Hi i am not able to receive the confirm subscription request from Amazon, tried everything.
My endpoint url is: http://example.com/test/test.
I have tried following snippets of code to receive response:
1) ->
$headers = apache_request_headers();
$body = #file_get_contents('php://input');
file_put_contents(Path to file."json_sns.txt", serialize(print_r($headers, 1)."\n---body---\n".$body));
2) ->
$h= fopen("php://input","r");
$X = stream_get_contents($h);
$J = json_decode( $X , true);
file_put_contents(Path to file."json_sns.txt", serialize(print_r($headers, 1)."\n---body---\n".$body));
3) ->
file_put_contents(Path to file."json_sns.txt", serialize($_POST));
and many more, yet no success. Verified that the endpoint url is accessible through browser.
Subscription is there in sns console with pending confirmation status.
Please help me how to receive the response from amazon, also point out if i have done something wrong in my code or i have missed out any step. Thanks.
Resolved the issue, actually CSRF token was causing the problem, due to which Amazon request wasn't completing, added a exception for its request, and then it worked like a charm. :)
Related
I'm having trouble trying to verify paypal webhook signatures with PHP. Using the new V2 of paypals APIs I am receiving the paypal webhook on my page.
However I can not seem to successfully validate the signature.
From the link HERE I got some sample webhook validation PHP code from paypal.
I can not get it working, I don't know where I am supposed to get bootstrap.php from in the paypal code. The paypal information seems incomplete or half baked. Paypal seems to be terrible to set-up compared to Stripe.
Has anyone got experience of validating paypal webhook signatures with PHP when using V2 of the paypal APIs ?
Well I have come to the conclusion that the Paypal developer information is rather poor, it is scatted all over the place, on multiple different pages and sites. The examples they give on the paypal developer website HERE are not a complete picture of what is required to validate a webhook signature. Stripe developer documentation is much better formatted and concise.
Installing Paypal Checkout V2 SDK does not give you the necessary development tools to validate paypal webhook signatures i.e. you can process payments and receive webhooks but you can not validate the webhook signatures....I know stupid. Tip do not download the SDK directly as you will not include the required autoload.php file. Use composer to install Paypal Checkout V2 SDK so that you get the autoload.php file.
Once you are to a point that you can process payments and receive webhooks form paypal you need to install the another SKD called Paypal Rest API SDK. Again use composer to install the SDK so that you get a autoload.php file which you will need.
When you install Paypal Rest API SDK amazingly you will still be missing files that are required to validate the payapl webhook signatures. I can find no mention of these anywhere on the paypal developer website.
bootstrap.php & common.php
Thanks to #Grumpy I got some samples provided on github HERE
Note you will probably need to modify the samples a bit in order to get them working with your website. Tip set the logger to false and save yourself some bother if you don't have the necessary access permissions to write.
Once you have bootstrap.php & common.php files created you can write the code for your webhook endpoint page i.e. the page that paypal sends the webhook to. I have included my PHP code below for how to validate and then process the paypal webhook. Tip in the below code you need to specify the webhook ID, each webhook that you create in paypal has a unique ID. Also when you are testing you can not use webhook simulator as this will fail validation, you can make manually a payment with your sandbox account details which will trigger a webhook payment event.
Paypal sure don't make it easy, their documentation is all over the place compared to Stripe. The Paypal webhooks can sometimes take several minutes to arrive after a payment is made, very frustrating when trying to debug. Also it's a bit ridiculous that they have a webhook simulator on the paypal developer website that can not be used to validate signatures...if stripe can do it why can't paypal.
<?php
//get the webhook payload
$requestBody = file_get_contents('php://input');
//check if webhook payload has data
if($requestBody) {
//request body is set
} else {
//request body is not set
exit();
}
use \PayPal\Api\VerifyWebhookSignature;
use \PayPal\Api\WebhookEvent;
$apiContext = require __DIR__ . '/bootstrap.php';
//Receive HTTP headers that you received from PayPal webhook.
