twilio sdk. For some reason we are not using the sdk. So we want to validate it by ourself. Can anyone please tell me how to validate?
You can do it yourself without the SDK if you wish.
In short, you'll have to use https for your webhooks when configuring at Twilio, and, on your server side, validate a signature which Twilio sends as a header X-Twilio-Signature when making the request.
Computing the signature means to re-assemble the request data and compute a hash using your Twilio account AuthToken.
This is explained in more details on Twilio's docs here:
https://www.twilio.com/docs/usage/security#validating-requests
I am developing a performance test script for hybrid mobile application using Rational Performance Tester V9.0 & V8.7.
The mobile application sends the request to IBM Mobile First Server v8.0 which authenticates its user using OAuth with JWT (JSON Web Token).
I tried enhancing the script and replayed but it fails at login step in an API which requests for token /mfp/api/az/v1/token
Below mentioned is the request & response for the API call,
URI: POST /mfp/api/az/v1/token
Request:
client_assertion=eyJhbGciOiJSUzI1NiIsImp3ayI6eyJhbGciOiJSUzI1NiIsImUiOiJBUUFCIiwiZXh0Ijp0cnVlLCJrZXlfb3BzIjpbXSwia3R5IjoiUlNBIiwibiI6IjAtX19nSjFLWnZsVlU5M1JGRlFuZk80TGdLeUhTN3hIMVg3RUw2ZGhKa1B6SGQ0cUhEaHdFQzFIT0k0cHhmeEMzZWh6M1I3cXQtU3A5WnpOb3o4Z1lDTVRmSmh3T21OZWh5dkNkMDU3V09PVjB1b0ZPQmFpS21pMG9qdHJoMFMzMlNuS1VWTElwekxhQUZJSkhsOGtCSm9sZ21JQW9hZHNRdFpTUWg0MVJZN2c3aWNCUzlJRkRCdGdDbUtjRHlRY29VSnpTWkIxZk1ZY2VYNGFBNDZ3elkwRkdaY3hxcG11U1kwV0xCTEhDUjdLSm9oa2wwZDk4OFlSVGtuQkE3dFBLTEF4RnQxT2daQ1BYR1owWW41ZHFKN3ZwWXZtd21hc09vSFNacWp3cktMOW51MDR0QUZ1OENHZ3ZrTnZPUmJjRFRQaElvcy1iQ0J0ZFhXZjBWek1uUSIsImtpZCI6IjYxZWNkMjY2LTNjYTItNDhlYy04M2M2LTY3MTk5MGVjNzdlOCJ9fQ%3D%3D.eyJpc3MiOiJlQmFua2luZyR3ZWIiLCJzdWIiOiI2MWVjZDI2Ni0zY2EyLTQ4ZWMtODNjNi02NzE5OTBlYzc3ZTgiLCJleHAiOjE1Mzk3Nzc3NjMxNzQsImlhdCI6MTUzOTc3NzcwMzE3NCwianRpIjoiLTQ0NjkwNTY3Njc4NzAzMTYyNzEiLCJhdWQiOiJhei92MS90b2tlbiJ9.nMcfmOPDcLjONOXhF%2B3mArM87AiPfqEPp5Bk815f9Dg7VaaIgY41jeSmlWASCdmjf9Cno3%2BwHGom%2BzAEGQDdFkmBjLpCY7TnCAv9j8HzIPDubYdSQW2pq7WKVz%2FvEQ8Z5Pa8jh8aAMTlrsBnjlPoiVfcqHBh%2F2vpHZnKvkSoCOcA2TAeJnioSlp4vpWOc26IsMwKYMqZlVs9K2Z8JwHQvESKlzDu9etxYnnQfxyqunwhG%2B5T9GKgMmCAo1%2BBGqqsEtTwOG5UmhoyYIYbMnNHzHFdl8fWwMMOtpf%2F3RqjBYNeAsZ%2BTuGkskLlA5hrLiHmfOhzPYstr8tCO2IMLbTpjQ%3D%3D&code=5059335353176972418&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fuatirmob.qcdib.com%2Fmfp%2Fapi%2Faz%2Fv1%2Fauthorization%2Fredirect%2F17553a31-f583-44f9-9b7a-d8fab31b3bff&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
Response:
{"errorCode":"invalid_client","errorMsg":"Incorrect JWT format"}
I noticed that the client_assertion value carries dynamic data in JSON form when I decrypted with https://jwt.io/#debugger
Also, developed encryption logic mentioned in IBM mobile first site to generate the client_assertion value referring this link: https://mobilefirstplatform.ibmcloud.com/blog/2016/08/09/performance-testing-for-mobilefirst-foundation-8-0/
It was not successful after following the above steps.
