PayTm : Invalid Checksum RespCode : 330 - checksum

We are forming android hybrid app via Phonegap. Using the PayTm web integration kit.
Checksum is generated properly. But when the form is submitted for the payment **Invalid Checksum ** issue is returned.

https://developer.paytm.com/docs/api/initiate-transaction-api/?ref=payments
NOTE: Create the signature using the body parameter of the request in
the same sequence as you pass in the request.
example:
body = {"mid":"MID
HERE","websiteName":"WEBSTAGING","orderId":"ORDERIDHERE","txnAmount":{"value":"10.00","currency":"INR"},"userInfo":{"custId":"CUSTOMERID_HERE"},"callbackUrl":"https://securegw-stage.paytm.in/theia/paytmCallback?ORDER_ID=ORDERID",
"requestType":"Payment"}
Create json
json_body = body.to_json
#RUBY ON RAILS https://github.com/paytm/Paytm_Ruby_Checksum
generated_signature = PaytmChecksum.new.generateSignature(json_body, MERCHANT_KEY_HERE)
curl -X POST 'https://securegw-stage.paytm.in/theia/api/v1/initiateTransaction?mid=MID HERE&orderId=ORDERID_HERE' \
--header 'Content-Type: application/json' \
--data '{"body":{"requestType":"Payment","mid":MID_HERE,"websiteName":"WEBSTAGING","orderId":ORDER_ID_HERE,"txnAmount":{"value":"10.00","currency":"INR"},"userInfo":{"custId":CUSTOMER_ID},"callbackUrl":"https://securegw-stage.paytm.in/theia/paytmCallback?ORDER_ID=ORDER_ID_HERE"},"head":{"signature": generated_signature}}'
As you noted that I pass the body parameter in the same sequence that I used while creating signature(checksum) as in the request body parament.

i have faced the same issue for more than 2 days. i integrated PAYTM on ionic 4. my mistake was, my "TXN_AMOUNT" is in whole amount. "TXN_AMOUNT" should be in decimal number. e.g 199.33, 152.56.
On the other hand "READ THE PAYTM INTEGRATION GUIDE" carefully. it's actually quite good.
https://developer.paytm.com/docs

First try to run with postman
You will get postman collection from paytm just you need to paste key mid there
You will get the response
And please check
The parameter body should be same while creating check sum
Space is not allowed in request body even in json request

Kindly pass the same parameters value in the request which is used while generating the checksum. Also refer the paytm checksum docs available on paytm developer portal.

Related

AADSTS900144: The request body must contain the following parameter: 'grant_type'

I am trying to generate the Access_Token after generating the Authorization code using MS Graph API.
I am getting the following error (Screen shot below)
"error_description": "AADSTS900144: The request body must contain the following parameter: 'grant_type'.",
I see that grant_type is present. I checked the rest of the values to be without any spaces. Any ideas on what could be wrong here? I appreciate your support.
Thanks,
Could you please try once in graph explorer .

What is the long Twilio URL to initiate an SMS to send?

I want to test Twilio in my Terminal app by cut / pasting the long URL into terminal. This would contain all the ingrediants Twilio receives to send out a message.
I know it start with https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/ but I can't figure out the syntax of the last part. Does anyone have an example full URL?
like this: https://api.twilio.com/2010-04-01/Accounts/SID1234/AUTH6789.html?from=18005551212&to=1212333444&message=Youre order is ready.
I know this isn't secure and I should go through the required library install, then call those. It's just for my testing. Thank you
When you send an SMS using the Twilio API, you need to make a POST request to the URL, with the data as the body of the request. So the URL is: https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages.json and you can send options like the From number, the To number, and the Body as form encoded parameters in the body of the request. Don't forget you also need to send your account sid and auth token to authorize the request too.
If you are using curl, that would look like this:
curl -X POST https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages.json \
--data-urlencode "From=YOUR_TWILIO_NUMBER" \
--data-urlencode "Body=Hi there" \
--data-urlencode "To=THE_NUMBER_TO_MESSAGE" \
-u $TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN
You can't call URLs in order to send SMS via HTTP using Twilio. They do not provide an HTTP API. For that, you can use ClickSend using the following URL format:
https://api-mapper.clicksend.com/http/v2/send.php?method=http&username=xxxx&key=xxxx&to=xxxx&message=xxxx&senderid=xxxx
, where:
username = your site's username;
key = API Key;
to = recipient no.;
message = message body;
senderid = the "From" name/number.

