The Mailchimp documentation only gives the payloads sent to webhooks for unsubscribes and for subscribes. It does not give much detail about the other payloads. Most of them are easily generated. However it is not so simple to generate an abuse/spam message. When a subscriber reports that, I assume that they are unsubscribed but I was wondering if the payload differs from a regular unsubscribe or if there is a different payload type.
I wondered if the data[reason] might differ for an abuse/spam report. Does anybody have any insight into this?
Related
When I get an IPN from PayPal (or a similar service) to indicate a sale, they ask to :
Send back 200 OK
Send back the request body.
As you know the client can easily play with the numbers and set a price of 0, while ordering a product that cost 100$, or just get a spoof message with a fake sale.
In this case, they advice to check the IPN message on the cloud.
But at this stage the sale has been made, and if this was a hack, the seller will have to refund, and this whole scheme sounds wrong.
It seems that i can't really send 400 instead of 200 OK.
I read this How to explicitly reject an IPN request and turn out you can't really reject after you compared the payment request with your DB and found that something was wrong.
So how can i make sure the sale is authentic ?
The best solution is to use a server-side front end UI paired with two routes on your server to 'Set Up Transaction' and 'Capture Transaction'": https://developer.paypal.com/docs/checkout/reference/server-integration/ . Then you do not need IPN at all, for anything.
However, if you are going to use IPN, it is documented here: https://developer.paypal.com/docs/api-basics/notifications/ipn/
There is a verification step where you post the IPN message back to PayPal to check whether it is valid or not. This answers your question.
If what you want to accomplish is refuse the transaction due to an invalid amount or description, at this point it is already too late in the case of a sale type transaction. All you can do is issue a refund via API.
Is there a way confirm the delivery and reading of messages sent to a client?
I would like to do something similar to WhatsApp where it provides two types of confirmation, the first is a delivery and the second is a reading confirmation.
Is there a way around this or something that is supported?
Sendgrid webhook has sg_message_id
But the response of Web API v2 when sending mail doesn't have sg_message_id.
In fact, there is only message showing only success or failed.
So, how do i associate between sent mail and the webhook callback?
I have check the past questions in SO but it doesn't provide be the solution for this.
Thank you.
You can use unique arguments. Take your unique ID (like primary key) and give it to sendgrid API during sending email. You will get it back in the event webhook.
https://sendgrid.com/docs/API_Reference/SMTP_API/unique_arguments.html
EDIT: The best practice seems to be using custom arguments (see documentation). Which is not apparent from the documentation (as of today).
In Web API v3, the response includes a special header X-Message-Id (see https://sendgrid.com/docs/Glossary/x_message_id.html).
This can be later matched with sg_message_id in webhook: https://sendgrid.com/docs/Glossary/message_id.html
The documentation does not make it clear, but the X-Message-Id header is actually not equal to sg_message_id, but it is a prefix of sg_message_id.
For example:
X-Message-Id = "MUvGg3V1ThOu3oe8eRqFrA"
sg_message_id = "MUvGg3V1ThOu3oe8eRqFrA.filter0001p2iad2-21183-5AF0BD9B-E.0"
The Web APIv2 call that sends out the email only responds with a {message :"success"} answer indeed, but the sg_message_id is not generated at that point. The API call answer simply acknowledges that the email was sent to SendGrid for processing.
The email is sent to SendGrid, and there it receives the sg_message_id value that is provided through the Event Webhook posts.
At some messages in Gmail, the MESSAGE-ID header is missing and I need to use it as IN-REPLY-TO header when replying so I can keep the replies at the same conversation.
When those emails with missing MESSAGE-ID header are replied from the Gmail's WEB UI, the replies stay with the conversation and the reply in fact acquires a IN-REPLY-TO header something looks like <-4185615914882731559#unknownmsgid> I could not discover how is this generated.
I've been trying to find a solution to this problem quite a while, ended up trying a few desktop email clients, Airmail and Sparrow to see how they behave. If I ever reply a particular email which is missing the MESSAGE-ID header using those email clients, the sent reply also acquires the same IN-REPLY-TO header <-4185615914882731559#unknownmsgid> and the reply indeed stays at the same conversation as expected.
So, I would like to ask how they achieve this, do they somehow generate the IN-REPLY-TO header <-4185615914882731559#unknownmsgid>? Is there a rule or a workaround?
This is a classic problem, every mail reader has it. The classic solution is:
copy the References field from the message you reply to, if any.
make up an In-Reply-To field, perhaps with a made-up message-id, perhaps with the sender's address and the message's date.
Keep the subject, and append "re: ".
You may also copy the Thread-Index field, if there is one.
Gmail's and most other threading algorithms will then connect the dots.
Thread-Index is a Microsoft thing, noone else uses it, as far as I know. The format of the hex blob is not specified, but copying that will help probably help Exchange, if the original message comes from Exchange.
If you just want to send an email and make sure it threads with another email in that user's inbox (and not any other gmail users that may receive the reply) then I believe you can use the Gmail API's messages.send() method and set the message.threadId to match the thread you want it to thread with.
I don't think that e-mails delivered to your gmail account have no message id. My evidence is that I just tried sending one to myself via telnet without a message id, and gmail's mx server added this
Message-Id: <54412844.63bbb40a.0772.ffffcbdcSMTPIN_ADDED_MISSING#mx.google.com>
It may be that copying a message into gmail's imap store can result in a missing message id. Eg see https://productforums.google.com/forum/#!topic/gmail/w5kgRivwbIg (though that is very old, it shows that synchronising mail to a gmail IMAP account can have this result).
The basic rule of e-mail is that if an e-mail doesn't have a message id for whatever reason, one is created for it, which is what has happened here. Hence, when you reply, the made-up message id is used in the in-reply-to header.
I basically am trying to allow users to post to their blog using a text message. I have a phone number stored for each user, and since twilio sends that information in the post request they hand to my page, I can do a reverse lookup to see which blog to post it to. The question now arises, how can I be sure that the user sent the text? Can't anyone just send post information with someone else's phone number?
I have a couple thoughts about this:
1. Twilio sends your account number in the post, which I suppose isnt known to malicious users.
2. I could respond with an SMS containing a randomly generated code, and have the user send that back. This would effectively triple the SMSs needes do I would prefer the first.
Is number one "safe enough"? Or should I bite the bullet and make a response system as in number two?
You can verify that requests are coming from Twilio. We attach an X-Twilio-Signature header to each request which is signed with your Auth Token (which should be known only by you). Each of the Twilio helper libraries has a function to help determine if the request was made by Twilio or not.
Please see our documentation on validating requests: http://www.twilio.com/docs/security#validating-requests
or our helper library functions for validating Twilio requests: http://readthedocs.org/docs/twilio-php/en/latest/usage/validation.html#validate-incoming-requests, for example.