Google in App Billing verification failed sometimes - android-pay

Our server is not able to verify signature for Google Wallet sometimes. Sometimes it works, sometimes verification failed.
We are using following guide - https://developer.android.com/google/play/billing/billing_integrate.html
and following Java implementation - https://github.com/anjlab/android-inapp-billing-v3/blob/master/library/src/main/java/com/anjlab/android/iab/v3/Security.java to verify signature on server side.
I noticed that there are 2 types of orders, for example - GPA.1391-1084-0175-28517, orders which starts from GPA are verified correctly.
Verification of orders which looks like - 4781656834035199745.4951372150438022 or 4557257650215229301.5495206017032115 or simply 8120126244668862748 are always failed
Moreover I can't see failed orders ids in Google Wallet Merchant Admin screen. There are a lot of such orders from different users created in different time, it does not look like a someone is trying to hack us
Any clue is highly appreciated.

Related

Transactions API example dialogflow node-js not responding

I want to use an example of dialogflow node js transaction API example, but when intent transaction decision is not responding. when in my log console firebase function, there is no error, anyone can help me?
Based on troubleshoot for transactions API,
make sure you've made sure that Transactions API is active in actions console in deploy >> directory information >> additional information, and then you must fill the description (full and short) even with example (maybe you can fill with random text), and then fill the privacy policy and terms of services with www.example.com or random website.

How can I get my app using Instagram Basic Display API pass app review?

