Fails when Execute() an Authorized Payment after user approval.
scopes
:
"openid profile email address phone https://uri.paypal.com/services/expresscheckout"
consent_uri
:
"https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize?client_id=my_client_id&response_type=code&scope=openid%20profile%20email%20address%20phone%20https://uri.paypal.com/services/expresscheckout&redirect_uri=https://www.my_site.com/src/paypal.php"
[http_code] => 403
[url] => https://api.sandbox.paypal.com/v1/payments/payment/PAY-55313193UK1537019LCXIDBA/execute
[header] => Array
(
[0] => Content-Type:application/json
[1] => Authorization:Bearer user_access_token_from_identity_api
[2] => PayPal-Partner-Attribution-Id:pp_attr_id
)
[post_data] => {"payer_id":"3BTU9WTCHAU2Q"}
[response] => {"name":"REQUIRED_SCOPE_MISSING","message":"Access token is missing required scope.","information_link":"https://developer.paypal.com/webapps/developer/docs/api/#REQUIRED_SCOPE_MISSING","debug_id":"e40c3f6b601a"}
)
I am only using one sandbox client_id and I have the Accept Payments and Use Seamless Checkout permissions enabled.
https://developer.paypal.com/docs/integration/direct/identity/seamless-checkout/
Any insight is greatly appreciated.
Do you have "Subcription" mark checked in Your app config under the "APP CAPABILITIES" -->> "Advanced options" on developer.paypal.com ?
TLDR; I was allowing user login separate from checkout and was signing the checkout requests using that Identity API token. In reality, the Identity token is only useful to log a user into my website, at which point a new Bearer token for the Restful API's should be requested and used.
Answer: From pp-randy on Github:
The access_token you need for your rest payments should be using this API call.
The only token I see from you is from the Identify endpoint /v1/identity/openidconnect/tokenservice which is not correct for the REST Payments.
Randy was right - I was signing the API requests using the token returned when I logged in the user with the Identity API.
In reality, the user's access token that is returned by the Identity API has only one purpose, to sign the request to "/v1/identity/openidconnect/userinfo/" which gets the unique_id used for login.
I was signing requests to the Payments API with that same token returned by the Identity API when I should have been using the token provided from this endpoint:
"/v1/identity/openidconnect/tokenservice"
Paypal Reponse Times:
My ticket on Github Paypal SDK was answered in 4 - 5 days
My ticket in the Merchant Services Queue was answered in about 4 days
Entire troubleshooting can be found here:
https://github.com/paypal/PayPal-PHP-SDK/issues/785#issuecomment-282749095
Randy from the Paypal SDK went above and beyond to answer my question, even though I do not use the SDK. Thank you Randy!
Related
I want to create seller onboarding account before payment(connected account under master payal business account). For that we using below API to connect customer and create account.
https://developer.paypal.com/docs/platforms/seller-onboarding/before-payment/
After creating seller account we want to process MOTO payment (Telephony payment) into that seller account. Therefore we need API username, password and signature to process payment using Paypal API and process MOTO payment to that account.
Can you please help us to achieve this kind of functionality using Paypal API's.
Thanks
Onboarding requires being an approved PayPal partner, so you'll have to contact PayPal about this. Unless you do hear back with an approval and further guidance, any attempt to use onboarding APIs in production will result in a 401 Unauthorized response.
Username, Password, and Signature are used by the old legacy classic APIs. You should not be integrating with classic APIs, but rather the current PayPal REST APIs, such as v2/checkout/orders, which use a clientid and secret. If you need a seller's credentials, the way to get them is to ask. They can obtain them via an App in the "Live" tab of https://www.paypal.com/signin?intent=developer&returnUri=https%3A%2F%2Fdeveloper.paypal.com%2Fdeveloper%2Fapplications , and copy them to your interface. You should then try to obtain an access token to verify that the credentials are valid, and prompt the user to re-enter valid credentials if they are not.
I am using BingAds-PHP-SDK to get authenticated user detail.
Firstly done Authentication with OAuth successfully and get authentication token and refresh token.
But when call GetUser() returning following Exception.
Main Exception detail:
stdClass Object (
[AdApiFaultDetail] => stdClass Object (
[TrackingId] => bdfe1a94-b33f-xxxx-a542-1adc15148bae
[Errors] => stdClass Object (
[AdApiError] => stdClass Object (
[Code] => 105
[Detail] =>
[ErrorCode] => InvalidCredentials
[Message] => Authentication failed. Either supplied credentials are invalid or the account is inactive
)
)
)
)
Exception faultcode : s:Server
Exception faultstring : Invalid client data. Check the SOAP fault details for more information
More detailed example here
Does the Microsoft account user (corresponding to your access token) have permissions to login to the Bing Ads web UI? It is possible to get an access token for a Microsoft account who does not have Bing Ads permissions (and thus GetUser would fail with the 105 error by design), so please check to make sure this user can manage at least one Bing Ads account.
If the Microsoft account user has Bing Ads UI access, then I suggest contacting support for help with troubleshooting the 105 error. In that case it will also help if you provide support the SOAP request, response, and timestamp.
I hope this helps!
I was getting a similar error.
I used:
print $proxy->GetService()->__getLastRequest()."\n";
print $proxy->GetService()->__getLastResponse()."\n";
to display the SOAP errors.
