ApplePay Server Requesting an Apple Pay Payment Session - applepay

I am exploring tokenized payments on the web and I am slightly confused. The ApplePay JS class is first instantiated which triggers paySession.onvalidatemerchant = function (event) {...}. At that point event contains a validationURL which we need to send to our back-end in order to: Request a valid session from the Apple Pay server. My question is, as part of the steps of the setup, we need to declare all domains and sub domains displaying the ApplePay button; what about the server's domain that will authenticate with apple apis and request the session. Where are the declared domains where the buttons are displayed tied into the whole interaction.

Apple only displays ApplePay button when you use the same domain that is verified in the apple developer account.
And yes if you are using 10 domains/sub-domains to show the apple pay button then you need to verify those domains on the apple pay account.
For more information, you need to check the following documentation you will get all your answers. This documentation created for both professional and biggers.
https://gist.github.com/jagdeepsingh/c538e21f3839f65732a5932e35809d60

Related

Google play READ_CALL_LOG permission

Reading call log is the basic feature of my app, but i dont know which option to select among the following in the list in the declaration form.
Default SMS handler
Default Phone handler
Default Assistant handler
Transactional backup and restore for users and archive for enterprise (time-limited/non-continuous)
Enterprise archive, CRM, and device management
Caller ID, spam detection, and blocking
Connected device companion apps (for example, smartwatch or automotive)
Cross-device synchronization or transfer of SMS or calls
SMS-based financial transactions and related activity where access is restricted to financial SMS transactions (for example, 5-digit messages)
SMS based money management
Proxy calls
Services - Carrier
Services - OEM
Device Automation
Physical safety / emergency alert apps (e.g., senior safety)
Call-based OTP account verification
Using SMS_CB_RECEIVED for customer communications (e.g., Smart Zone Cast service)
Write and Show Call History in Dialer
In-vehicle hands-free use or projected display
Anti-SMS Phishing
Since its only write and show call history in dialer option thats close to my requirement, i selected this, but now i got thefollowing email from google.
Google Play
Developer update
Hi Developers at Bot Entity, Thanks for contacting the Google Play
team about your app Whatsupp Direct, com.whatsappdirect.wd. Publishing
Status Publishing status: Rejected After review, your app has been
rejected and wasn't published due to a policy violation. If you
submitted an update, the previous version of your app is still
available on Google Play. Issue: Violation of Permissions policy After
reviewing your app, we found that it doesn’t qualify to use the
requested permissions for the following reason(s): App is using
unnecessary permissions When you submitted your app, you specified
your app's core functionality as follows: Write and Show Call History
in Dialer. However, based on the permitted uses, your app is only
allowed to access the following permissions: WRITE_CALL_LOG. Please
remove the following permission(s) from your app: READ_CALL_LOG.
now how do i get READ_CALL_LOG in the list??

Google Meet integration api (like Hangouts app for Slack)