This is now the 4th time I am sending my app for review. I want to use Instagram Basic Display API and therefore require instagram_graph_user_media permission to access media (and incidentally instagram_graph_user_profile). I have 2 test users, my personal IG account with a bunch of pics and a test user that I created with an empty feed. I can login with both users. But when the Instagram app reviewer is logging in, my app can't access their media. I successfully retrieve the access token but when comes the time to call the Graph API here is what happens:
https://graph.instagram.com/me/media?fields=media_type,media_url,permalink,thumbnail_url&access_token=IGQV....
returns
{"error":{"message":"Application does not have permission for this action","type":"IGApiException","code":10,"fbtrace_id":"A99vuaAC41DSvlt0Hxvcly-"}}
Here is an update from my latest app review rejection. This time, I added the code above to catch code 10 errors and if I did, try to fetch the user profile data. Guess what, that failed with a code 10 error as well. So, whatever the app reviewer is doing, it is granting access to neither the profile or the media API.
Another update. The reviewer I had this time sent me two screenshots, one of the Instagram login screen and one of my app's error screen. Interestingly, the Instagram login screen had a strange Instagram username that I have never heard of before. It certainly wasn't my test Instagram account. So I now have evidence of them both using my test account and their own special test accounts.
The question in my mind now is, is there something special about their test accounts that ruins the process? After all, I have not added them to be testers of my app, although if someone who hasn't accepted my test invite tries to log in, it errors in an entirely different way.
I am running out of ideas here. My next thing to try is to exchange the short-lived access token for a long-lived token, as well as trying to use the new access token to server-side (where I exchange the code for the access token) to check if the access token ever works or if it is created with insufficient access.
This whole process is a nightmare.
I will put this as an answer because we have dealt with this thing now for over 2 weeks and quite a few submissions. I think you should remove the bounty though.
What you have done so far:
Created and approved IG test accounts
Double and triple checked parameters & permission
Tested your app a dozen times
Created dozens of screencast spoon-feeding, making sure a 5 yo kid would be able to test your app
Having the above, I am sure you noticed:
The reviewer will add a generic text as 'reject reason.'
The reviewer will submit the irrelevant and out-of-scope screenshot(s)
The reviewer will not test with the Instagram credentials provided.
Maybe he WILL test with the Instagram test credentials provided (in fact you're left in the dark as to how they actually simulate IG access)
The reviewer will claim he's unable to sign in using provided credentials
The reviewer claims having tested, but you see no traces in your DB whatsoever (would be smart to do so, to know whether they're actually doing something or not, up to a certain point)
Conclusion
You have to know that your app is at the reviewer's mercy and approval sometimes arbitrarily. Eventually, you will find your app being approved while having submitted it to change at all.
This should be obvious but when you are so deep in the hole and try to think why your app is being rejected you stop thinking logically.
Here is what I did:
Create a dummy Instagram account.
Link this account to an email provider that doesn't require a phone/another way of verification (I used ProtonMail).
Use an Instagram Tester account (do the whole process).
In your instructions let the reviewer that they need to log in to ProtonMail to get the Instagram confirmation code; since they will do login from an unknown location (if you could simulate the above in your screencast that would be great, but I didn't do it).
If you apply for both instagram_graph_user_profile and instagram_graph_user_media you need to do this in 2 steps individually.
The second step getting the instagram_graph_user_media permission is much easier.
I lost a couple of days and tried everything and anything before I realized that.
Hopefully, this should help someone that is having the same problem.
The app was approved the first time.
It is possible that the App Reviewer is unchecking the instagram_graph_user_media access in the authentication screen, thus giving you only access to instagram_graph_user_profile. I had the exact same error code being thrown back my way, and I did the following:
Catch the error code 10 error
Try to fetch the https://graph.instagram.com/me?fields=account_type,username&access_token=${accessToken}
If that works, then display a page that makes it clear that you have successfully connected to the Instagram User Profile (and here is your username and account type) but, if the user wants to do X they also need to approve media access, and here is a button to go and reauthenticate again.
See the image I have below.
Now, I did the above and I still got an app review failure of code 10, which means that the second fetch to only the username and account type failed, and I do not know how they could possibly have managed to do that.
They admitted issue but not fixed yet: https://developers.facebook.com/support/bugs/543633182940083/
To get approved for Instagram Basic Display:
create a Facebook test user
create an Instagram account with that FB test user
give the credentials (email/address) of the Facebook test user to the reviewer in the Instagram Basic Display submission
Basic Display API review process is so bad its beyond words. I have been hitting the brick wall of their rejections for 3 weeks and almost got bald by pulling my hair in frustration. You really have to read between the lines to get a hint of what they are doing.
Turns out what the reviewer was doing is selecting "Continue with Facebook" on the Instagram Login screen and going that route (via Facebook login) instead of entering the instagram credentials directly. Only once I realized that I was able to pin point the problem. Interestingly though testing on the Simulator was fine but the problem only became apparent once I tested on the real device. The reason - simulator doesn't have neither Facebook app nor Instagram app installed, so it behaves differently versus the device where these apps get involved in the flow via deep linking.
The bottom line:
Test on real device.
Make sure to test both the direct Instagram log in and the "Continue with Facebook" option.
Test on the device with and without the Facebook and/or Instagram app installed.
Make sure to use brand new instance of WKWebView with non persistent data store to bring up the login screen, so that it doesn't have any cookies from previous logins:
let configuration = WKWebViewConfiguration()
configuration.websiteDataStore = WKWebsiteDataStore.nonPersistent()
let webView = WKWebView(frame: .zero, configuration: configuration)
Pray the God of your choosing.

