Discussions
Authorization HEADER
good morning,
I'm unsuccessfully trying the pre_authorized_payment_tokens call.
I continue to answer 403.
I'm generating the keys directly from your site, linking one like body:
{
"reason": "Monthly payment",
"Callback_url": "https://mysite.com/callbacks/{uuid }"
}.
The result is 4p4IkKXsOziHP5bWNdh / e73499HvYhcQFUnWZ / WbJC4 =.
And this string for the signature
(request-target): post /g_business/v1/pre_authorized_payment_tokens
host: staging.authservices.satispay.com
date: ven, 18 ott 2019 14:43:51 +0000
digest: 4p4IkKXsOziHP5bWNdh/e73499HvYhcQFUnWZ/WbJC4=.
Both of them generate links provided by you.
But the answer is always Forbidden.
I use a sandbox account.
Posted by Nicolas politi over 2 years ago
Authentication failing
Hello,
I have some issues with authentication. Getting 403 Forbidden.
First of all: I checked with the online tools and both the digest and the signed string are correct. Below the data:
Body: {"flow": "MATCH_CODE", "amount_unit": 100, "currency": "EUR"}
Digest: SHA-256=RiExudeAkbTd4TtW4nDkpDH+z1iCMOYDzlGkeikTkV4=
Signed String: lA3dzYCSpwwsRC/e/nhA84jVMGGdlRcu1wXboSvE1/fGJQORxdYVcEEKIMYmqeTT4Iczid31h/X2lN3TRk7VhCJC5QHyv5U5SHRku2LfUR/ltAk+p+7EtNlkm4OR69BMirUrYNhtn+U/mdKClBz3CE61Q1w48dHnTpdqUSX05u60ql1nDP1ojxn+P+qJK9+NFAPF2AgMkXO13GTpStDiXP0C+z8AXw73A6u36tRh+cqZluYs6zqZHL7dJVgigD0hMuFYQSmcWWWpKYf+uIZqKNSILFS6fhGA07g0hymEeE6NIMg3FKW1ZdRHwiAVm19eUHLMqsnHGgaY1OL33h2dddrhJJmmGpws16tPsD8v3apRy5aw6p/RvYIbbT4yBj9j20MrAdS6AxOkpqSNI+NmI9lMKjWD9tuJymtC0GXsIftj58c1Y/uaXoIeCJeSYVibbsdWRguUnjW+8QgBIeSs2j33CpPc6S0QDROHZVgOH+b/r7zumoC5W2FyzsiDNzdTkw2bzJ20JmrCMEWQvHh3GWmfoW13I6Wqjseo8XJBiS63bc6oDwprZWJIWfiEzCSq3p0uTlz8Aw7EOEmW/2p8rYyQLsegqT4NRImMsH1xn5xAmfRGl8rtPBg2n5KNZ1jF+IBZJd2ogwFA+9gS7+iTc4I9NX6JHOm5n7SWgpCMD8M=
Authorization header: Signature keyId="il8khqr7rr56ic7r7e9kcp23jof3fmrhdd8o6irjpj0gkt4302c9n37c96d0kudm9ukjrg9sd3b8ou507rg689d6i0evi4o9a0dk5apcelsntb31am2jlh9d7uirau82kjhv9putuk7of1csgta9ff9p0fjj64q3m35vli59p6kn69tuh6pjucskulslpcr8nr017ejv", algorithm="rsa-sha256", headers="(request-target) host date digest", signature="lA3dzYCSpwwsRC/e/nhA84jVMGGdlRcu1wXboSvE1/fGJQORxdYVcEEKIMYmqeTT4Iczid31h/X2lN3TRk7VhCJC5QHyv5U5SHRku2LfUR/ltAk+p+7EtNlkm4OR69BMirUrYNhtn+U/mdKClBz3CE61Q1w48dHnTpdqUSX05u60ql1nDP1ojxn+P+qJK9+NFAPF2AgMkXO13GTpStDiXP0C+z8AXw73A6u36tRh+cqZluYs6zqZHL7dJVgigD0hMuFYQSmcWWWpKYf+uIZqKNSILFS6fhGA07g0hymEeE6NIMg3FKW1ZdRHwiAVm19eUHLMqsnHGgaY1OL33h2dddrhJJmmGpws16tPsD8v3apRy5aw6p/RvYIbbT4yBj9j20MrAdS6AxOkpqSNI+NmI9lMKjWD9tuJymtC0GXsIftj58c1Y/uaXoIeCJeSYVibbsdWRguUnjW+8QgBIeSs2j33CpPc6S0QDROHZVgOH+b/r7zumoC5W2FyzsiDNzdTkw2bzJ20JmrCMEWQvHh3GWmfoW13I6Wqjseo8XJBiS63bc6oDwprZWJIWfiEzCSq3p0uTlz8Aw7EOEmW/2p8rYyQLsegqT4NRImMsH1xn5xAmfRGl8rtPBg2n5KNZ1jF+IBZJd2ogwFA+9gS7+iTc4I9NX6JHOm5n7SWgpCMD8M="
I am using .NET Core 3.1 libraries, so I cannot take the ready-made PHP SDK.
