How to pass form data to an external API in ROR - ruby-on-rails

Hello I am designing an online application that uses mobile money as a means of payment. But I need assistance on how I can pass my order form data to the API of the mobile money service providers who complete the transaction.

Try httparty, post method.
An existed example could be
options = {:type => auto}
payload = options.to_json
query = {
:request_id => request_id,
......................
:user_id => user
}
response = post("/tbc/submit_job.json", :body => payload, :query => query)
You can use httparty to customize yours.

Related

How to Handle OAuth Response with Octokit Ruby vs Restclient

Hi I'm new to Ruby/Rails and I had a question about handling an OAuth response with the Ruby version of GitHub's Octokit. After reading the documentation I'm a little confused about how to follow best practices with the wrapper vs with RestClient. When I authorize my app the response returns a "code" which I'm supposed to exchange for an access token.
In the GitHub API documentation it shows a Sinatra example of this with Restclient, which is currently in my create action of the sessions controller. However, it says you should approach it differently when building an app and that you should use the Octokit library, but I can't find any documentation on exactly how to exchange the code for an access token with Octokit.
My goal is to be able to crete a new member for the app via a user's GitHub account, save that info, & then sign them in with that account, rather then ever creating a username/password. I've pasted my new.html.erb code below to show the request that I am making as well. Really appreciate any help, thank you!
Sessions Controller
class SessionsController < ApplicationController
def new
#client_id = Octokit.client_id
end
def create
# CHANGE THIS TO USE OCTOKIT INSTEAD
session_code = request.env['rack.request.query_hash']['code']
result = RestClient.post('https://github.com/login/oauth/access_token',
{:client_id => Octokit.client_id,
:client_secret => Octokit.client_secret,
:code => session_code},
:accept => :json)
access_token = JSON.parse(result)['access_token']
end
end
OAuth Request
<p>
Sign In with GitHub
</p>
<p>
Click here to begin!</a>
</p>
As it doesn't explicitly state this in the README. What I recommend is always going through the source code to get a better understanding of how a gem works. Often you will find that the gem's creator(s) have written great code that is self-explanatory, and sometimes even commented to provide more info as in the situation below. Here is the method you're looking for, good luck on your journey to learn to Ruby/Rails and welcome! Let me know if you have any more questions and run into any more issues getting this to work.
# Retrieve the access_token.
#
# #param code [String] Authorization code generated by GitHub.
# #param app_id [String] Client Id we received when our application was registered with GitHub.
# #param app_secret [String] Client Secret we received when our application was registered with GitHub.
# #return [Sawyer::Resource] Hash holding the access token.
# #see http://developer.github.com/v3/oauth/#web-application-flow
# #example
# Octokit.exchange_code_for_token('aaaa', 'xxxx', 'yyyy', {:accept => 'application/json'})
def exchange_code_for_token(code, app_id = client_id, app_secret = client_secret, options = {})
options.merge!({
:code => code,
:client_id => app_id,
:client_secret => app_secret,
:headers => {
:content_type => 'application/json',
:accept => 'application/json'
}
})
post "#{web_endpoint}login/oauth/access_token", options
end

How to secure a payment with activemerchant?

I have have a rails application which a payment form. As showed it the official website, I create a new credit card like this :
attributes = params[:credit_card]
credit_card = ActiveMerchant::Billing::CreditCard.new(
:number => attributes[:number],
:month => attributes[:month],
:year => attributes[:year],
:first_name => attributes[:first_name],
:last_name => attributes[:last_name],
:verification_value => attributes[:verification_value]
)
It works but it's not very secured because it pass data in clear on the post request, after submiting the form.
What is the best way to secure my application? I seen this railscast but It's not very applicable for activemerchant.
I can use ssl but is it enough? I am using heroku so, to have ssl, I must simply use https instead http.
Having your payment calls go through the HTTPS protocol is the best way. In fact, even if you found a better way to obfuscate the data you are sending, if the counterpart does not share the same logic it will be useless.
All sensible and risky data like this should live only under the HTTPS protocol.

How I can use IPN handler with Pay operation and receive messages?