I want to utilise Google Meet api, which is used in Hangouts integration for Slack, description follows
TL;DR:
Links such as https://meet.google.com/new?gid=123&gd=qwe987 can be generated, so a modal is shown which can ask user's confirmation and then some request is sent from user's browser (where the Google Meet page is opened) to some endpoint (probably it is determined from gid which seems to be google application id). Is there a way to configure my application to have a webhook, so I can generate these custom links?
There's Google+ Hangouts app for Slack. Here's how it works (after you add the app in your workspace):
you send /hangout command in any Slack channel
slackbot sends an "Only visible to you" message in this channel with a link to start a new hangout. it looks smth like this (I changed data in the link): https://meet.google.com/new?gid=691521906844&gd=THTJ30X6W%7CU01113BD13M%7CD01113BDB5Z%7Csuren%7C%7C1846381238693%7C1%7CB01QFGG5GJF%7CE1MDm4DWcuVa0RbN5ZT9o5KF
when you visit the link, a new meeting is started instantly, and the page shows modal with text "To bring others into this video call, post a link it to your Slack channel" with buttons 'Cancel' and 'Post'.
when you click 'Post', a new message is sent to the Slack channel, where the command was sent. Text is "#Suren Khorenyan has started a Google+ Hangout and would like you to join. Join Hangout." and contains a link to the meet, which was created previously
How can I utilise this integration for another app, like Mattermost (or anything else like Telegram chats via bots)?
As I see, data in the url slightly changes. Probably it's payload for Google Meet to trigger Slack to send a message with link to the channel.
gid seems to be something like google app id
gd seems to be something like google data. If I url-decode it, it becomes THTJ30X6W|U01113BD13M|D01113BDB5Z|suren||1846381238693|1|B01QFGG5GJF|E1MDm4DWcuVa0RbN5ZT9o5KF. This is some kind of payload, separated by pipes (obviously), but I don't know what any part of this means (suren is my username in the Slack workspace, probably this is used for creating an invitation message).
When I click Post, this happens:
a new POST request to https://hooks.slack.com/services/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 is sent with form-data
hangout_id: 1812381238693
hangout_url: https://meet.google.com//abc-iuqx-def
a new message is posted to the Slack channel
Google meet somehow knows where to post back! Is this configured at the Google application (application id is provided via gid)? How can I configure my application for such behaviour? Where can I setup webhook url?
If we breakdown the request, we can see that url contains some parts of the gd payload:
THTJ27X6W - this is the first part of the gd payload
B01ABCD5GJF - last but one
E1MDm4DWcuVa0RbK5ZT9o5KD - the last part of the gd payload
and form-data contains:
hangout_id - this is in the gd payload after my name
hangout_url - obviously, this is the url for the new created meeting
How can I change it for my needs?
I created a new application at Google APIs dashboard (here console.developers.google.com/apis), but can't find any docs for this integration. There's Google+ Hangouts API in API Library, but it says Apps will continue to function until April 25, 2017..
I tried to approach it from another side:
In the API Library there's Google Calendar. I found mattermost-hangout app on GitHub (had to update it a bit, so it works with updated api). Here's how it works:
oauth2 for authorising at google (single account)
it handles POST request, which is meant to be received from Mattermost (triggered by a slash command),
creates a new calendar event using Google Calendar API (with conference),
takes hangouts url from the response and sends a new message in the Mattermost channel with invitation to join the meeting.
But it has some downsides:
you have to use one account to authorise all event creation events (yeah, it can be upgraded to authorise any number of users, but it'll be inconvenient. why to force anyone to provide access to their Google Account, when Google Meet authorisation just happens in browser, we don't need to create events)
account, used for auth, now has events in his calendar. of course, events can be deleted, but it's not the way.
Is there any documentation on utilising gid and gd params?
Generally, I want to find a way to configure a webhook in my app, so when Google Meet finds my application's ID in the gid query param, it looks at the app's config and sends a request to my app (previously configured endpoint (I assume it works this way)).
Of course there's a chance that it's some kind of internal API and it cannot be used by everyone, but I could not find any information on this.

Using Phone Number to Prevent Spam: How to prevent spam on a mobile app?

Compared to using CAPTCHA, would using a phone number to prevent spam/bots improve the user experience.
I'm building an ecommerce app that does not require a user to create an account, when a user writes a product review they enter there phone number and a verification code is sent which the user sends back so that the review is successful.
It is not typical to use CAPTCHA for a app login. The better UX for app users is to get the phone number and send a verification code to authenticate if the request is coming from a real user. When an SMS arrives it normally shows up at the top (on notification window) which shows the verification code at the top. So the user doesn't even have to switch the app to read the verification code in SMS. All he has to do is wait until the SMS arrives and key in the code in your app.
There are several SMS verification API providers available to make it easy for sending out verification code.
I have used Nexmo Verify API before which makes it easy to generate the code and completes the verification.