I managed to capture the request data using Postman as a proxy, and here is what I am sending to your servers:
content-length:63
content-type:application/json; charset=utf-8
host:authservices.satispay.com
date:lun, 04 mag 2020 16:36:57 +0000
digest:SHA-256=RiExudeAkbTd4TtW4nDkpDH+z1iCMOYDzlGkeikTkV4=
authorization:Signature keyId="il8khqr7rr56ic7r7e9kcp23jof3fmrhdd8o6irjpj0gkt4302c9n37c96d0kudm9ukjrg9sd3b8ou507rg689d6i0evi4o9a0dk5apcelsntb31am2jlh9d7uirau82kjhv9putuk7of1csgta9ff9p0fjj64q3m35vli59p6kn69tuh6pjucskulslpcr8nr017ejv", algorithm="rsa-sha256", headers="(request-target) host date digest", signature="lA3dzYCSpwwsRC/e/nhA84jVMGGdlRcu1wXboSvE1/fGJQORxdYVcEEKIMYmqeTT4Iczid31h/X2lN3TRk7VhCJC5QHyv5U5SHRku2LfUR/ltAk+p+7EtNlkm4OR69BMirUrYNhtn+U/mdKClBz3CE61Q1w48dHnTpdqUSX05u60ql1nDP1ojxn+P+qJK9+NFAPF2AgMkXO13GTpStDiXP0C+z8AXw73A6u36tRh+cqZluYs6zqZHL7dJVgigD0hMuFYQSmcWWWpKYf+uIZqKNSILFS6fhGA07g0hymEeE6NIMg3FKW1ZdRHwiAVm19eUHLMqsnHGgaY1OL33h2dddrhJJmmGpws16tPsD8v3apRy5aw6p/RvYIbbT4yBj9j20MrAdS6AxOkpqSNI+NmI9lMKjWD9tuJymtC0GXsIftj58c1Y/uaXoIeCJeSYVibbsdWRguUnjW+8QgBIeSs2j33CpPc6S0QDROHZVgOH+b/r7zumoC5W2FyzsiDNzdTkw2bzJ20JmrCMEWQvHh3GWmfoW13I6Wqjseo8XJBiS63bc6oDwprZWJIWfiEzCSq3p0uTlz8Aw7EOEmW/2p8rYyQLsegqT4NRImMsH1xn5xAmfRGl8rtPBg2n5KNZ1jF+IBZJd2ogwFA+9gS7+iTc4I9NX6JHOm5n7SWgpCMD8M="
Any clues as where the issue could be? I already (successfully) got 5 or 6 Key_Ids, but changing them seems to bring no luck.
Any additional help would be appreciated.
Thanks
Stefano
Posted by Stefano about 2 years ago
Error code 45 Forbidden
Dear support,
I'm trying to perform a call for create a payment. Following the documentation and the other tools I've this request:
METHOD : POST
URL : https://staging.authservices.satispay.com/g_business/v1/payments
HEADERS :
Content-Type : application/json
host : staging.authservices.satispay.com
date : Wen, 19 Mar 2020 16:10:24 +0000
digest : H5BnW9D/API6OC7g3LWjGeXyLg43uKT8ZG15YCPuQpM=
Authorization : Signature keyId="r95udmo9oo2tbt9q9j3gm5gekao2tbo0ph5pjpd686dp5dcrtb61d7hn0tm7jh3l1r5si4oqh1t31sbeo1urgt893v5063eningek5eird7fc9c30iqq7ai878f5o1bha6u8bso5p5i009b0dqnkeclt5grng17mfv5032h4nus2jib2oe3qluc4nkahr5m71fl1bp3e", algorithm="rsa-sha256", headers="(request-target) host date digest", signature="Yosf2ekIXU7GWpK88jWstJuLp1xTmVSA9toIAYPGydYjgKDY3U9LnLzQc6UoerevUmY8O+nSawp/38HunFag+fHOff+NI8A6VVJLCcFSlgL9Ja4JQerue8UQ4+gOfRrWqA918U9/6ERrUWX6ezeqnuci2EnET5L0hM3N7GWlvmWO5mm3S1dSC0wueKRqWn3gU+XH9tEb5wsk/Zltrj/H2PY/Mf0h7V2RkH3XBJcZMhPVcLC/5+mcKTFbjtbG9hotq8lksiPnj0eCKvXrLfNeZlgVLcdDDSfwcz7MC168inScmQKP7OpvRklxl92/buPFEVbAMGpGXk6JnKYWZzujz2EIHQlQtwPE7Xv8fQogdBPBeTegasADzeCYvGIJpcN+2NJoqnCzUTky+Um73rvJwP0cL5mSySZi2qMwhtnWZnq+SWB+QVCuICi23F6P2+n36/CkuHde72q4f5hL0XA77duYR7PXajbNyM39CsC6mLzzLr5CGYsXz23LKv1U9GqT4uuqxg3jKm08YINhu6XBYod4LkeJjB1bbaShrZoqOE5UODhySwtwTWJjG/6Pagyeijr27sRyhsYlS0mb9UmAjT2HG66/K79EHtt40lIAuZYJMiItsj/hbOV76fCoGVBVfmB25utG3S8kEHW39i9fcEcp3Xi0nVfLHfeNPi1es38="
The digest was generated from the following body:
{
"flow": "MATCH_CODE",
"amount_unit": 100,
"currency": "EUR",
"description": "my_description",
"callback_url": "https://myServer.com/myCallbackUrl?payment_id={uuid}",
"metadata": {
"order_id": "my_order_id",
"user":"my_user_id",
"payment_id":"my_payment",
"session_id":"my_session",
"key": "value"
}
}
With the tool. Also the signature was generated with the tool from the following (and the generated private key):