$headers = getallheaders();
//need header keys to be UPPERCASE
$headers = array_change_key_case($headers, CASE_UPPER);
/*
example header paypal signature content for webhook, these values are recieved as an array, we then need to use this data to verify the payload
CONTENT-LENGTH : 1376
CORRELATION-ID : 6db85170269e7
USER-AGENT : PayPal/AUHD-214.0-54377828
CONTENT-TYPE: application/json
PAYPAL-AUTH-ALGO : SHA256withRSA
PAYPAL-CERT-URL : https://api.paypal.com/v1/notifications/certs/CERT-360caa42-fca2a784-5edc0ebc
PAYPAL-AUTH-VERSION : v2
PAYPAL-TRANSMISSION-SIG : Hc2lsDedYdSjOM4/t3T/ioAVQqFPNVB/AY/EyPNlavXk5WYUfnAmt9dyEP6neAPOjFHiVkXMK+JlLODbr6dalw6i26aFQdsPXqGl38Mafuu9elPE74qgsqNferUFgHi9QFXL+UZCNYcb4mvlDePXZIIAPbB0gOuFGOdEv2uqNwTCSAa/D8aguv1/51FWb3RkytFuVwXK/XNfIEy2oJCpDs8dgtYAZeojH8qO6IAwchdSpttMods5YfNBzT7oCoxO80hncVorBtjj1zQrkoynEB9WNNN9ytepNCkT8l29fQ4Sx/WRndm/PESCqxqmRoYJoiSosxYU3bZP7QTtILDykQ==
PAYPAL-TRANSMISSION-TIME : 2020-04-05T14:40:43Z
PAYPAL-TRANSMISSION-ID : 6dec99b0-774b-11ea-b306-c3ed128f0c4b
*/
//if any of the relevant paypal signature headers are not set exit()
if(
(!array_key_exists('PAYPAL-AUTH-ALGO', $headers)) ||
(!array_key_exists('PAYPAL-TRANSMISSION-ID', $headers)) ||
(!array_key_exists('PAYPAL-CERT-URL', $headers)) ||
(!array_key_exists('PAYPAL-TRANSMISSION-SIG', $headers)) ||
(!array_key_exists('PAYPAL-TRANSMISSION-TIME', $headers))
)
{
exit();
}
//specify the ID for the webhook that you have set up on the paypal developer website, each web hook that you create has a unique ID
$webhookID = "ENTER_YOUR_WEBHOOK_ID_HERE";
//start paypal webhook signature validation
$signatureVerification = new VerifyWebhookSignature();
$signatureVerification->setAuthAlgo($headers['PAYPAL-AUTH-ALGO']);
$signatureVerification->setTransmissionId($headers['PAYPAL-TRANSMISSION-ID']);
$signatureVerification->setCertUrl($headers['PAYPAL-CERT-URL']);
$signatureVerification->setWebhookId($webhookID);
$signatureVerification->setTransmissionSig($headers['PAYPAL-TRANSMISSION-SIG']);
$signatureVerification->setTransmissionTime($headers['PAYPAL-TRANSMISSION-TIME']);
$signatureVerification->setRequestBody($requestBody);
$request = clone $signatureVerification;
try {
$output = $signatureVerification->post($apiContext);
} catch (Exception $ex) {
//error during signature validation, capture error and exit
ResultPrinter::printError("Validate Received Webhook Event", "WebhookEvent", null, $request->toJSON(), $ex);
exit(1);
}
$sigVerificationResult = $output->getVerificationStatus();
// $sigVerificationResult is a string and will either be "SUCCESS" or "FAILURE"
//if not webhook signature failed validation exit
if($sigVerificationResult != "SUCCESS"){
exit();
}
else if($sigVerificationResult == "SUCCESS"){
//paypay webhook signature is valid
//proceed to process webhook payload
//decode raw request body
$requestBodyDecode = json_decode($requestBody);
//pull whatever info required from decoded request body, some examples below
$paymentSystemID = $requestBodyDecode->id;
$eventType = $requestBodyDecode->event_type;
//do something with info captured from the webhook payload
}
This seems to work with php 8.1:
if (openssl_verify(
data: implode(separator: '|', array: [
$httpPayPalTransmissionId,
$httpPayPalTransmissionTime,
$webhookID,
crc32(string: $rawRequestBody),
]),
signature: base64_decode(string: $httpPayPalTransmissionSignature),
public_key: openssl_pkey_get_public(public_key: file_get_contents(filename: $cachedHttpPayPalCertUrl)),
algorithm: 'sha256WithRSAEncryption'
) === 1) {
die('OK');
} else {
die('FAILED');
}
The Paysafe API was working perfectly fine in localhost, I was able to complete payment to Netbanx. I started to integrate the system on the website. I have a page for billing information, then a page for card payment where I use paysafe.js to create a token.
Then, I use PHP to get response from the server. This works in local. But online, this last part where I try to settle a payment, I get an error 500. I think it could be because the server is not using HTTPS. I want to know if it's possible that the error 500 is coming from the fact we don't have HTTPS or if it's something else?
P.S: It's complicated to access to the server because of bureaucracy, I don't want to make all the process if it's sure it's not that!
Thank you!
P.S.: I also tried using curl instead, and the response was bool(false).
require_once("config.php");
use Paysafe\Environment;
use Paysafe\PaysafeApiClient;
use Paysafe\CardPaymentService;
use Paysafe\CardPayments\Authorization;
$client = new PaysafeApiClient($paysafeApiKeyId, $paysafeApiKeySecret, Environment::TEST, $paysafeAccountNumber);
$info = new Authorization(array(
//PAYMENT ARRAY (Getting POST variable from previous page)
));
$response = $client->cardPaymentService()->authorize($info);
$statut = $response->status;
That Environment::TEST obviously does not match the production environment (or host-name).
Just enable PHP error reporting for your IP only, in order not to possibly leak any details.
Also check the console there (if any), if that host if even authorized to access the API.
