I have setup a webhook in shopify via settings > notifications > webhooks and entered a heroku app URL. My heroku app is in php and I run the verification function found here: https://shopify.dev/tutorials/manage-webhooks and when I open my app I get a blank response. I am not sure if this is something I am doing wrong on my heroku app, or if I am missing something. The goal here is to grab the json data after the event I have selected is ran, then to send that data to via third party api. But to start I just want to be able to verify that my heroku app is receiving the payload. Is there more I need to add to my php file in order to verify? (php noob here). Below is the code I am running in my php file, and yes I am using my shared secret found in the webhooks section.
<?php
define('SHOPIFY_APP_SECRET', 'my_shared_secret');
function verify_webhook($data, $hmac_header)
{
$calculated_hmac = base64_encode(hash_hmac('sha256', $data, SHOPIFY_APP_SECRET, true));
return hash_equals($hmac_header, $calculated_hmac);
}
$hmac_header = $_SERVER['HTTP_X_SHOPIFY_HMAC_SHA256'];
$data = file_get_contents('php://input');
$verified = verify_webhook($data, $hmac_header);
error_log('Webhook verified: '.var_export($verified, true)); //check error.log to see the result
?>
If I am not mistaken you cannot test webhooks that way as the admin does not use your API key as it has no idea who you are when in the admin. So if you have a heroku App and it has an API key, use that API key to first off establish the webhook, verify you created it with the API, and then sit around and test your actual endpoint with Shopify Admin itself. That is how it works AFAIK.
The other verification in the admin is mickey mouse and meant to just throw data at any old endpoint with no validation.
I have created firebase dynamic links from our PHP API. Created link showing with the response, but not showing in firebase console dashboard.
Please check below response from API.
{
"result": {
"shortLink": "https://sample-xyz.page.link/UVJLgCH12gCMNdu66",
"warning": [
{
"warningCode": "UNRECOGNIZED_PARAM",
"warningMessage": "Android app 'com.sample-xyz.beta' lacks SHA256. AppLinks is not enabled for the app. [https://firebase.google.com/docs/dynamic-links/debug#android-sha256-absent]"
},
{
"warningCode": "UNRECOGNIZED_PARAM",
"warningMessage": "We could not find Android package name 'test_bundle_v_1.0.54' in your Google project. [https://firebase.google.com/docs/dynamic-links/debug#app-not-in-project]"
},
{
"warningCode": "UNRECOGNIZED_PARAM",
"warningMessage": "There is no configuration to prevent phishing on this domain https://sample-xyz.page.link. Setup URL patterns to whitelist in the Firebase Dynamic Links console. [https://support.google.com/firebase/answer/9021429]"
}
],
"previewLink": "https://sample-xyz.page.link/UVJLgCH12gCMNdu66?d=1"
}
}
Please help me to resolve this issue.
As far as I understood, dynamic links created through the API won't show up in the console.
Only when going to Events>dynamic_link_first_open, dynamic_link_app_open or dynamic_link_app_update will you be able to view statistics coming into your app. Which is quite unfortunate.
But using the Google Analytics parameters when creating your dynamic link it should be possible to view some more/better statistics.
Question about the upgrade to v2.2 of the Facebook Platform, in particular, this part:
The previously deprecated REST API has been completely removed in
v2.1, and all apps still using it must migrate to using Graph API.
For the most part, in my Android and iOS app I am not using the REST API. I'm using the Android SDK and the iOS SDK. However, I do have one exception. When I call my server to login or really do basically anything, I try to assure that the person trying to login/access data is indeed the person they say they are. I do this:
$context = stream_context_create(array('http' => array('header'=>'Connection: close\r\n')));
$response = file_get_contents("https://graph.facebook.com/debug_token?input_token=".$accessToken."&access_token=MY_APP_ACCESS_TOKEN", false, $context);
$jsonObject = json_decode($response, true);
$data = $jsonObject["data"];
$facebookId = $this->getFacebookId();
if(isset($data['is_valid']) && $data['is_valid'] === true) {
if(isset($data['user_id'])) {
if($data['user_id'] == $facebookId) {
return true;
A little bit of code missing there, but that's the gist of it. Get an access token and a facebook id. I use the access token to see if it's legitamite and the user_id assigned to that access token is the id of the person trying to get info. If so, I let them in.