(request-target): post /wally-services/protocol/tests/signature
host: staging.authservices.satispay.com
date: Mon, 18 Mar 2019 15:10:24 +0000
digest: SHA-256=H5BnW9D/API6OC7g3LWjGeXyLg43uKT8ZG15YCPuQpM=
But the response is :
{
"code": 45,
"message": "Forbidden",
"wlt": "iZt3QxnY"
}
Can you help me?
Thanks
Posted by Jacopo Ferrara over 2 years ago
How to obtain key_id
Hello, i created a business Sandbox account, created an app with associated account, made the rest api with clientId and secret and obtained the access_token.
The problem is:
- is it necessary?
- why https://authservices.satispay.com/g_business/v1/authentication_keys doesn't work?
Posted by Matteo about 2 years ago
Error: Missing payment details
Hello, we are integrating the Web-button - pre-authorization FLOW (https://developers.satispay.com/docs/web-button-auth)
When creating the button, while display the qrcode, after confirm the authorization on mobile app, the web button remains in state "La richiesta è stata accettata
Attendi qualche secondo..." and in browser console I see this error:
Error: Missing payment details web-button.ts:151:23
ioInitializeStandardWebButton web-button.ts:151
fromOption pipeable.js:162
pipe pipeable.js:13
ts web-button.ts:149
Webpack 3
__webpack_require__
As we are integrating the preauthorization flow, what payment details does expect the web button widget?
Posted by Emanuele over 2 years ago
Callback url not invoked
Hi,
I'm implementing this workflow: https://developers.satispay.com/docs/mobile-app-auth
After getting the tokenId we call the Sandbox App from our App passing the tokenId and the callback url.
The Sandbox App asks me to authorize the automatic payments, but when I confirm the callback url it is not called by the Satispay server.
The callback url is a web service like this:
http://<myserver>/payment/satispayMethodCallback
It answers to all GET requests without authentication.
Which could be the problem?
Thank you
cld
Posted by Claudio about 2 years ago
Prestashop module v1.5.0 doesn't show both the Order Confirmation and the Payment Error screens
Hi,
I write to you because the module, that I have installed on PS v1.6 platform, doesn't show the Order Confirmation message in the last page of the checkout.
When the customer is redirected on the website (after the payment with Satispay), the module shows him an empty page, that seems broken.
I've checked the module files (specially, the return.php) and these is what I've found:
1) When payment is closed successfully the redirect to order confirmation page happens, but as the module hasn't got neither the HOOK_ORDER_CONFIRMATION nor the HOOK_PAYMENT_RETURN, the page appears blank.
2) When an error payment occurs, instead, the module brings the customer to the Order History page, without any error message. This doesn't help the customer to understand the payment isn't close successfully.
Perhaps, it would be more correct if the order confirmation page tells the customer both when the payment is closed successfully, and when an error occurs.
Could you help me to solve this problem? Let me know.
Posted by Clara almost 2 years ago
Error forbidden
I received this error:
{
"code": 45,
"message": "Forbidden",
"wlt": "nHAGj0PP"
}
I use Activation codes for Authentication and public key type sha256.
Posted by Luca Bertacchini about 2 years ago
Authentication Test Failed
Hello,
I always receive an authentication failed response (role=public).