Approval link in email body

Need help in implementing email based approval system. Ex: Manager gets an auto triggered mail for his/her approval with a approval link in email body, when the manager clicks on the the link, it should validate the manager and then approve it. I tried searching on the internet but didn't find relevant resource.
Request you to Please help me with your ideas, suggestions or how I should proceed, or any plugin or jar is available??? It would be very helpful to me... Thanking you...
EDIT: Thanking you for replying. We have a java web app build using spring framework (MVC) where in employees can apply leaves which has to be approved by his/her manager. If an employee applies leave then a mail is triggered for approval to his/her manager with the leave details. After looking the mail, the manager logs-in to the application to approve or reject the leaves. So request you to Please help me in how to give a direct link in the mail to approve or reject the leaves.
For one of our applications we had the same requirements - employees can submit vacation requests and supervisors will be notified via mail. We have written an article about the exact way we did it - available here.
So in a nutshell, we are using Spring Integration and GMail. Each new vacation request yields an email send to all supervisors. Supervisors can reply with either approve or reject. We only accept email addresses from our domain, but since these can be faked we introduced a shared secret - a UUID added to the mail's subject which then relates to the id of the vacation request.
Once an email comes in we run the business logic to figure out whether a request shall be approved or rejected.
As I stated in my comment, I used Velocity to template my email message. You don't have to use it, but it made my job easier. You should be able to read up on it.
Java itself has the ability to send emails in it's Java EE framework using JavaMail, or you can use Spring's wrappers. You will need access to a mail server of some sorts, and would highly recommend that you setup an email box specifically for this process. I actually used my gmail account during testing, but I wouldn't recommend that for a long-term solution. I assume your company would have an email server setup somewhere you can use.
The process flow would be:
Employee fills out request
System generates an email to employee's manager(s) with a link to approve
Manager clicks on link, taken to approval page
Manager approves/denies request
The next question is how to build the URL. I would suggest using something like a UUID or something like that, or the request ID if that makes it easier. You can generate a UUID from any seed String or set of bytes. I like UUID because it obviscates the data being sent.
Anyway, the URL will basically point to a Spring form that will allow the user to approve that request. So, thinking about what you would need, I would expect some DB record that relates the information in the incoming request to the time off request that was filled out. Read in the record, load the page and display it. Simple enough.
The next issue is locking it down so only the authorized people can approve. Again, making a huge assumption here, but I am guessing you are using Spring Security? If you are, you should be able to add a condition to the Controller's handler for this approval form that requires the user to be authenticated (read here) and add a java.security.Principal to the handler methods arguments (read 15.3.2.3 here for what you can pass into a Controller's handler). With the Principal object in-hand, you should be able to compare that to a list of approvers associated with the request record in the DB. I would then have the system generate approval/denial emails that code to all concerned parties.
Let me reiterate that this is NOT the only solution, only one possible solution. This is why I feel this is not a good question for StackOverflow, as it asks a very broad question that doesn't really have a single right answer.

Joomla AEC issue with Paypal, possibly IPN

I installed the Joomla AEC Version 1.0, Revision 5149.
I have set up plans and everything in this matter, if user clicks on the create an account system will ask user to select the plan. Then user clicks on buy now, she goes through Paypal, Purchase get made (Subscription with 3 days free trial) then user get redirected back to the site which all works fine.
My problem is user will see the message that says "Thank you for your registration. Our system will now await your payment. You will receive an e-mail once our system has processed your request. ". site will never get the clearance from Paypal. I havent put any custom custom URL or anything like that.
Also site is in the staging. so the URL starts with http://staging.domainanme.com
Not sure if this will cause an issue.
Thanks
With AEC it is quite simple with a Paypal Subscriptions processor. You just need to put in the email address of your account at:
Processors -> Paypal Subscritions -> Business ID
Not sure if that will be the same with 1.0 as this is based on 1.2.
If you have a valid account that's all you need. Of course make sure you have assigned the processor to your plan.
So if this all checks out one other thing you can try. If you were using the paypal account before with some other domain then switch to staging.domainname.com then you might want to try adding the Alternate IPN Notification Domain. Find this at:
Processors -> Paypal Subscritions ->Alternate IPN Notification Domain
In here put exactly http://staging.domainname.com
UPDATE:
The problem is Paypal communication then. First remove the Alternate IPN Notification Domain setting in AEC that I suggested. That was just for testing.
Either Paypal email is not confirmed so the communication fails or the communication can't be established.
Assuming you are using Paypal Standard, go to Paypal and login. Check in this order:
Click on Profile. Does the email have "unconfirmed" beside the email? If it does then that's your problem.
Go to Profile -> My selling tools -> Instant payment notifications. Click update on the far right. Enable it and add a new notification url. It should look like: http://www.yoursite.com/index.php?option=com_acctexp&task=paypal_subscriptionnotification
Just another thought. Paypal doesn't enable Paypal subscriptions when you sign up for Paypal Standard. I can't remember exactly when/how that was done but I remember that a separate step was needed. That could also be the cause of this issue.

Resources