I then saw the error was: The user does not represent a authorized developer
Which led me to check my AccountId and CustomerId were correct.
There are multiple possible issues that could cause your SOAP API request to the Bing API to fail with that 105 Invalid Credentials, some of those issues could be unrelated to the OAuth info you are passing into the call (from my experience).
A few things to check:
You have a valid Client App setup with universal access
You properly requested your Access Token and Refresh Token using the App ID created in step 1 and you utilized the proper scopes in the request
The user you used to authenticate the scopes in your OAuth Token Request is the same user used to generate your Developer Token
Ensure your SOAP URLs are correct and that you are properly authenticating and making your API calls to the right URL. You can test this with Fiddler (over SSL) to ensure your SOAP Envelope and Header look properly formed and are being sent to the correct endpoint URL.
I'm trying to implement payments with Stripe, i'm using Stripe connect.
I'm reading documentation for "Charging through the platform" and it says:
\Stripe\Stripe::setApiKey(PLATFORM_SECRET_KEY);
\Stripe\Charge::create(array(
'amount' => 1000,
'currency' => 'gbp',
'source' => {TOKEN},
'destination' => {CONNECTED_STRIPE_ACCOUNT_ID}
));
I have the PLATFORM_SECRET_KEY, and the CONNECTED_STRIPE_ACCOUNT_ID (Obtained from oauth flow with stripe connect), but what is the needed TOKEN?
I have readed that a token can be obtained from a "stripe form", but what is the point to "connect" the stripe account if i need to request card data to my users?
Do I missed something from the flow?
Is there a way to create a token from the user account?
Do i need to create a customer?
Note: I'm newbie with stripe payments.
Stripe Connect is used to create charges on behalf of your users. Let's say you're a marketplace for example, you allow John to sell lamps online. Then, Alice comes and wants to buy a lamp from John on your website. You use the code you mentioned before to charge Alice and send the funds to John's account directly.
It looks like what you want here though is to charge Alice for yourself instead. Alice doesn't need a Stripe account in that case. You need to collect Alice's card details using Stripe Checkout or building your own form using Stripe.js. This will give your a card token tok_XXX that you then send to your server where you use it to create a charge through the API as explained in the charges tutorial.
I am using paypal adaptive payments and i had sandbox account for this to be test for last 2 months it was working very much fine and all the transactions were successfully made by using sandbox.
Now what i'm trying to do is want to go live with adaptive payments get all the necessary information api id,password,signature, ap id etc. the problem is i'm facing right now is getting this error
Array
(
[responseEnvelope.timestamp] => 2014-12-08T21:53:30.943-08:00
[responseEnvelope.ack] => Failure
[responseEnvelope.correlationId] => f8bdc47c42067
[responseEnvelope.build] => 13414382
[error(0).errorId] => 550001
[error(0).domain] => PLATFORM
[error(0).subdomain] => Application
[error(0).severity] => Error
[error(0).category] => Application
[error(0).message] => User is not allowed to perform this action
[error(0).parameter(0)] => Chained Payment
)
and i dont know where is the problem can you please help me out
The error is because you Adaptive Payment application is not approved for Chain Payments and you are trying to execute Chain Payments API.
Go to apps.paypal.com and check(I can see that you are not enabled for chain Payments). In order to resolve the error, create a new application at apps.paypal.com and check "Chain Payments" and then use the new APP-ID to initiate this API call. It is also possible when your business/premier account is not Verified
P.S Btw, it is not possible to update the current application as it is already approved.So create new one.
In our app we are using IOS MPL library to make the parallel payment. After I get the pay key from the IOS, when I tried to validate it using PHP app, it shows me the following error:
[error] => Array
(
[0] => ErrorData Object
(
[errorId] => 540031
[domain] => PLATFORM
[subdomain] => Application
[severity] => Error
[category] => Application
[message] => You do not have permission to get these payment details
[exceptionId] =>
[parameter] =>
)
)
But If I create a parallel payment using PHP Adaptive payment API, I am able to validate the paykey and get the correct receipt.
Also what I found is when I try to create the parallel payment in PHP it asks me for App ID, API Username, API Password and API signature. But when we use IOS MPL libarary it just asks for App ID. In sandbox mode we always use same APP ID - APP-80W284485P519543T, which is same for all(universal). Then how the app will know identify who has made the call?
When I create a payment in sandbox mode using PHP application, and try to validate the transaction using a different "API credentials", then I get the same error "You do not have permission to get these payment details", which I receive when we try to do with IOS Pay key.
Here is the reply I get from the Paypal:
This is AP txn made through MPL sdk library from an iPhone app of the sender. The api caller is the sender.
The receivers in the parallel payment are different.
When one of receiver a/c made paymentdetails api call, he is the api caller for this call. So there are few restrictions on what info a api caller can view in paymentdetails api.
The receiver a/c holder will be able to view only his leg of transaction since he is NOT the original api caller that created the payment key.
That's why after paymentdetails API, you can only see the leg of your transaction information.
Also I asked Paypal, if there is a way in MPL library to define the API credentials of the merchant which can be used while doing Adaptive payment instead of the sender's API. They said no, MPL library is not built like that.
So finally, I have used IPN call to resolve the problem. Instead of updating the DB by validating the Pay key I get from the IOS device, what I did is: i have told the IOS developers to send the IPN url in Adaptive payment call. Then through the IPN url I update my database.