Please provide solution to handle the /mfp/api/az/v1/token request and generate access token which will passed in the subsequent requests.
Thanks in advance.
We have documented performance testing instruction for JMeter.
Please refer to link here for more details - https://mobilefirstplatform.ibmcloud.com/blog/2016/08/09/performance-testing-for-mobilefirst-foundation-8-0/
Please refer to section "Sign grant code" and ensure you are following steps properly [ https://mobilefirstplatform.ibmcloud.com/blog/2016/08/09/performance-testing-for-mobilefirst-foundation-8-0/#sign-grant-code ]
Try the latest Mobilefirst v8 build (late Oct 2018) which will fix this.
If I just want to enable Oauth with goolge do I need to enable apis for that?
If I do which ones do I need I just want to be able to use passthru authentication with oauth2, I have been looking at questions for hours trying to find a solution to this error. the only thing that doesn't look quite right is that the full client_id is not displayed in the error the url is a little longer.
401. That’s an error.
Error: invalid_client
The OAuth client was not found.
Request Details
response_type=code
redirect_uri=http://localhost:8080/auth/google/callback
scope=profile email
client_id= 404342589460-ig7nuv617skbfaestvsc1jrpqtnipvv2.apps.googleuserconte
Don't need to enable apis. After copy values from Google web UI, remove blank space at the beginning and at the end of both client ID and secret.
When implementing OAuth in Intuit Anywhere, I get 401 Unauthorized (Signature Invalid) error while requesting request token.
I am sure that I have implemented my signature part correctly. I verified it with the result of an available tool as well.
I have included oauth_callback also in my signature generation apart from other oauth_* parameters.
Intuit Anywhere asks for certain URLs like application URL, disconnect URL, manage users URL. What is the significance of these URLs?
I am trying to develop a non ui application which would consume IPP's data services.
Lalit, there's documentation on those fields you are asking about here.
On the OAuth request part, if you update your question with an example of your query parameters and signature I may be able to help.
Lalit,
A couple of avenues through which you could reach out to the Intuit team -
Post questions and read feedback in our developer Support Forums -
https://idnforums.intuit.com/
Submit IPP Developer Relations Support request -
https://ipp.developer.intuit.com/0010_Intuit_Partner_Platform/0100_Support/0010_Submit_Support_Incidents
Flickr started to support oAuth just few weeks ago and there is no up to date documentation.. I was able to pass oAuth authentication process but I am unable to upload a photo through API.
I am supposed to sign all parameters except photo parameter. This is my signature base:
POST&http%3A%2F%2Fapi.flickr.com%2Fservices%2Fupload%2F&oauth_consumer_key%3D...6b%26oauth_nonce%3D90660%26oauth_signature_method%3DHMAC-HA1%26oauth_timestamp%3D1309888296%26oauth_token%3D72157626975786735-ed7eccb40ffcc69e%26oauth_version%3D1.0d
And I use "consumer_secret&token_secret" to sign it.
It's all written in AS3 with oAuth library but I think it doesn't matter. The response I get is:
"Invalid API Key (Key has invalid format)"
I don't think there is a problem with API key..
Any suggestions guys??
Thanks
It looks like you're using the incorrect Path. The latest Oauth docs are here:
http://www.flickr.com/services/api/auth.oauth.html
you can learn more about signing requests here:
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/
and I'm not sure what language you're using but here is an example in Ruby:
https://gist.github.com/383159
and Python:
http://web.archive.org/web/20120919234615/http://mkelsey.com/2011/07/03/Flickr-oAuth-Python-Example.html