My question is, am I understanding correctly that this is going away and I have to use the Graph API to somehow do the same thing? How is this done through the Graph API in PHP given an access token and facebook id from Android/iOS?
EDIT: Just realized this is actually in the 2.0 to 2.1 section, but question still stands, should I be concerned about my server side code?
Thanks!
I'm thinking I don't have anything to worry about. The approach I'm using is in the Facebook Platform docs here:
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.2#checktoken
Under inspecting access tokens. Nothing on this page talks about it being deprecated.
I'm trying to use the Google API v3 to access one google calendar and according to the documentation here : http://code.google.com/apis/calendar/v3/using.html#intro and here : https://code.google.com/apis/console/, the solution I need is the "Simple API Access" & "Key for server apps (with IP locking)".
Now, when I create a page with this code :
session_start();
require_once 'fnc/google-api-php-client/src/apiClient.php';
require_once 'fnc/google-api-php-client/src/contrib/apiCalendarService.php';
$apiClient = new apiClient();
$apiClient->setUseObjects(true);
$service = new apiCalendarService($apiClient);
if (isset($_SESSION['oauth_access_token'])) {$apiClient->setAccessToken($_SESSION['oauth_access_token']);
} else {
$token = $apiClient->authenticate();
$_SESSION['oauth_access_token'] = $token;
}
and in my "config.php" file I add ONLY my developper key (in place of the "X") :
global $apiConfig;
$apiConfig = array(
// True if objects should be returned by the service classes.
// False if associative arrays should be returned (default behavior).
'use_objects' => false,
// The application_name is included in the User-Agent HTTP header.
'application_name' => '',
// OAuth2 Settings, you can get these keys at https://code.google.com/apis/console
'oauth2_client_id' => '',
'oauth2_client_secret' => '',
'oauth2_redirect_uri' => '',
// The developer key, you get this at https://code.google.com/apis/console
'developer_key' => 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
// OAuth1 Settings.
// If you're using the apiOAuth auth class, it will use these values for the oauth consumer key and secret.
// See http://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto.html for info on how to obtain those
'oauth_consumer_key' => 'anonymous',
'oauth_consumer_secret' => 'anonymous',
But then I get errors and it tells me it's trying to authenticate using the "OAuth 2.0" system which I don't want to use. I only want to access one calendar with an API key.
And amazingly, when I search in google "Simple API Access key" I find nothing, nothing on their docs, no examples, no tutorials, nothing. Am I the only one using this thing?
So can someone tell me what I'm doing wrong?
(i know this is an old question but i would've been glad if someone
gave a real answer here so i'm doing it now)
I came on the same problem, Simple API access is not well documented (or maybe just not where i searched), but using the Google API Explorer i found a way to get what i need, which is in fact pretty straightforward. You don't need specific lib or anything : it's actually really simple.
In my case i simply needed to search a keyword on G+, so i just had to do a GET request:
https://www.googleapis.com/plus/v1/activities?query={KEYWORD}&key={YOUR_API_KEY}
Now, for a calendar access (see here), let's pretend we want to fetch access control rules list. We need to refer to calendar.acl.list which give us the URI :
https://www.googleapis.com/calendar/v3/calendars/{CALENDAR_ID}/acl?key={YOUR_API_KEY}
Fill in the blanks, and that's pretty much all you need to do. Get a server key (API Access submenu), store it somewhere in your project and call it within URIs you're requesting.
