Discussions

good morning, I'm unsuccessfully trying the pre_authorized_payment_tokens call. I continue to answer 403. I'm generating the keys directly from your site, linking one like body: { "reason": "Monthly payment", "Callback_url": "https://mysite.com/callbacks/{uuid }" }. The result is 4p4IkKXsOziHP5bWNdh / e73499HvYhcQFUnWZ / WbJC4 =. And this string for the signature (request-target): post /g_business/v1/pre_authorized_payment_tokens host: staging.authservices.satispay.com date: ven, 18 ott 2019 14:43:51 +0000 digest: 4p4IkKXsOziHP5bWNdh/e73499HvYhcQFUnWZ/WbJC4=. Both of them generate links provided by you. But the answer is always Forbidden. I use a sandbox account.

Hello, I have some issues with authentication. Getting 403 Forbidden. First of all: I checked with the online tools and both the digest and the signed string are correct. Below the data: Body: {"flow": "MATCH_CODE", "amount_unit": 100, "currency": "EUR"} Digest: SHA-256=RiExudeAkbTd4TtW4nDkpDH+z1iCMOYDzlGkeikTkV4= Signed String: lA3dzYCSpwwsRC/e/nhA84jVMGGdlRcu1wXboSvE1/fGJQORxdYVcEEKIMYmqeTT4Iczid31h/X2lN3TRk7VhCJC5QHyv5U5SHRku2LfUR/ltAk+p+7EtNlkm4OR69BMirUrYNhtn+U/mdKClBz3CE61Q1w48dHnTpdqUSX05u60ql1nDP1ojxn+P+qJK9+NFAPF2AgMkXO13GTpStDiXP0C+z8AXw73A6u36tRh+cqZluYs6zqZHL7dJVgigD0hMuFYQSmcWWWpKYf+uIZqKNSILFS6fhGA07g0hymEeE6NIMg3FKW1ZdRHwiAVm19eUHLMqsnHGgaY1OL33h2dddrhJJmmGpws16tPsD8v3apRy5aw6p/RvYIbbT4yBj9j20MrAdS6AxOkpqSNI+NmI9lMKjWD9tuJymtC0GXsIftj58c1Y/uaXoIeCJeSYVibbsdWRguUnjW+8QgBIeSs2j33CpPc6S0QDROHZVgOH+b/r7zumoC5W2FyzsiDNzdTkw2bzJ20JmrCMEWQvHh3GWmfoW13I6Wqjseo8XJBiS63bc6oDwprZWJIWfiEzCSq3p0uTlz8Aw7EOEmW/2p8rYyQLsegqT4NRImMsH1xn5xAmfRGl8rtPBg2n5KNZ1jF+IBZJd2ogwFA+9gS7+iTc4I9NX6JHOm5n7SWgpCMD8M= Authorization header: Signature keyId="il8khqr7rr56ic7r7e9kcp23jof3fmrhdd8o6irjpj0gkt4302c9n37c96d0kudm9ukjrg9sd3b8ou507rg689d6i0evi4o9a0dk5apcelsntb31am2jlh9d7uirau82kjhv9putuk7of1csgta9ff9p0fjj64q3m35vli59p6kn69tuh6pjucskulslpcr8nr017ejv", algorithm="rsa-sha256", headers="(request-target) host date digest", signature="lA3dzYCSpwwsRC/e/nhA84jVMGGdlRcu1wXboSvE1/fGJQORxdYVcEEKIMYmqeTT4Iczid31h/X2lN3TRk7VhCJC5QHyv5U5SHRku2LfUR/ltAk+p+7EtNlkm4OR69BMirUrYNhtn+U/mdKClBz3CE61Q1w48dHnTpdqUSX05u60ql1nDP1ojxn+P+qJK9+NFAPF2AgMkXO13GTpStDiXP0C+z8AXw73A6u36tRh+cqZluYs6zqZHL7dJVgigD0hMuFYQSmcWWWpKYf+uIZqKNSILFS6fhGA07g0hymEeE6NIMg3FKW1ZdRHwiAVm19eUHLMqsnHGgaY1OL33h2dddrhJJmmGpws16tPsD8v3apRy5aw6p/RvYIbbT4yBj9j20MrAdS6AxOkpqSNI+NmI9lMKjWD9tuJymtC0GXsIftj58c1Y/uaXoIeCJeSYVibbsdWRguUnjW+8QgBIeSs2j33CpPc6S0QDROHZVgOH+b/r7zumoC5W2FyzsiDNzdTkw2bzJ20JmrCMEWQvHh3GWmfoW13I6Wqjseo8XJBiS63bc6oDwprZWJIWfiEzCSq3p0uTlz8Aw7EOEmW/2p8rYyQLsegqT4NRImMsH1xn5xAmfRGl8rtPBg2n5KNZ1jF+IBZJd2ogwFA+9gS7+iTc4I9NX6JHOm5n7SWgpCMD8M=" I am using .NET Core 3.1 libraries, so I cannot take the ready-made PHP SDK. I managed to capture the request data using Postman as a proxy, and here is what I am sending to your servers: content-length:63 content-type:application/json; charset=utf-8 host:authservices.satispay.com date:lun, 04 mag 2020 16:36:57 +0000 digest:SHA-256=RiExudeAkbTd4TtW4nDkpDH+z1iCMOYDzlGkeikTkV4= authorization:Signature keyId="il8khqr7rr56ic7r7e9kcp23jof3fmrhdd8o6irjpj0gkt4302c9n37c96d0kudm9ukjrg9sd3b8ou507rg689d6i0evi4o9a0dk5apcelsntb31am2jlh9d7uirau82kjhv9putuk7of1csgta9ff9p0fjj64q3m35vli59p6kn69tuh6pjucskulslpcr8nr017ejv", algorithm="rsa-sha256", headers="(request-target) host date digest", signature="lA3dzYCSpwwsRC/e/nhA84jVMGGdlRcu1wXboSvE1/fGJQORxdYVcEEKIMYmqeTT4Iczid31h/X2lN3TRk7VhCJC5QHyv5U5SHRku2LfUR/ltAk+p+7EtNlkm4OR69BMirUrYNhtn+U/mdKClBz3CE61Q1w48dHnTpdqUSX05u60ql1nDP1ojxn+P+qJK9+NFAPF2AgMkXO13GTpStDiXP0C+z8AXw73A6u36tRh+cqZluYs6zqZHL7dJVgigD0hMuFYQSmcWWWpKYf+uIZqKNSILFS6fhGA07g0hymEeE6NIMg3FKW1ZdRHwiAVm19eUHLMqsnHGgaY1OL33h2dddrhJJmmGpws16tPsD8v3apRy5aw6p/RvYIbbT4yBj9j20MrAdS6AxOkpqSNI+NmI9lMKjWD9tuJymtC0GXsIftj58c1Y/uaXoIeCJeSYVibbsdWRguUnjW+8QgBIeSs2j33CpPc6S0QDROHZVgOH+b/r7zumoC5W2FyzsiDNzdTkw2bzJ20JmrCMEWQvHh3GWmfoW13I6Wqjseo8XJBiS63bc6oDwprZWJIWfiEzCSq3p0uTlz8Aw7EOEmW/2p8rYyQLsegqT4NRImMsH1xn5xAmfRGl8rtPBg2n5KNZ1jF+IBZJd2ogwFA+9gS7+iTc4I9NX6JHOm5n7SWgpCMD8M=" Any clues as where the issue could be? I already (successfully) got 5 or 6 Key_Ids, but changing them seems to bring no luck. Any additional help would be appreciated. Thanks Stefano

