I used upi deep url upi://pay?parm-name=param-value¶m-name=pram-value&...
in psp appliaction.I am looking for request url where merchant or customer can send request to another customer to pay.Like bhim app request money. Also i want know how do we share upi deep link url in whatsapp or email
For this you need to generate URI with your details like amount, your upi id, your name and you need 2 more parameters .i.e transaction id and transaction reference id.
Like example:
private String getUpiURL(String payeeAddress, String payeeName, String payeeMCC, String trxnID, String trxnRefId,
String trxnNote, String payeeAmount, String currencyCode, String refUrl) {
String UPI = "upi://pay?pa=" + payeeAddress + "&pn=" + payeeName
+ "&mc=" + payeeMCC + "&tid=" + trxnID + "&tr=" + trxnRefId
+ "&tn=" + trxnNote + "&am=" + payeeAmount + "&cu=" + currencyCode
+ "&url=" + refUrl;
return UPI.replace(" ", "+");
}
First way After that you can share this URL. it may be in the form of String URL or you can also share in QR Code format. it depend on your application logic.
How to share image or link For this you can check this answer. https://stackoverflow.com/a/25136183/5275436
Second Way If you want in-app URL sharing or Payment request then you can use your server database structure and web logic. like Post request to customer and send notification for open this URL and Pay.
Important
Don't pass mam parameter in URL. This is for Minimum amount which provide editable mode.
As per the specification
mam: This parameter is conditional and shall be used to define a
minimum amount rule where amount field in PSP app is editable. If mam
tag is not present or ‘mam=null’ or ‘mam=’ then amount field should
NOT be editable. Note: if a customer enters the value less than value
passed in mam then UPI will decline the transaction. To reduce such
declines PSP application should not allow entry of amount below mam
value
For more information about specification you can check this link
https://www.npci.org.in/sites/default/files/UPI%20Linking%20Specs_ver%201.6.pdf
Related
I am integrating a Smart on FHIR app that will be launched from within an EHR. When the user clicks a button to launch the app, we set a GUID and the current Patient ID to a database record on our FHIR server. The assumption being that given the 'Launch' scope, the OAuth server will call the appropriate API to retrieve the Patient ID given that the GUID is included in the url params.
The call to auth looks like this:
_clientID = {the unique client ID registered to our auth server}
_redirectURL = {redirect back to auth for eventual token request}
launch={the GUID value generated at start of the session and paired with the Patient ID}
_scopes = "launch patient/*.* openid profile"
state = {some opaque value}
aud = {the base URL for our FHIR server}
string url = $"{authorizeURL}?response_type=code&client_id={_clientID}&" +
$"redirect_uri={_redirectURL}&" +
$"launch={launch}&" +
$"scope={HttpUtility.UrlEncode(_scopes)}&" +
$"state={state}&" +
$"aud=https://xxx-smart.xxxxxxxxx.com";
All of this works and I end up with a json response that includes the id_token, access_token, expires_in, token_type('Bearer'). But, no 'patient'.
My assumption was that the OAuth server would call the scope 'launch/patient' on our FHIR server but no such call is being made. In fact, I created a few endpoints just for the purpose of logging and NONE of them are being called.
Here is an example of one of my FHIR Server test/log endpoints (I created few with 1 to 4 parameters):
[AllowAnonymous]
[HttpGet("{functionName}/{id}")]
public string GetPatientData3(string functionName, string id)
{
TelemetryClient telemetry = new();
telemetry.TrackEvent($"FHIR SVR GetPatientData3 {functionName} {id}");
string configJson = "0009998888";
return configJson;
}
How do I set this 'patient' context properly?
How does the OAuth server retrieve this context so I can have that patient ID appear in the json response from the ~/token call?
Further Notes:
The contents of the openid-configuration:
{"token_endpoint":
"https://aadproxy.azurewebsites.net/xxx/oauth2/v2.0/token",
"token_endpoint_auth_methods_supported":
["client_secret_post","private_key_jwt","client_secret_basic"],
"jwks_uri":
"https://login.microsoftonline.com/xxx/discovery/v2.0/keys",
"response_modes_supported": ["query","fragment","form_post"],
"subject_types_supported": ["pairwise"],
"id_token_signing_alg_values_supported": ["RS256"],
"response_types_supported":["code","id_token","code
id_token","id_token token"],
"scopes_supported":["openid","profile","email","offline_access"],
"issuer": "https://login.microsoftonline.com/xxx/v2.0",
"request_uri_parameter_supported":false,
"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo",
"authorization_endpoint":
"https://aadproxy.azurewebsites.net/xxx/oauth2/v2.0/authorize",
"device_authorization_endpoint":
"https://login.microsoftonline.com/xxx/oauth2/v2.0/devicecode",
"http_logout_supported":true,
"frontchannel_logout_supported":true,
"end_session_endpoint":
"https://login.microsoftonline.com/xxx/oauth2/v2.0/logout",
"claims_supported":
["sub","iss","cloud_instance_name","cloud_instance_host_name",
"cloud_graph_host_name","msgraph_host","aud","exp","iat",
"auth_time","acr","nonce","preferred_username",
"name","tid","ver","at_hash","c_hash","email"],
"kerberos_endpoint":
"https://login.microsoftonline.com/xxx/kerberos",
"tenant_region_scope":"NA",
"cloud_instance_name":"microsoftonline.com",
"cloud_graph_host_name":"graph.windows.net",
"msgraph_host":"graph.microsoft.com",
"rbac_url":"https://pas.windows.net"}
So, I notice that the 'patient/.' and the 'launch' scope among a whole host of others that I have are not supported according to my openid config. The only supported ones are "openid","profile","email", "offline_access".