WhatsApi Number Getting Blocked - NodeJs

I am using the node-whatsapi library
I am getting the number blocked. I am following the exact protocol as mentioned in the WIKI.
The flow that i follow is:
Create Adapter
Connect()
On Connect - Login
On Login
sendIsOnline()
requestPrivacySettings()
requestServerProperties()
requestContactsSync()
For Each Contact sendPresenceSubscription(), getStatus() and getProfilePicture()
And when i receive a message:
adapter.requestContactsSync('1234567890', 'delta', 'background');
getProfilePicture()
Save to DB
Now, what we do and why do we use WhatsApi
We enable our existing Customers to talk to their internal teams on WhatsApp. So, a customer initates a chat and a help desk team responds to them on an application.
Got the number blocked now. Unable to understand where am i going wrong.
Also, the total number of messages exchanged between the customer and the helpdesk team is around 1k a day.
What you're "doing wrong" is using a third party API which is against WhatsApp's terms of service and, if detected, will get your relevant accounts blocked. It's not a fault with WhatsAPI itself or how you are using it.
WhatsApp openly publishes the only approved/compliant way to programmatically interact with their network.
http://www.whatsapp.com/faq/en/iphone/23559013
http://www.whatsapp.com/faq/en/android/28000012
Outside of that, you are going to get blocked whenever you are detected as using an unapproved means of interacting with their network.
In your particular example you're using a Node.js port of the original WhatsAPI. As of May 2015 this is the kind of pressure they are dealing with from WhatsApp (despite many years of trying to negotiate an amicable compromise with them around things like message limits and identity verification):
It sucks but that's just how it is. You can look at some alternatives which are still actively updated and may continue working for a while, but given that WhatsApp is now owned by Facebook and considering the kind of legal resources at their disposal, you should be able to see why one might be reluctant to continue updating a rogue API.
Well, got a satisfactory answer from WhatsApi collaborator matteocontrini.
Here is the answer that i got, if somebody is intrested.
It says:
the reason of getting blocked doesn't have to be because you wrote
wrong code. It could be a filter on the kind of messages you send or a
report from someone about your number.

nest api - cryptic error message when creating client with product data write permissions

I'm attempting to create a google nest client to write electricity monitor data to the Nest for display in the energy history plot, but although I'm able to create a test client with thermostat read permissions, when I attempt to create a new client with product data write permissions I get an error message saying "scopes.justification exceeds required maximum length of 140". I don't see any fields with more than 140 characters and an email to the Nest team has been unanswered for several days.
I should say I'm leaving the OAuth redirect field blank because I'm still trying to learn exactly how OAuth is meant to work and if the redirect is a site I need to write and host or what, but it appears to be optional and one can edit client details later or use a PIN so doesn't seem that's the issue, but I could be wrong.
Anyone had this issue or able to provide some tips?

Can't sign up for Azure - "We were unable to verify your account"

Anyone else have this problem?
I cannot sign up for an Azure account.
On the registration page, it asks for your phone number and wants to confirm it by sending a text or calling you. I only have a Google Voice number, and I always get
We were unable to verify your account
No matter if I choose text or call. There is no way around it. Any help?
EDIT: Other posts have indicated it's a problem when your country isn't listed, but that is not the case here (I'm in the U.S.). Those posts suggest calling "your local Microsoft branch" but how do I find that?
.
After reading the comments above, and calling Microsoft myself, I was told the verification process does not support Google Voice or Skype phone numbers.
The person I spoke with on the pre-sales department of Azure said he could not manually create an account for me or validate my Google Voice number, despite me sending him this question on StackOverflow showing that others had been successful in calling Microsoft as I had.
My solution was to use a friend's number and have him send me the verification code he received. However, it must be within the Azure signup's session timeout period or the code is no good.
I really hope someone at Microsoft sees this and corrects it for future customers.
I wanted to throw in a answer for Republic Wireless users who are having this problem.
I know this doesn't pertain specifically to Republic Wireless, but this is for those users, and should perhaps prove helpful, since this is the 1st result from Google on the error message.
Republic Wireless is a VoIP company, but they still use an underlying sprint phone number to handle calls/texts when you are not under WiFi, here is how to access your underlying phone number so you can get past the Windows Azure registration verification:
Open the Phone app (the standard dialer that comes with the phone).
Dial ##786#.
The number shown for Mobile Number is your Sprint number.
Hit the Back or Home button to dismiss the information screen.
https://community.republicwireless.com/people/carlh/blog/2013/11/20/moto-x-how-to-find-out-your-phones-sprint-number
I faced this exact same error. After trying different solutions, i decided to change my browser from Google Chrome to Microsoft Edge - and i was able to verify my account thereafter

Resources