I have function, which paying users:
def pay
require 'httpclient'
require 'xmlsimple'
clnt = HTTPClient.new
user = User.find(params[:user_id])
#params_id = params[:user_id]
credentials = {
'USER' => 'payer_1342623102_biz_api1.gmail.com',
'PWD' => '1342623141',
'SIGNATURE' => 'Ay2zwWYEoiRoHTTVv365EK8U1lNzAESedJw09MPnj0SEIENMKd6jvnKL '
}
header = {"X-PAYPAL-SECURITY-USERID" => "payer_1342623102_biz_api1.gmail.com",
"X-PAYPAL-SECURITY-PASSWORD" => "1342623141",
"X-PAYPAL-SECURITY-SIGNATURE" => "Ay2zwWYEoiRoHTTVv365EK8U1lNzAESedJw09MPnj0SEIENMKd6jvnKL ",
"X-PAYPAL-REQUEST-DATA-FORMAT" => "NV",
"X-PAYPAL-RESPONSE-DATA-FORMAT" => "XML",
"X-PAYPAL-APPLICATION-ID" => "APP-80W284485P519543T"
}
//here is data what is posting to PayPal
data = {"actionType" => "PAY",
"receiverList.receiver(0).email"=> user.email,
"receiverList.receiver(0).amount" => "10",
"currencyCode" => "USD",
"cancelUrl" => "http://127.0.0.1:3000/",
"returnUrl" => "http://127.0.0.1:3000/",
"requestEnvelope.errorLanguage" => "en_US"}
uri = "https://svcs.sandbox.paypal.com/AdaptivePayments/Pay"
res = clnt.post(uri, data, header)
end
From documentation:
Adaptive Payments API operation - use -
ipnNotificationUrl field of the Pay or Preapproval request
So, I should add into data variable:
"ipnNotificationUrl" => "myaapp.com"//my site url yes ?
I should put in this field my site url or not ?
How to get info from this notification ?
How to send some emails and do some action if transaction is successful ?
I can't test it locally, yes ?
How can I test it in sandbox ?
Yes, you should include the field if you want to receive notifications related to the payment,
You need to specify a URL that is reachable from the outside (As this is where PayPal will post the information to, from their servers).
This URL could be a PHP page, that upon receiving the IPN, and verifying it, sends out the emails you mentioned.
To simulate an IPN coming from PayPal, you can use the following tool from the sandbox developer page: https://developer.paypal.com/cgi-bin/devscr?cmd=_ipn-link-session
(Alternatively, you can complete a purchase in the sandbox, and if you specified the ipnNotificationURL in the API call, PayPal will send you one upon completion of the payment)

Create record example for Quickbooks Online and Intuit Anywhere using Ruby and httparty?