In Azure AD, 'App Registration' > 'Expose an API' I have a list of at least 15 scopes entered there. In 'API' permissions they are all listed there as well.
One other thing to note, AzureAD does not handle scopes with a forward slash. So, launch/patient has to be entered as launch-patient. We also had to implement a proxy server to capture the ~/oauth2/v2.0/authorize request and modify the scope parameter entries to reflect this before passing on the request to the actual server.
I guess the pertinent question now is: How do the scopes that I have entered manually get supported?
I want to change some fields in user details that correspond to a certain e-mail id manually.
Currently I have to look in authentication console for the e-mail id corresponding to UID(which is basis of storing user details now) but I don't want to do that.
Another option I thought was storing user details on the basis of their mobile numbers(as it is equally easily recognisible as email-id), but this will make login system on the basis of phone number instead of email-id.
Main problem is dot in email-id's that don't let email-id's to store as keys.
It's true, Firebase does not allow in it's key symbols like . (dot). There are also other symbols like $ (dollar sign), [ (left square bracket), ] (right square bracket), # (hash or pound sign) and / (forward slash) that are also forbidden.
So in order to solve your problem, you need to encode the email address like this:
name#email.com -> name#email,com
To achieve this, i recomand you to use the following method:
static String encodeUserEmail(String userEmail) {
return userEmail.replace(".", ",");
}
And to decode the email, you can use the following method:
static String decodeUserEmail(String userEmail) {
return userEmail.replace(",", ".");
}
we are developing a mobile (iOS/Android) application through which the user can send an automatic Twilio phone call (using Parse Cloud Code) to a number of her/his choice. Is it possible to dynamically set the content of the phone call from the client (like one can do with SMS’s by passing a string as a variable)? From the examples in the Parse/Twilio documentation it seems that this is not the case and one can only set in advance different texts at different URL’s and choose between them. Is it so?
Twilio developer evangelist here.
You can dynamically set phone call content from a single URL by adding URL parameters to the URL you set for the phone call. So, if, for example, you created a call like so:
client.makeCall({
to: NUMBER,
from: YOUR_TWILIO_NUMBER,
url: 'http://example.com/call/?name=Phil'
}, function(err, responseData) {
// call is made
});
Then you can use the name parameter in the callback to alter the response. Here's an example route in express:
app.post('/call', function(req, res) {
responseText = "Hello " + req.query.name;
res.send("<Response><Say>" + responseText + "</Say></Response>");
});
I hope this helps, let me know if you have any other questions.
I have a website using angular.js and my backend is using asp.net web api. When a new user register a e-mail is send with an activation link and a token inside it like this :
localhost:51426/#/activation?userid=test&code=FCuuf27NzVvmwp2Ksd7IDt83C2XZmZ2paCrZPBLgr9qR8xCaXELvqKCsWlg4uiokb07XK5sQ+2BazHN1+2B74q14grkQY2OHDAVeWlin5GE8ugkyw+2BJFFzd3Q2YiVuMxkmkO6OFdhIyfzUQMV8NPipME+2FST1pa0OuQs90kRUNR5kTkPlGQYKflDOMQvDGV84fZIw
When the user click the link I have an angular controller that basically just take the parameter and call the good method inside the web.api like this :
return $http.post(baseUrl + 'api/v1/account/confirmAccount?userId=' + userId + '&code=' + code);
The problem it seems all the + are replace by space in the server side so when I try to validate the token in my web api it doesn't work.
Not sure to understand why the + it's replace by space and how to avoid this.
Thanks
The problem is that in query strings + characters are replaced by spaces:
URL Encoding:
The HTML specifies the following transformation:
SPACE is encoded as '+' or "%20" [9]
What you could do is replace the space characters with + on the server:
string newCode=code.Replace(' ','+')
One option might be to build the string first and eliminate the + altogether.
Here's what I'm designing a site where multiple shops my be able to offer their producs to sale. Every seller will have a virtual store on my site. I'm using paypal for purchase operations. I've considered to allow customers to use credit card without having a paypal account, and I'm trying to use Adaptive payments flow to allow "buy as guest" flow. I'm trying to use paypal default flow (not the rest api) since I don't want to be worried about handling credit card data and having to design my site as PCI compliant.
