I'm facing card testing attack lately on a website that uses stripe checkout.
After two days of being under attack, I finally deactivate the concerned page which leaves my website without any way to pay for services.
Now I would like to add a recaptcha to protect the stripe button, but just can't seem to understand how to do it.
I have a page with three services, under each one is a stripe checkout button. What I would like to do is to prevent bots to access the Stripe checkout page, which is external and hosted on stripe servers.
I did recaptcha integrations before in php and with a regular form. Here I'm working with nodejs and there's no real form to query. Is it possible to prevent bots from accessing those buttons ?
I saw some tutorials online but everytime the form is hosted on local server.
If you have a clue, it would be a great help.
Thank you
Have you followed the official Google docs for reCAPTCHA v3? They provide code snippets and go into detail about how to do this.
https://developers.google.com/recaptcha/docs/v3
It's easiest to implement it in the payment flow before your customers ever get to the page with the Checkout button (e.g. on the shopping cart page), but you can also bind it to the form action that triggers the creation of the Checkout Session.
Related
So far I've created a product modal and upon proceeding to checkout, Stripe popup appears and the user can proceed with the payment.
https://streamable.com/30p4eh
Although, I have to change the checkout button to popup a checkout page first so the user can enter his delivery address and so on. How does a checkout page deliver the information the user has input, into Stripe? How does the whole process work? Do I have to add all my products into Stripe product page? Can Stripes checkout page be used like in this Firebase video? Firebase
The Checkout payments guide now includes a nice diagram that I think should help understand what you're asking about.
You create a Checkout Session with the payment information and then redirect your customer to Stripe. Stripe displays the information about the purchase and collects payment information from your customer, then redirects them back to the URL you specify. In the background, you're notified about the success of the payment and you can manage order fulfillment.
If you need more information about a particular piece of this, please feel free to ask with more details!
Update: on a second review, I see that I missed that your video is showing the Legacy Checkout integration. Stripe has a new Checkout integration that supports a wide range of payment methods and supports SCA-compliant authentication challenges. Take a look at the migration guide to update your integration.
I am learning React Native by creating a clone of Instagram (Strictly Local Development). I want to use the Instagram API to get some real time data for my app. I tried registering as Instagram Developer but its asking me for the website and policy page of the website, which I don't have. Is it possible to use Instagram API for learning purpose, if so can you give me the steps for ding it??
Yes, you can. I think you're already in the right way. All you need to do is just integrate things up and follow all the steps in the Instagram Developer website.
You are not required to have policy page or anything to use the sandbox, but you will need it later on if you want to use the API in the production state of your app.
You will need to create an app in the developer site, and generate your access token. Then, add a sandbox user (your Instagram account) and start to use the User Endpoint to retrieve your user data (such as your bio, follower count, etc.) and media (this is what you want, your Instagram post feed).
Hope this helps.
I'm building a site which wants to display recent Instagram images in a carousel, grabbed from a specific geotagged location. I have everything ready to go, but I just can't figure out how to get the data.
I'm using node.js and I want to grab the image URLs server-side and give them to the client for them to make the requests to Instagram to fetch the images. If this hits rate limits or violates Instagram policy then I'll simply cache the images server-side instead. Either way, I have no idea how to get the data I need from Instagram.
The furthest I've got is manually getting an access token using this URL: https://www.instagram.com/oauth/authorize/?client_id=123456&redirect_uri=http://localhost&response_type=token&scope=public_content
Then using that access token I tried the following request in Postman:
https://api.instagram.com/v1/locations/226170293/media/recent?access_token=123456
But it returns the following:
{"pagination": {}, "data": [], "meta": {"code": 200}}
After Googling around a bit, I figured maybe it's because my Instagram app is in sandbox mode. So I went about applying for full access. The request form presents these options:
Which use case best describes your Instagram integration?
I want to install a third party widget to show Instagram content on my website.
I want to display hashtag content and public content on my website.
I want to display my Instagram posts on my website.
I want to build analytics for my own Instagram account.
My app is still in development and/or is a test app.
My app allows non-business users to login and post comments, likes or follow actions.
My app allows people to login with Instagram and share their own content.
My product helps brands and advertisers understand, manage their audience and media rights.
My product helps broadcasters and publishers discover content, get digital rights to media, and share media with proper attribution.
Other
My requirement falls under the second option, but after selecting it, I'm told:
This use case is not supported. We do not approve the public_content permission for one-off projects such as displaying hashtag based content on your website. As alternative solution, you can show your own Instagram content, or find a company that offers this type of service (content discover, moderation, and display).
And actually, selecting any option apart from the 3 options above "Other" presents a message stating it's not allowed. Even selecting "Other" shows:
We do not accept submissions for integrations that do not fall into one of the approved use cases.
Talk about terrible UX.
I'm seriously considering just scraping the URLs instead, but I'm betting that's definitely against Instagram policy, but what other choice do I have? All I want to do is display some images on a website...
Think I have it thanks to https://stackoverflow.com/a/40527149/1864403.
https://www.instagram.com/explore/locations/226170293/?__a=1
No idea how people can find this out other than word-of-mouth.
I just noticed that new Instagram API's sandbox has too many restrictions and I would need to submit review to build my app. I googled to see if there's a way around but looks like using their API would be better than anything.
The app I was going to build requires all the API endpoints that Instagram doesn't allow Sandbox users to access (such as hashtag search and get recent tags). Do I just build one assuming I can get responses from the endpoints? I am pretty confused. Anything would help. Thanks!
You think you have two options:
Since, instagram allows you get the contents from the user's in the sandbox mode.
Create an App using link and submit for review to get experience with public data available in instagram.
I currently have a Website Payments Standard checkout process for purchasing recurring payments. WPS just use some inputs hidden to send all information to PayPal.
But it's very insecure because if you know HTML, you can change these inputs hidden at browser's developer tool and change the prices.
I chose WPS because it's simplest than the Express Checkout, and you don't need a API integration.
So, someone had the same problem? There is a security way to use WPS?
How are you using WPS? With the PayPal buttons? If so, you can create encrypted buttons when you log into your PayPal account. If you are using something else, let me know and I can look into it.