Can someone post an example of creating a record in quickbooks online / intuit anywhere, using ruby and httparty?
I am working on an integration to a ruby on rails app using intuit anywhere, and am running into an issue with my POST request when attempting to create a new record. I have been able to successfully retrieve data (customers) using a POST command that doesn't require XML data in the body of the request, but am running into trouble when trying to create new records that have required fields that need to be passed in XML in the body of the request.
I get the same flavor of error in any entity for which I try to create a record for: an invalid or missing required field. It seems to me that the XML in the body (where the data for the required fields is added) is either being ignored (incorrect formatting?) or is not being attached.
I was hoping the someone else familiar with ruby could post an example of a record creation using httparty. If I could see how to correctly pass the XML using httparty, I can fix my problem myself.
I have been using the customer.com example (https://code.intuit.com/integration/viewvc/viewvc.cgi/IntuitAnywhere-Ruby/customer.com/?root=intuitanywhere&system=exsy1003) mostly as posted, with a few irrelevant modifications needed to get it to work in Rails 3.1. I am using the data pull and handling provided in the example, which looks like a pretty standard API wrapper built using httparty.
I am using a pull similar to the one found in the company_controller customers method. Here are two different ways I have tried submitting the XML:
#########################################
#Example 1 - XML
e = #company.intuit_token.post("https://qbo.intuit.com/qbo1/resource/account/v2/#{#company.realm}",
{ :body =>
"<Account xmlns:ns2=\"http://www.intuit.com/sb/cdm/qbo\" xmlns=\"http://www.intuit.com/sb/cdm/v2\">
<Name>Test Account 2</Name>
<Desc>Test Account</Desc>
<Subtype>Savings</Subtype>
<AcctNum>5001</AcctNum>
<OpeningBalanceDate>2010-05-14</OpeningBalanceDate>
</Account>",
:headers => {
"Content-Type" => "application/xml"
}}
)
#########################################
#Example 2 - hash
e = #company.intuit_token.post("https://qbo.intuit.com/qbo1/resource/account/v2/#{#company.realm}",
{ :body => {
:Account => {
:Name => "Loan Account 2",
:Desc => "Loac Account 2",
:Subtype => "Savings",
:AcctNum => "5001",
:OpeningBalanceDate => "2011-04-22"
}
},
:headers => {
"Content-Type" => "application/xml"
}}
)
I incorrectly assumed the customer.com example provided by intuit was using the httparty gem to make the POST call, so I was using the wrong syntax. They are actually using the OAuth gem's POST call, who's syntax can be found here: http://oauth.rubyforge.org/rdoc/classes/OAuth/AccessToken.html
I also had to modify the headers to get the Intuit Anywhere service to accept the XML body. Here is the code that finally worked for me to create a record in quickbooks online using intuit anywhere:
e = #company.intuit_token.post("https://qbo.intuit.com/qbo1/resource/account/v2/#{#company.realm}", "<Account xmlns:ns2=\"http://www.intuit.com/sb/cdm/qbo\" xmlns=\"http://www.intuit.com/sb/cdm/v2\"><Name>Test Account </Name><Desc>Test Account</Desc><Subtype>Savings</Subtype><AcctNum>5002</AcctNum><OpeningBalanceDate>2010-05-14</OpeningBalanceDate></Account>", {"Content-Type" => "application/xml", "standalone" => "yes", "encoding" => "UTF-8"})

Docmail API for ROR application for postcard

I am using docmail's Simple API for sending Postcard.They have implemented this functionality recently, but I didn't get any sample code or instruction for implementation.
Thanks in advance,
Gaurav Soni
I got my answer.Here is a sample code that can interact with Docmail Simple API methods.
require "base64"
require "soap/wsdlDriver"
class TestDocmailLetterSending
def initialize(account)
api="https://www.cfhdocmail.com/Test_SimpleAPI/DocMail.SimpleAPI.asmx?wsdl"
#test = SOAP::WSDLDriverFactory.new(api).create_rpc_driver
contents = open(file, "rb") do |f|
f.read
end
result = #test.sendLetterToSingleAddress(
'sUsr' => "username",
'sPwd' => "password",
'sMailingName' => "string",
'sCallingApplicationID' => "string",
'bColour' => true,
'bDuplex' => true or false,
'eDeliveryType' => "StandardClass",
'sTemplateFileName' => File.basename(file),
'eAddressNameFormat' => "FullName",
'bTemplateData' => contents,
'sFirstName' => first_name,
'sLastName' => last_name,
'sAddress1' => "",
'sAddress2' => ,
'sAddress3' => ,
'sAddress4' => ,
'sPostCode' => ,
'bProofApprovalRequired' => 'false'
)
end
end
We don't have any RoR examples at this time - others here may be able to help, but it's essentially a SOAP webservice, with the SimpleAPI using less complex data types than the standard version. The standard API already lets you send postcards and letters, but is more complex to use from some environments due to it's complex data types.
The test version of Docmail's SimpleAPI has now been updated to expose postcard calls to allow physical postcards to be send via the Simple version of the API. Once we're happy with the updates, we'll make them available in the live version too.
Although you've probably already been through the other info on the API, here are some links/addresses in case anyone else needs them:
Docmail API Info Page
Simple API Test Webservice & Website (for the Simple API Live versions, replace "Test" with "Live"):
https://www.cfhdocmail.com/Test_SimpleAPI/DocMail.SimpleAPI.asmx?WSDL
https://www.cfhdocmail.com/Test
Hope that helps.
Will
(from Docmail)

Resources