How to call Twitter's POST /statuses/filter with 5000 user ids?

Both GET and POST methods supported by the endpoint. The POST method is recommended to call endpoint with a huge number of user ids to follow, because the GET method will lead to an oversized URL that the server can't handle. How the "follow" parameter can be passed in the body of the request?
UPD: here is what I've already tried using Insomnia (the URL is always 'https://stream.twitter.com/1.1/statuses/filter.json' and the method is always 'POST' and the server response is always "No filter parameters found. Expect at least one parameter: follow track locations"):
A plain text body with Content-Type: text/html
follow=2731236345
A json body with Content-Type: application/json
{
"follow": "2731236345"
}
Another json body
{
"follow": [
2731236345
]
}
However, when I use form-url-encoded with field "follow" and the value "2731236345" I receive the response "Unauthorized".
First of all, consider looking at the Twitter Developer Labs new endpoint, because this existing API will be retired, likely (but not yet confirmed) in 2020.
When you say "without any success", what libraries are you using, and at what levels of query parameters - you're not being very clear about what is not working here. 5000 user IDs is very large. Can you please be more specific about the errors you're seeing, and the code you're trying to run?
I've managed to connect using curl:
curl --request POST \
--url 'https://stream.twitter.com/1.1/statuses/filter.json' \
--header 'authorization: <censored>' \
--data 'follow=2731236345'
The same request doesn't work in Insomnia for some reason, but it doesn't matter for the goal of this post.

Is this Calendly.com URL Valid?

I am using webhooks for the first time with calendly.com. I would like to create a subscription as described here. When I get to doing this
curl --header "X-TOKEN: <your_token>" --data "url=https://blah.foo/bar&events[]=invitee.created" https://calendly.com/api/v1/hooks
I am concerned that the url is not in a valid format. I tried replacing the & with a ? as in here
curl --header "X-TOKEN: <your_token>" --data "url=https://blah.foo/bar?events[]=invitee.created" https://calendly.com/api/v1/hooks
but I receive this error
{"events":{"events":["can't be blank]}}
Likewise, I try to leave the & and everything after it blank and it give the same error as above.
But using a url with the & and everything in it gives a 404 not found error. Can a url even have the format they are saying is required?
But using a url with the & and everything in it gives a 404 not found error.
The URL part in the following is just the https://blah.foo/bar part before the & character.
curl --header "X-TOKEN: <your_token>" --data "url=https://blah.foo/bar&events[]=invitee.created" https://calendly.com/api/v1/hooks
The events[]=invitee.created part is a separate parameter and value. It’s not part of the url.
See the Create A Webhook Subscription page in the calendy docs:
So the URL is the site that runs your webhook; you don’t send the events parameter/value back to that site—instead you’re sending both the url param and events param to the calendly API endpoint at https://calendly.com/api/v1/hooks. The calendly backend presumably then calls to https://mywebsite.com/webhooks/invitee_created or https://blah.foo/bar whatever url you’ve given it—but without the events parameter, which is for calendly’s internal use.