So with this escenario here's what I'm using:
From this site https://developer.paypal.com/webapps/developer/docs/classic/adaptive-payments/integration-guide/APIntro/ I'm trying to implement the payment flow specified on the section
Setting Up Web Pages to Invoke the Embedded Payment Flow Using a Lightbox
Since this payment flow requires a pay key to be generated, I'm using the code found on this link:
https://github.com/paypal/rest-api-sdk-dotnet/tree/master/Samples/RestApiSample
-So on my MVC I have a page that generates the order, and it calls a Helper methods to get the paykey. Here's the most relevant one:
public static string GetPayKey(DummyPurchase purchase)
{
ReceiverList receiverList = new ReceiverList();
receiverList.receiver = new List<Receiver>();
//(Required) Amount to be paid to the receiver
string[] amt = new string[1] { purchase.TotalPrice.ToString() };
// Receiver's email address. This address can be unregistered with paypal.com.
// If so, a receiver cannot claim the payment until a PayPal account is linked
// to the email address. The PayRequest must pass either an email address or a phone number.
// Maximum length: 127 characters
string[] receiverEmail = new string[1] { purchase.StoreId.ToString() };
string cancelUrl = ConfigurationHelper<string>.GetKeyValue(Constants.PAYPAL_CANCEL_URL);
string returnUrl = ConfigurationHelper<string>.GetKeyValue(Constants.PAYPAL_RETURN_URL);
string currency = ConfigurationHelper<string>.GetKeyValue(Constants.PAYPAL_CURRENCY_CODE);
//Generate Receivers list
for (int i = 0; i < amt.Length; i++)
{
Receiver rec = new Receiver(Convert.ToDecimal(amt[i]));
if (receiverEmail[i] != string.Empty)
{
rec.email = receiverEmail[i];
}
receiverList.receiver.Add(rec);
}
PayRequest request = new PayRequest(new RequestEnvelope("en_US"), "PAY",
cancelUrl, currency,
receiverList, returnUrl);
//call the service
AdaptivePaymentsService service = null;
PayResponse response = null;
try
{
// (https://github.com/paypal/sdk-core-dotnet/wiki/SDK-Configuration-Parameters)
Dictionary<string, string> configurationMap = GetAcctAndConfig();
// Creating service wrapper object to make an API call and loading
// configuration map for your credentials and endpoint
service = new AdaptivePaymentsService(configurationMap);
response = service.Pay(request);
}
catch (Exception ex)
{
Elmah.ErrorLog.GetDefault(null).Log(new Elmah.Error(ex));
return "";
}
Dictionary<string, string> responseValues = new Dictionary<string, string>();
string redirectUrl = null;
if (!(response.responseEnvelope.ack == AckCode.FAILURE) &&
!(response.responseEnvelope.ack == AckCode.FAILUREWITHWARNING))
{
return response.payKey;
}
return "";
}
-After I get this key, I get the html from another view that has the form as the API guide specifies, having the paykey string as the model for this view.
#model string
<h2>ConfirmCheckout</h2>
<script src="https://www.paypalobjects.com/js/external/dg.js">
</script>
<form action="https://www.paypal.com/webapps/adaptivepayment/flow/pay"
target="PPDGFrame">
<input id="type" type="hidden" name="expType" value="light">
<input id="paykey" type="hidden" name="paykey" value="#Model">
<input type="submit" id="submitBtn" value="Pay with PayPal">
</form>
-After the view is rendered, I call the javascript code to start the flow:
var dgFlow = new PAYPAL.apps.DGFlow({ trigger: 'submitBtn' });
-The flow works perfectly and I get a valid pay key rendered on this form. But when I click this button (submit button on form with paykey) I get 2 different errors. This is the most frequent one:
This transaction has already been approved. Please visit your PayPal Account Overview to see the details.
-But sometimes I get a "Your payment session has expired" error.
I have 2 questions:
Does someone know how to fix those errors?
I'm using clasic API since guest payment flow for adaptive payments require a PayKey to start the flow (in order to avoid security and PCI complience matters). I did not found a method on the Paypal REST API that could get the same PayKey. Is there any method to get those keys?
Thanks a lot
Well this is really embarrasing... but the real issue was the url on the post action of the form. I had
<form action="https://www.paypal.com/webapps/adaptivepayment/flow/pay" target="PPDGFrame">
Which is production link. And I'm not going live yet, I'm using paypal api credentials for a sanbox account, so the real form action should be:
<form action="https://www.sandbox.paypal.com/webapps/adaptivepayment/flow/pay" target="PPDGFrame">
Duh!. Well hope that this could help another person with same kind of errors.
Thanks a lot #Andrew Angell
It sounds like you're sending a Preapproval key with your Pay request. When you do that, there's no redirect to PayPal required. That's the whole point...you've already got approval via the Preapproval Key, so when you submit a Pay request with a preapproval key included the payment will be made immediatly (as long as the preapproval profile is still valid.)
As such, when you're doing the redirect, it's telling you exactly what happened...the transaction was already processed. Again, no need for a redirect.
The whole point is to be able to trigger payments using the preapproval profile within your application at any time you need to with any redirect or further approval. Once you have that preapproval key you can trigger payments any way you want to. For example, you might want to charge somebody per use and trigger a payment when they log in to your website, but you don't want them to have to approve the payment every time. The payment could happen in the background via the Pay API with the preapproval key included but the user would not be interrupted at all.
Hope that helps.