Dear support, I'm trying to perform a call for create a payment. Following the documentation and the other tools I've this request: METHOD : POST URL : https://staging.authservices.satispay.com/g_business/v1/payments HEADERS : Content-Type : application/json host : staging.authservices.satispay.com date : Wen, 19 Mar 2020 16:10:24 +0000 digest : H5BnW9D/API6OC7g3LWjGeXyLg43uKT8ZG15YCPuQpM= Authorization : Signature keyId="r95udmo9oo2tbt9q9j3gm5gekao2tbo0ph5pjpd686dp5dcrtb61d7hn0tm7jh3l1r5si4oqh1t31sbeo1urgt893v5063eningek5eird7fc9c30iqq7ai878f5o1bha6u8bso5p5i009b0dqnkeclt5grng17mfv5032h4nus2jib2oe3qluc4nkahr5m71fl1bp3e", algorithm="rsa-sha256", headers="(request-target) host date digest", signature="Yosf2ekIXU7GWpK88jWstJuLp1xTmVSA9toIAYPGydYjgKDY3U9LnLzQc6UoerevUmY8O+nSawp/38HunFag+fHOff+NI8A6VVJLCcFSlgL9Ja4JQerue8UQ4+gOfRrWqA918U9/6ERrUWX6ezeqnuci2EnET5L0hM3N7GWlvmWO5mm3S1dSC0wueKRqWn3gU+XH9tEb5wsk/Zltrj/H2PY/Mf0h7V2RkH3XBJcZMhPVcLC/5+mcKTFbjtbG9hotq8lksiPnj0eCKvXrLfNeZlgVLcdDDSfwcz7MC168inScmQKP7OpvRklxl92/buPFEVbAMGpGXk6JnKYWZzujz2EIHQlQtwPE7Xv8fQogdBPBeTegasADzeCYvGIJpcN+2NJoqnCzUTky+Um73rvJwP0cL5mSySZi2qMwhtnWZnq+SWB+QVCuICi23F6P2+n36/CkuHde72q4f5hL0XA77duYR7PXajbNyM39CsC6mLzzLr5CGYsXz23LKv1U9GqT4uuqxg3jKm08YINhu6XBYod4LkeJjB1bbaShrZoqOE5UODhySwtwTWJjG/6Pagyeijr27sRyhsYlS0mb9UmAjT2HG66/K79EHtt40lIAuZYJMiItsj/hbOV76fCoGVBVfmB25utG3S8kEHW39i9fcEcp3Xi0nVfLHfeNPi1es38=" The digest was generated from the following body: { "flow": "MATCH_CODE", "amount_unit": 100, "currency": "EUR", "description": "my_description", "callback_url": "https://myServer.com/myCallbackUrl?payment_id={uuid}", "metadata": { "order_id": "my_order_id", "user":"my_user_id", "payment_id":"my_payment", "session_id":"my_session", "key": "value" } } With the tool. Also the signature was generated with the tool from the following (and the generated private key): (request-target): post /wally-services/protocol/tests/signature host: staging.authservices.satispay.com date: Mon, 18 Mar 2019 15:10:24 +0000 digest: SHA-256=H5BnW9D/API6OC7g3LWjGeXyLg43uKT8ZG15YCPuQpM= But the response is : { "code": 45, "message": "Forbidden", "wlt": "iZt3QxnY" } Can you help me? Thanks