Amazon Web Service Signature issue

I am trying to fetch product related data from Amazon Product API using this URL mentioned here:
http://docs.aws.amazon.com/AWSECommerceService/latest/DG/ItemLookup.html
Item Lookup URL:
http://webservices.amazon.com/onca/xml?Service=AWSECommerceService&AWSAccessKeyId=[AWS_Access_Key_ID]&Operation=ItemLookup&ItemId=B00008OE6I&Timestamp=[YYYY-MM-DDThh:mm:ssZ]&Signature=[Request_Signature]
I have entered required details/parameters in URL but I am unable to understand where to get this Signature from or how to generate this signature? Any help would be appreciated.
The easiest and fastest way would be using one of AWS SDKs. You can find the full list here: https://aws.amazon.com/tools/
When you use the SDK you just supply your access key and secret key. The libraries handle preparing the signature.
Well, there's no point in doing this by yourself in Ruby, once it has a SDK, but an explanation about signature process may be useful for some people.
Signature is the way AWS authenticates API requests. It is passed as a query string parameter on your HTTP request and is validated against your own request content and you credentials on server-side.
There are 2 versions of it: 2 and 4, explained here and here. Version 2 is not supported on newer regions (China and Frankfurt).
In version 2, which I'm more familiar with, the signature is generated based on a string with this format:
HTTPVerb + "\n" + ValueOfHostHeaderInLowercase + "\n" + HTTPRequestURI
+ "\n" + CanonicalizedQueryString
The CanonicalizedQueryString is your query string, with parameters sorted (UTF-8 byte order) by paramater names and with parameter values url-encoded.
Then you calculate an HMAC of that string, using your AWS secret key, and SHA256 or SHA1 as the hash algorithm (depending on which one you have specified on query string parameter SignatureMethod), and encode it to base64. The result of all this will be the value of the Signature parameter.
I will try to walk you through a CloudWatch request, generated manually with bash tools.
Let's say you want to list you CloudWatch metrics. The request (without the signature) would be like the following.
http://monitoring.amazonaws.com/?AWSAccessKeyId=AVUKYAMNIIGWALNMA6IG&Action=ListMetrics&SignatureMethod=HmacSHA1&SignatureVersion=2&Timestamp=2015-08-20T22%3A40%3A00.000Z&Version=2010-08-01
So, your string to sign would be:
GET
monitoring.amazonaws.com
/
AWSAccessKeyId=AVUKYAMNIIGWALNMA6IG&Action=ListMetrics&SignatureMethod=HmacSHA1&SignatureVersion=2&Timestamp=2015-08-20T22%3A40%3A00.000Z&Version=2010-08-01
Well, let's put it in a variable and do all the magic (hmac + base64)
#!/bin/bash
# your secret key
key='ry+SyjvXLvi4lYie/QfZYnxYOBQDggf01DTUxFSK'
# using 'read' to assign the signing string
# to a variable for readability reasons
read -r -d '' payload <<EOF
GET
monitoring.amazonaws.com
/
AWSAccessKeyId=AVUKYAMNIIGWALNMA6IG\
&Action=ListMetrics\
&SignatureMethod=HmacSHA1\
&SignatureVersion=2&\
Timestamp=2015-08-20T22%3A40%3A00.000Z\
&Version=2010-08-01
EOF
echo -n "$payload" | openssl dgst -sha256 -hmac $key -binary | openssl enc -base64
Then, after all this, you will end up with something like this:
xrIYF8wO0C8YOQgcdpq6MoJpBWzXEWxuTBAAoqYoGWM=
This is your signature, and finally, you just need to url-encoded it and append it to your request as one more query-string parameter.
&Signature=xrIYF8wO0C8YOQgcdpq6MoJpBWzXEWxuTBAAoqYoGWM%3D
Hopefully, if you did everything correctly (putting the sign string together, generating the hash and encoding it), your request will be accepted and, if you have enough permission, executed.
So, as you can see, it's something not worth to do by yourself. Use the SDK. ;)
Thank You guys for your response. But I have finally figured out my problem and my solution was in this gem:
https://github.com/jugend/amazon-ecs
This is what I was actually looking for and it finally helped me achieve what I was trying to. Posting it over here so people can find a better solution.

Resources