I am developing a project which is related to credit card processing. Developing a server in php which will accept card number from another php page(this php page gives card number to php server from database).
The problem is that there may be multiple users who will access my php page at the same time and will send the card number to server. How can I handle multiple requests?
I googled and found that curl does such things. But didn't get detailed information about it. Can anybody help me?
Related
I'm trying to integrate Revolut Business Api into our system. Mainly it will handle only payments to external (non-revolut) accounts.
Working in php and using Laravel.
I’m using the sandbox environment and the authorization process is working well, also checking our own accounts (different currencies) and creating and editing counterparties are working as expected.
During the development I and ran into a problem and I couldnt find any information online or in any community pages.
Any other endpoint (besides the above mentioned) that I’m calling is giving back an error 500 with the following error message
e.g: {"message":"Oops! An error occurred while processing your request. It has been logged for further investigation. Error Id: xxxxxxxxxxxxx”}
For testing purposes I send it payloads with bad data, and the response is working as expected pointing out the problematic data.
e.g: wrong currency transfer from specific account, or negative figure in the amount field, etc.
But whenever I send in a correct data (I believe it is correct) it responses with the above mentioned 500 error.
I do believe that the problem is on my end and I’m doing something in not the specific way.
Is anyone ran into the same situation?
Thank you
Tamas
I have an API developed in PHP for my Flutter web app. I am using this API to fetch all the data. But, I can see all the requests made to the server.
Is there any way to hide/restrict any unauthorized person to use my API? I am using HTTP library to make calls from my flutter app to API. I just want to hide those calls to web API. I have seen some websites do that. Since the server code and website code in those websites are in the same directory it can be accessed directly without having to make a request to the webserver.
Two problems I see are
You are able to see all the request made to backend server from your web page and you want to hide them.
The answer to this is No you cant. I say this based on my search in google and some posts in SO like this
You may think about disabling the developers tools. The answer is No and maybe with unknown side effects.
Is there any way to hide/restrict any unauthorized person to use my API?
The answer to this question is yes and can be done in many approaches. Like you said token based authorization has its own issue with keys being leaked and thats why there is always validity associated with it and should be considered. There are mechanisms such as refresh tokens to renew tokens etc.
The first and foremost thing I would do is enable CORS mechanism in your sever where the server will only allow request from very specific domains to be processed. More details available here
I have two services on my cpanel, godaddy. One is API which has been developed in Codeigniter another is Admin Panel which is developed in Laravel. Both share same mysql database.
API is used to provide information for android and iOS devices.
Whenever I send notification from laravel, API doesn't respond.
When I send notifications to user, the number is around 10k+, ntofication is also saved for every user in notification table.
I thought maybe that's why it doesn't respond and unable to handle both requests: from api to return query responses and saving notification in database.
It's not the case because I commented out the code that saves the notifications in database yet api calls are not being responded.
I also tried queuing the notifications saving in the database using laravel queues and redis too, but It didn't help.
Now I am confused and I can't figure out where the actual problem is.
Is there problem with the server; processing so many requests at the same time?
Can using queuing for sending notifications will help the issue? (Not the queuing saving in database process.)
Below is the server configuration :
4 CPU Cores
8GB Ram
200GB Disk Space
CetOS
Apache v2.4.39
PHP v7.0.33
MySQL v5.6.44
Please someone help, I will highly appreciate any help or suggestion.
Why don't use a beanstalk application that receives the 10k tasks and send the notification 1 by 1 with a worker to the api ?
Either the api is not able to handle all those requests at the same time, or you are not handling good the request to receive them and process it.
Can you give us an example of the request? Does the try/catch give you any reference?
If you give more information I will be pleased to help.
Here's my scenario: I have 10 ios apps with subscription in app purchases. I need one subscription purchase to be valid accross the 10 apps. Thus I require server-side receipt validation. The flow is like this: When the customer pays for the subscription, the receipt is sent to the Firebase DB and from there, I require a PHP script that takes in the receipt data . as input and sends a 'POST' request to the App store. The App store would then validate the receipt and return a JSON object back. We then overwrite the old receipt with the latest copy. Also, whenever the user logs in to any of the apps, we repeat this process and update the receipt to make sure the subscription of the user is still valid. My question is, is Firebase capable of dynamic script handling and HTTP requests?
Thanks :) for any help.
Firebase Hosting cannot execute PHP scripts. It mostly a static hosting service (so serving uninterpreted HTML, JavaScript, CSS, etc).
Recently Firebase added the ability to connect Cloud Functions to Firebase Hosting. But that still doesn't allow you to run PHP code on Firebase Hosting.
I am writing the spec for a complex business solution; it is basically a set of web apps that are all on their own servers. I want them to be independant so if one has a problem or becomes very busy then the rest are not affected.
There will be a central server that will act as the payment gateway for the apps as well as providing data to the apps themselves. The data is minimal; user ids, have they paid for that app etc.
The idea was that when an app was purchased then we'd just pass that data to the app in question.
The question is how to do this while not holding up the user's experience while we wait for the app server to resoned. The idea was to enter it into a queue and process them one by one on a cron job. However there are concerns that this will not be fast enough and the user could have to wait before accessing the app.
The other idea is that the app just contacts the main server when the user tries to use it. The main server can then approve the user and this will be kept on the app server DB so it doesn't have to check again.
What do you all think about these ideas? Is there an obviously best way of doing it?
The system should be able to scale to 100+ apps and tens of thousands of app purchases an hour.
Very interested to see what you all think! Many thanks
I have a similar but slightly different situation here, supporting a potential competitor... have I gone mad?? haha
To the topic, we use cURL to connect the server requests generally, especially if we don't want information to be public, we have a specific VPS set up for payment handling, account functions and financial functions, this will post to a centralized mySQL database for access information only so it will support a single sign on for multiple apps on multiple server clusters.
To ensure the user is immediately moved to the app they want and it works correctly, we use cURL to post initial data creating the default records in the specific app database, we then set up a PHP header redirect using to move the user to the app requested with the single sign-in already working as part of the cURL post preformed earlier.
An access key is important to us as it enables the single sign-on to be secure. It is generated 1 time per account and never updated even though we can if there is ever a security violation. We then use cURL in the user auth process to ensure the user is still signed in using their key and user id. The key is never actually passed publicly but always posted server side using a cURL method hiding it in the PHP.
I hope this helps.