Hello, i created a business Sandbox account, created an app with associated account, made the rest api with clientId and secret and obtained the access_token. The problem is: - is it necessary? - why https://authservices.satispay.com/g_business/v1/authentication_keys doesn't work?

Hello, we are integrating the Web-button - pre-authorization FLOW (https://developers.satispay.com/docs/web-button-auth) When creating the button, while display the qrcode, after confirm the authorization on mobile app, the web button remains in state "La richiesta è stata accettata Attendi qualche secondo..." and in browser console I see this error: Error: Missing payment details web-button.ts:151:23 ioInitializeStandardWebButton web-button.ts:151 fromOption pipeable.js:162 pipe pipeable.js:13 ts web-button.ts:149 Webpack 3 __webpack_require__ As we are integrating the preauthorization flow, what payment details does expect the web button widget?

Hi, I'm implementing this workflow: https://developers.satispay.com/docs/mobile-app-auth After getting the tokenId we call the Sandbox App from our App passing the tokenId and the callback url. The Sandbox App asks me to authorize the automatic payments, but when I confirm the callback url it is not called by the Satispay server. The callback url is a web service like this: http://<myserver>/payment/satispayMethodCallback It answers to all GET requests without authentication. Which could be the problem? Thank you cld

Hi, I write to you because the module, that I have installed on PS v1.6 platform, doesn't show the Order Confirmation message in the last page of the checkout. When the customer is redirected on the website (after the payment with Satispay), the module shows him an empty page, that seems broken. I've checked the module files (specially, the return.php) and these is what I've found: 1) When payment is closed successfully the redirect to order confirmation page happens, but as the module hasn't got neither the HOOK_ORDER_CONFIRMATION nor the HOOK_PAYMENT_RETURN, the page appears blank. 2) When an error payment occurs, instead, the module brings the customer to the Order History page, without any error message. This doesn't help the customer to understand the payment isn't close successfully. Perhaps, it would be more correct if the order confirmation page tells the customer both when the payment is closed successfully, and when an error occurs. Could you help me to solve this problem? Let me know.

I received this error: { "code": 45, "message": "Forbidden", "wlt": "nHAGj0PP" } I use Activation codes for Authentication and public key type sha256.