Here is the full code
$keyId = 'qr00fekd2ld3kaqjrli7c01jmdmnq57tngni3qldaq1qtipk2da2ddi15d4huci6n21t2cohb8gcb5ei007cea1b4g4rktmn9iq42v2r463i831kj7qlici5oo1gc886ph0e8757bcf15b6gpll266a4a7fic769gd7dfsnj2gdnp3qgj86um742be7ctmmajj9d4gb9';
$post = [
'flow' => 'MATCH_CODE',
'amount_unit' => '100',
'currency' => 'EUR',
'callback_url' => 'https://myServer.com/myCallbackUrl?payment_id={uuid}',
'metadata' => array("order_id" => "my_order_id",
"user" => "10",
"payment_id" => "PPP12345"
),
];
$reqDate = 'Tue, 28 Apr 20 10:18:42 +0000';// gmdate(DATE_RFC822);
$digest = base64_encode(hash("sha256", json_encode($post), true));
//GENERATED DIGEST IS mI0YGicSLEGMd5/XQcexSVOLL7pbM4XXmXoX0spADsI=
$string = "(request-target): post /wally-services/protocol/tests/signature\n
host: staging.authservices.satispay.com\n
date: $reqDate\n
digest: SHA-256=$digest";
$pkey = openssl_pkey_get_private(file_get_contents($path.'/private.pem'));
openssl_sign($string, $signatureRaw, $pkey, OPENSSL_ALGO_SHA256);
$signature = base64_encode($signatureRaw);
// GENERATED SIGNATURE IS QJ8eCV9RbyiXttn8gDMBk/LNc771wvg56vKpP5bU5C9UPQWWo/zuygJ6i5nobCp0EPoh7jgBhd9q9hvwxtW9HqXsUe3RWZOZWSKVGLuZLSFCeRy3dECFedtJRxclTbvDxe7uB14+Iprv8ALUR0Vp/04k0ZAWJ18Fw9jRn0ojSPO2GaZHKUlj5vjELLwVQHMevz76RlKyh1VK/IFznuGjrgxJV1TJEJSxsbE63I88RBslPetZD9iBhGx/nqK/dCa7QTpjiTrJyS+46rSRi8no0rSTLwx+b29LIh2eXSsnihM6vY/kIe65faUFySUp3iYlApKf3Mp3lrvXp6IeZa8TI2qz/pxH7jp2DTJUDEdab/x9qlz4zljwKpbwGJ7iSlJ2K6Bh/bNO5A1GUEgBdWvCSBd4e9fu8LTYCIG3VImpHDrTXY5/bY3LBcaIW9QsK00lK52gwOK93djAz/DXUeD0omjnRJnymQQ9ta0HS+ts06VdB2WzjwfmDRcB704nGGIqz4nWxRyQKmfj+zZf3rFc5j3cXtNUD/aMvKvc7Rd8tZJMJpFZBZQQUdm8HsauHfHmPEJMout9EKvDC1x0vCS+vW6j8zDydGxvNoP0v7Db9p38Tm03jgPo9dNqV6g3G9CmjXhJosXxsXGRpphVQkRWtCK3AFS7LJwcFABgAi6E4bg=
$authorizationHeader = "Signature keyId=\"$keyId\", algorithm=\"rsa-sha256\", headers=\"(request-target) host date digest\", signature=\"$signature\"";
openssl_free_key($pkey);
// Test the Authentication
$url = 'https://staging.authservices.satispay.com/wally-services/protocol/tests/signature';
$ch = curl_init($url);
$customHeaders = array(
'host: staging.authservices.satispay.com',
'Content-Type: application/json',
'Accept: application/json',
'date: ' . $reqDate,
'digest: ' . $digest,
'Authorization: ' . $authorizationHeader,
);
curl_setopt($ch, CURLOPT_HTTPHEADER, $customHeaders);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, Json::encode($post));
$result = curl_exec($ch);
Can you please tell me what i'm doing wrong?
Regards
Posted by Elia Porcaro about 2 years ago
Payment Id in Web-Redirect Flow new API
Hello.
In our e-commerce we are using the Web-Redirect payment flow, implemented using the old API. So we are using the "/online/v1/checkouts" call, redirecting the user to "https://staging.online.satispay.com/web-app?checkout_id={checkout_id}", who then will be redirected back to our site through the redirect_url we provide after he accepts / cancels the payment. In the old API the redirect_url would include the charge_id as a query string param, so that we can check the payment status and show an appropriate message to the user.
We are now trying to move to the new API, but with the new "v1/payments" API it seems that the payment_id would not be included as a paremeter of the redirect_url(there is no mention of it in the documentation, the same holds true with the Pre-Authorization Web-Redirect which uses a similiar flow).
So am i wrong or the payment_id won't be actually added to the redirect_url as happened with the old API?
Thank you
Stefano
Posted by Stefano Fortuna over 2 years ago