I am trying to integrate PayuMoney payment gateway into my Meteor App. The process involves sending a POST request to a external url(payu url) and also redirecting the user to it. The user completes the payment on PayUmoney's site and once done, the PayUmoney site redirects back to a url(provided by me) with parameters passed as POST.
What I have done currently,
To post the form, I have allowed the default behavior of the form. I have defined the method as POST, with the target URL and all input parameters as hidden.
However, I am unsure on how to accept the variables after the tranasaction. I tried this method: How do I access HTTP POST data from meteor? but, this didn't work.
Technical Integration Document (Pay U Money): https://s3.amazonaws.com/uploads.uservoice.com/assets/074/080/407/original/PayUMoney_Technical_Integration_Document.pdf?AWSAccessKeyId=AKIAJF4UXUF6KJMEJFQQ&Expires=1519543396&Signature=ASnFquJkmCwQSMfx93w913MjZPk%3D
Any help will be appreciated. Thanks!
Assuming you're talking about accepting the response from PayUMoney, meteorhacks:picker is a great library for setting up an API. If you follow along with this guide, you'll get taken through all the steps of setting an endpoint up that can accept a cross-origin POST request.
Related
I am developing an application that posts comments into Merge Requests on Gitlab. It works by authenticating with a given user, and then after some setup will register a webhook on the relevant project to be informed when a Merge Request update happens. When a new Merge Request is detected I want to post a comment on the Merge Request asking for some specific detail to be sent over.
However, when we post the comment on the Merge Request we can only ever seem to do it as the user that we have the OAuth token for (which of course makes sense). My question is what should we do/could we have done in order to post the note as a 'bot user' without having to register a full user into the repository? Or is this just impossible?
You can create a reporter user and use its access token. The problem my arise when the user doesn't have enough access control.
You can create a project scoped token, a bot user will automatically be created for such a token
Ref: https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html
Am developing wordpress plugin that makes donation, through lcoal online payment providers. After payment complete a post request should be sent to the website.
My question is how to make specific wordpress page receive post request using the plugin i created
Indeed, this question is unclear.
But to what I understand, you want that a specific page that would be provided by a user of your plugin, be called upon completion of the payment.
Your plugin would allow entering that page in the plugin's configuration.
If it's that, as an example, Paypal does it : See https://developer.paypal.com/docs/classic/paypal-payments-standard/integration-guide/step_3/, Take customers to this URL when they finish checkout : They call back the URL passed to their site, upon payment completion.
In your case, you must see with your local online payment provider if he supports that feature and call it with such URL as parameter.
I'm new to WP-REST API and Wordpress in general. I've tried to get the posts list using the endpoint wp-json/wp/v2/posts but I get the classic 403 error.
I'd like to ask if there is a way to disable authentication for GET requests like posts, categories and so on since I want to create a web application in which a user can navigate and see them freely, with no need for authentication.
Thank you all for the answers.
You actually don't need to have authorization to merely GET posts or categories, so long as they aren't password protected.
If someone has implemented a modifier to rest_authentication_errors, that might be your problem: https://developer.wordpress.org/rest-api/using-the-rest-api/frequently-asked-questions/#require-authentication-for-all-requests
To see the available endpoints you have, visit yourwordpressurl.com/wp-json
Symphony Version 2.2 (yah, I know).
FOSRestBundle: 1.5.3
Current Scenario
I have a REST Api driving an angular page. Let's say that each user has a token associated w/ their user record. Consider the following Urls.
GET /api/user/{token}/messages
POST /api/user/{token}/messages
GET /api/messages/{messageId}
GET /api/user/{token}/votes
POST /api/user/{token}/votes
So the user can GET and POST messages. The user can make votes and see them.
(I have about 30 diff routes like this - the URLs are all over the place).
Question
How can I verify that the user is allowed to GET/POST data for the token they're providing?
I do realize I could copy/paste some code to check the given user vs the user from the URL. Or I could write a service w/ a checkUser() function on each endpoint.
My hope, though, is that there is some way of doing this that doesn't require me to check the user on each endpoint's entry point.
Don't send the authentication in the Endpoint. An endpoint typically should be Idempotent, and should individually identify a particular resource.
Send your authentication tokens in HTTP headers.
With that said, as a strategy, baking in your security using #wonde is a good idea. I have implemented a custom base controller class in the past, but the filter and event handling built into symphony provides an even sexier solution.
i would create a before filter and add the checkUser() hook in there , that way you don't have to check the user permission on each endpoint
example
I tried to do some research on this and came across the following question on another site:
http://www.theserverside.com/discussions/thread.tss?thread_id=36561
Unfortunately, the answer there was to switch to GET requests, which I'm hoping there's a better solution. To reiterate the problem:
The scenario is when a user is on a search page for instance, their session expires, and then they click the submit button. At this point, the login page shows up since they aren't logged in anymore. After successfully logging in, j_security_check is resending the POST request to the search from before but without any of the POST data. I would like to be able to get the POST data from the original request, or I want to configure j_security_check to never send POST requests after logging in, but instead force it to use GET requests.
Any help is greatly appreciated.
I ended up checking in the doPost method to see if request.getParameterMap().isEmpty(). If it is empty, then j_security_check sent the POST request since it doesn't send any POST data. If that is the case, I just call the doGet method instead.