Hello, I always receive an authentication failed response (role=public). Here is the full code $keyId = 'qr00fekd2ld3kaqjrli7c01jmdmnq57tngni3qldaq1qtipk2da2ddi15d4huci6n21t2cohb8gcb5ei007cea1b4g4rktmn9iq42v2r463i831kj7qlici5oo1gc886ph0e8757bcf15b6gpll266a4a7fic769gd7dfsnj2gdnp3qgj86um742be7ctmmajj9d4gb9'; $post = [ 'flow' => 'MATCH_CODE', 'amount_unit' => '100', 'currency' => 'EUR', 'callback_url' => 'https://myServer.com/myCallbackUrl?payment_id={uuid}', 'metadata' => array("order_id" => "my_order_id", "user" => "10", "payment_id" => "PPP12345" ), ]; $reqDate = 'Tue, 28 Apr 20 10:18:42 +0000';// gmdate(DATE_RFC822); $digest = base64_encode(hash("sha256", json_encode($post), true)); //GENERATED DIGEST IS mI0YGicSLEGMd5/XQcexSVOLL7pbM4XXmXoX0spADsI= $string = "(request-target): post /wally-services/protocol/tests/signature\n host: staging.authservices.satispay.com\n date: $reqDate\n digest: SHA-256=$digest"; $pkey = openssl_pkey_get_private(file_get_contents($path.'/private.pem')); openssl_sign($string, $signatureRaw, $pkey, OPENSSL_ALGO_SHA256); $signature = base64_encode($signatureRaw); // GENERATED SIGNATURE IS QJ8eCV9RbyiXttn8gDMBk/LNc771wvg56vKpP5bU5C9UPQWWo/zuygJ6i5nobCp0EPoh7jgBhd9q9hvwxtW9HqXsUe3RWZOZWSKVGLuZLSFCeRy3dECFedtJRxclTbvDxe7uB14+Iprv8ALUR0Vp/04k0ZAWJ18Fw9jRn0ojSPO2GaZHKUlj5vjELLwVQHMevz76RlKyh1VK/IFznuGjrgxJV1TJEJSxsbE63I88RBslPetZD9iBhGx/nqK/dCa7QTpjiTrJyS+46rSRi8no0rSTLwx+b29LIh2eXSsnihM6vY/kIe65faUFySUp3iYlApKf3Mp3lrvXp6IeZa8TI2qz/pxH7jp2DTJUDEdab/x9qlz4zljwKpbwGJ7iSlJ2K6Bh/bNO5A1GUEgBdWvCSBd4e9fu8LTYCIG3VImpHDrTXY5/bY3LBcaIW9QsK00lK52gwOK93djAz/DXUeD0omjnRJnymQQ9ta0HS+ts06VdB2WzjwfmDRcB704nGGIqz4nWxRyQKmfj+zZf3rFc5j3cXtNUD/aMvKvc7Rd8tZJMJpFZBZQQUdm8HsauHfHmPEJMout9EKvDC1x0vCS+vW6j8zDydGxvNoP0v7Db9p38Tm03jgPo9dNqV6g3G9CmjXhJosXxsXGRpphVQkRWtCK3AFS7LJwcFABgAi6E4bg= $authorizationHeader = "Signature keyId=\"$keyId\", algorithm=\"rsa-sha256\", headers=\"(request-target) host date digest\", signature=\"$signature\""; openssl_free_key($pkey); // Test the Authentication $url = 'https://staging.authservices.satispay.com/wally-services/protocol/tests/signature'; $ch = curl_init($url); $customHeaders = array( 'host: staging.authservices.satispay.com', 'Content-Type: application/json', 'Accept: application/json', 'date: ' . $reqDate, 'digest: ' . $digest, 'Authorization: ' . $authorizationHeader, ); curl_setopt($ch, CURLOPT_HTTPHEADER, $customHeaders); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_POSTFIELDS, Json::encode($post)); $result = curl_exec($ch); Can you please tell me what i'm doing wrong? Regards

Hello. In our e-commerce we are using the Web-Redirect payment flow, implemented using the old API. So we are using the "/online/v1/checkouts" call, redirecting the user to "https://staging.online.satispay.com/web-app?checkout_id={checkout_id}", who then will be redirected back to our site through the redirect_url we provide after he accepts / cancels the payment. In the old API the redirect_url would include the charge_id as a query string param, so that we can check the payment status and show an appropriate message to the user. We are now trying to move to the new API, but with the new "v1/payments" API it seems that the payment_id would not be included as a paremeter of the redirect_url(there is no mention of it in the documentation, the same holds true with the Pre-Authorization Web-Redirect which uses a similiar flow). So am i wrong or the payment_id won't be actually added to the redirect_url as happened with the old API? Thank you Stefano