Integrating 3D Secure into Payius payment system - payment

Is there anyone familiar with Payius payment system?
I have integrated the system in one website and now I have to add 3DS step. The only documentation I found (http://payius.com/media/pdf/Payius-Merchant-Integration-Giude.pdf)
says I need to redirect the user to url https:///merchant/mpi which will perform a get request to the referrer as a callback. Now as I understand for testing purposes the url should be https://testpayments.payius.com/merchant/mpi right? In any case both bring up en error.
Did I get the documentation right?

Ok, the correct url for testing is https://testpayments.payius.com/merchant/mpi. It appears the mistake was in passed parameters. If you do not pass needed request parameters, the page will not be loaded at all.

Related

Can you add url or body parameters to the internal url in Azure application proxy?

I already set up the application proxy and it works fine. The problem is I need to pass info about the Microsoft user to the application that the internal URL is pointing to, and I haven't found a way to change the url dynamically, much less create a custom body, to pass on said information.
If there isn't any way to send said info over url or request body, would it be possible over cookies? If so I'd love it if you could link me to some sources to read up on it as I have no prior experience working with cookies and have absolutely no idea about how they work:\
I'd really appreciate any help you can give me, I googled a bunch and am yet to find an answer. Also please don't crucify me if the answer is obvious lol, I'm trying:(

A third party application may be attempting to make unauthorized access to your account - Ameritrade

I was trying to do some simple authorization for ameritrade's developer platform. I was attempting.
According to the platform, the Endpoint I need to access is is:
https://auth.tdameritrade.com/auth?response_type=code&redirect_uri={uri}&client_id={client_id}}%40AMER.OAUTHAP
https://developer.tdameritrade.com/content/simple-auth-local-apps
When looking at the client_id, for the dev application, I was noticing that they may actually be referencing the Applications, Consumer Key instead? So i did just that, but when attempting to query the information, it returns: A third-party application may be attempting to make unauthorized access to your account. The reason why i think it is the consumer key, is listed at: https://developer.tdameritrade.com/content/getting-started
So I ended up doing something like:
from urllib.parse import urlencode, quote_plus
url = "https://auth.tdameritrade.com/auth?response_type=code&redirect_uri={uri}&client_id={client_id}}%40AMER.OAUTHAP".format(
uri=urlencode("http://localhost", quote_via=quote_plus),
client_id="JHBDFGJH45OOUDFHGJKSDBNG" #Sample
)
I dont think this is because I am currently in a different country currently, I think that something else is wrong here.
It doesnt follow through with it, but instead returns a 400 error with that information. Im not sure whats wrong though.
This happens when you copied the callback URI incorrectly. Imagine if this were a client application, and TD detected that the application is trying to send the user to a different URL than the app is configured with. If they send the callback request to that application, it will receive the token and gain full control over your account.
Have you double and triple checked that you're copying the callback URL correctly, protocol name, ports, and trailing slashes and everything? Also, consider using an API library instead of writing your own. You can find documentation about this specific error here.
I had this issue and I solved it using simply using http://127.0.0.1 on the call back URI of the App.
I then used below URL and it worked as expected.
https://auth.tdameritrade.com/auth?response_type=code&redirect_uri=http%3A%2F%2F127.0.0.1&client_id={MyConsumerKey}%40AMER.OAUTHAP
Just in case anyone is still having this problem, make sure the callback URI is spelled EXACTLY the same as you specified when creating the app. I was having this problem because I set the callback on the TD developer website to "https://localhost/" and used "https://localhost" in the URL instead (missing the slash at the end). As soon as I added the slash at the end, it worked.
I found out that the issue is caused by the way the callback URL is set. It have to be exactly the same as the callback URL you have typed in at the apps details on the TD developer API page. I tried several permutations and indeed to get the authorization to work both have to be the same. eg. https or http.. end with '/' or does not, it matters. There is also no need to URL encode it.

Handle custom URL portion after /

I am honestly not sure what it is called, however hopefully someone here knows how and what exactly it is.
I want to be able to handle a URL sent to my server, and display different site based on the URL. Such as facebook and twitter do, (i.e. facebook.com/usernamehere) I assume that the server takes that link and parses to load the right information based on the URL, but I am not exactly sure what that is called or how I can achieve that effect.

So how do properly setup a Redirect Uri?

A few days ago, I was playing around with a local API(not Google) and it required me to provide a Redirect Uri while trying to setup my app in their dashboard.
I did some googling and top searches led me to oAuth2.0 and Google Developer's website. But this API I'm using is not related with any of Google's so I thought it won't be relevant.
Is the setup of Redirect Uri for most APIs universal or almost the same? What programming languages can I use to implement this?
The description also says I need to parse a subscriber_number and access_token in JSON format. How do I do that?
Please note that I have already found a free hosting site via Firebase and have provided my own link. I also did the initial steps from another user to fire the required access_token that I needed to parse from the Redirect Uri. But accessing it from the browser right after triggering doesn't give me anything. I'm so clueless. Any help is much appreciated!

Action Hero JS Post API

I am totally new to Action HeroJS and I was wondering how can I restricted users to access my action herojs rest API, url from the browser?
I have even put the route as POST, but it is still accessible by get method?
Just like in java when we specify a rest api as post, it will not be accessible by get or browser url?
How can I accomplish this?
Edit:
Contacted the Action Hero, on github, they were pretty helpful, the solution was:
in web.js, put simpleRouting : false, and it should resolve the Issue.
Before you could access a post routed action, from the URL but after doing this you cannot!!
accessing a POST using get will return you a 404.
Thanks #Evan
Regardless of your language/framework, all routes are able to be hit by anyone, unless you block them at load-balancer or similar level.
Rather than thinking about the problem as "how to block" access, you should be thinking about the problem like "how can I ensure that this user is authenticated to use this route". Using things like cookies or tokens is the way to go.
You can use actionhero's middleware to apply access rules to specific actions, and return errors to the use if they aren't allowed.
Here's an example project that does these types of things:
Actions for dealing with the session: https://github.com/evantahler/actionhero-angular-bootstrap-cors-csrf/blob/master/actions/session.js
Middleware which uses that session data for access: https://github.com/evantahler/actionhero-angular-bootstrap-cors-csrf/blob/master/initializers/session.js
and finally another action (route/url) which requires the logged-in-session middleware: https://github.com/evantahler/actionhero-angular-bootstrap-cors-csrf/blob/master/actions/showDocumentation.js

Resources