You cannot access your calendar information using API Key. API keys (or simple API acess key) are not authorized tokens and can only be used for some API calls such as a Google search query etc; API keys will not let you access any user specific data, which I am assuming is your objective through this calendar application.
Also, from what I see in your code, you are creating a client object which is going to use OAuth 2.0 authentication and hence you are getting authentication error messages.
There is no such a thing called Simple API Access key.
Normally OAuth 2.0 is used for authorization. But since you have your reason not to use it.
If you want to use OAuth1.0 for authorization. You need an API key in Simple API Access section on the API Access page.
If you want to use username & password login instead of OAuth, you can refer to ClientLogin, but this is not recommanded.
I got to this thread when trying to do the same today. Although this is way late, but the answer is YES, there is actually simple API key for those apis that does not need user authorizations, and the official client library support this.
The api library do this by Options, which is key, value pair.
Take the example of get information of a given youtube video, you would use this api: https://godoc.org/google.golang.org/api/youtube/v3#VideosListCall.Do
To use api key, simply make a type that implements the CallOption interface, and let it return the api key:
type APIKey struct {
}
func (k *APIKey) Get() (string, string) {
return "key", "YOU API KEY HERE"
}
Then when calling the API, supply the APIKey to it:
youtube, err := youtube.New(&http.Client{})
call := youtube.Videos.List("snippet,contentDetails,statistics").Id(id)
rsp, err := call.Do(opt)
This way, you can construct the youtube client with the vallina http client, rather than oauth client, and enjoy the simple api key.
The first answer said you can use http GET directly, but then you will need to handle the errors and parse the result yourself.
See below link which is helpfull to you. The Google API Client Library enables you to work with Google APIs such as Analytics, Adsense, Google+, Calendar, Moderator, Tasks, or Latitude on your server, in the language of your choice.
http://code.google.com/p/google-api-php-client/
Thanks,
Chintu
I try to get the Live Delegated Authentication to work for the purpose of reading the email addresses.
I am doing this in PHP with the help of the windowslivelogin library. The problem is that I get an error.
I'm not sure what I'm doing wrong, i registered my application on the Azure webpage and got the appid and the secret into the code. This is what i use to initialize the Live Library :
$o = new WindowsLiveLogin();
$o->setAppId('000000004801B670');
$o->setSecret('secret');
$o->setSecurityAlgorithm('wsignin1.0');
$o->setDebug(true);
$o->setPolicyUrl('http://www.google.com/aides.html');
$o->setReturnUrl("http://michaelp.dev.gamepoint.net/framework/mainsite/contactimporter/?service=live");
return $o;
Then I call
$this->LiveLibrary->getLoginUrl()
And after I Login in to Live, it posts 2 things back, $_POST['stoken'] and $_POST['action'].
As soon as I call
$this->LiveLibrary->processLogin($_REQUEST);
It fails and gives back an error that the token is invalid.
I tried getting Consent straight away by making redirecting to
$this->LiveLibrary->getConsentUrl("Contacts.View");
But that gives an 3007 error and says that it cant share the information
According to MS this means the following :
3007
Consent Service API failed in the <method name> method. The application verifier is invalid.
The offer security level requires that a valid application verifier be passed with the request.
I am using the following URL, generated by the library
https://consent.live.com/Delegation.aspx?ps=Contacts.Invite&ru=http%3A%2F%2Fmichaelp.dev.gamepoint.net%2Fframework%2Fmainsite%2Fcontactimporter%2F%3Fservice%3Dlive&pl=http%3A%2F%2Fwww.google.com%2Faides.html&app=appid%3D000000004801B670%26ts%3D1251722931%26sig%3DD2gkM%252F%252FwlRXXfS64NMrV%252Bkt50v6dAOcESblfRk7j%252FUE%253D
I don't understand most of the documentation Microsoft has on this thing, I think its really unclear and chaotic. Also the Sample I tried doesn't work. I get an error message, it can't validate/decode the token. Same I get when I try the processLogin().
Thanks in Advance,
Michael