I mean, HTTP500 is an error description just alike "it does not work".
I am working on a Messenger chatbot in development mode and have made some progress dealing with messages and quick replies but can't find the way to detect the Postback payload event sent by Facebook after the user press the "Get Started Button"
I have set the Get Started button postback and put the payload string by sending a POST request to the Messenger Profile API which returned "success", and had also set the "messaging_postbacks" event to my webhook.
However when the button is clicked the event is not detected by the webhook.
This is part of my code:
$input = json_decode(file_get_contents('php://input'), true);
$sender = $input['entry'][0]['messaging'][0]['sender']['id'];
//this handles the message text properly
$message = $input['entry'][0]['messaging'][0]['message']['text'];
//this deals correctly with quick reply payload
$quickreply = $input['entry'][0]['messaging'][0]['message']['quick_reply']['payload'];
I have tried separately and unsuccessfully each one of this lines of code to get the postback input triggered by the get started button:
$getstarted = $input['entry'][0]['messaging'][0]['get_started']['payload'];
$getstarted = $input['entry'][0]['messaging'][0]['message']['get_started']['payload'];
$getstarted = $input['entry'][0]['messaging'][0]['postback']['payload'];
$getstarted = $input['entry'][0]['messaging'][0]['message']['postback']['payload'];
I will appreciate any suggestions :)
The way to retrieve the value of the get_started button was among the ones I had tried, specifically:
$input['entry'][0]['messaging'][0]['postback']['payload']
The issue had to do with a separate part of my code in the cURL thats sends the POST request.
It said:
if(!empty($input['entry'][0]['messaging'][0]['message'])){
$result = curl_exec($ch);
And needed to say:
if(!empty($input['entry'][0]['messaging'][0]['postback'])){
$result = curl_exec($ch);
The get_started button sends a postback to the webhook so the first script wasn't initiating the cUrl because there was no 'message' in the $input variable but a 'postback' property
A good video resource that dealt the same issue: https://www.youtube.com/watch?v=JQkmznEfVDo
I am facing issue with Facebook Webhook for feed while messages are working perfectly. For one post i keep on getting multiple notification from Facebook. I have already raised a bug with Facebook and their team is saying that my server is failing to send back 200 OK HTTP status. Also in their doc i have found that
"Your webhook callback should always return a 200 OK HTTP response when invoked by Facebook. Failing to do so may cause your webhook to be unsubscribed by the Messenger Platform."
My code goes like this:
<?php
$challenge = $_REQUEST['hub_challenge'];
$verify_token = $_REQUEST['hub_verify_token'];
if ($verify_token === 'password')
{
echo $challenge;
}
/*........RECEIVING INPUT FROM fACEBOOK.........*/
$input = json_decode(file_get_contents('php://input') , true);
error_log(print_r($input, true));
/*after this i am calling AI and then replying back*/
Is there any way to send back 200 OK status before calling AI in php.
For the Workaround, I have stored the notification in DB and for every notification i am checking existing data (timestamp, senderId, post) in the DB to eliminate the duplicate post.
If anyone is having better option in terms of complexity please let us know.
I a similar issue and in my case I was subscribed to my test app and actual production app. Thus 2 events being sent
Maybe its a stupid question but I'm not an advanced programmer. I've
have successfully setup In-App payments for my app but it only works
without using a postback url.
I've Google'd around many hours trying to tackle this myself without
success. Hopefully anybody could help me out. I've included the script
handling the post data which does obviously something wrong.. This is what Google says:
Your server must send a 200 OK response for each HTTP POST message
that Google sends to your postback URL. To send this response, your
server must:
Decode the JWT that's specified in the jwt parameter of the POST
message. Check to make sure that the order is OK. Get the value of the
JWT's "orderId" field. Send a 200 OK response that has only one thing
in the body: the "orderId" value you got in step 3.
This is what I wrote but as far as I can see there is no way to test it (how can I simulate a post from Google?).
require_once 'include/jwt.php'; // including luciferous jwt library
$encoded_jwt = $_POST['jwt'];
$decoded_jwt = JWT::decode($encoded_jwt, "fdNAbAdfkCDakJQBdViErg");
$decoded_jwt_array = (array) $decoded_jwt;
$orderId = $decoded_jwt_array['response']['orderId'];
header("HTTP/1.0 200 OK");
echo $orderId;
Any help would be much appreciated. Thanks Tim
I had this same problem a year later and solved it with the following code:
require_once 'include/jwt.php'; // including luciferous jwt library
$encoded_jwt = $_POST['jwt'];
$decodedJWT = JWT::decode($jwt, $sellerSecret);
// get orderId
$orderId = $decodedJWT->response->orderId;
header("HTTP/1.0 200 OK");
echo $orderId;
Google Wallet's In App Purchase documentation is relatively new, and lacking on the callback side. This code works both sandbox and production side, just make sure you use your own seller secret.
Set Sandbox Postback URL in your Google Wallet setting to a test page, then log the requests to that page. You will see a JWT. Use it for test.