Firstly I see there are several Parse / Stripe questions on here however none are of any help to me.
I have a mobile application that has both free and paid features. A variable is stored on the User class in Parse.com and it is checked for permissions when running a function. I would like to setup an account portal (separate to my app) so when users wish to signup they are sent to their browser and can signup to a plan over SSL etc etc.
For the account portal i'm having a Wordpress site with a Stripe plugin that will do my accounting, invoicing and form creation work for me.
Following signup on the Wordpress site I would like to receive the webhook on Parse.com and run a function to update User class. Ideally this will be a catch all function that will change the user to a number of states depending on their account status (i.e they stop paying and the plan will be on hold).
My question is two fold:
What details (URL etc) do I need to place in my Stripe webhook settings to send all events to my Parse.com cloud code?
How do I receive / run my function on the Cloud code upon receipt of a webhook from Parse.com?
I am open to criticism and remain flexible in my implementation if you have suggestions on how my app should work.
Many thanks in advance.
Ok after some experimenting:
create a webhook on in the Stripe Accounts area using the URL:
https://**APPLICATION_ID**:javascript-key=**JAVASCRIPT_KEY**#api.parse.com/1/functions/update_user
In your cloud code use the same function name as the final part of your URL. in my case update_user.
Create a test version of the webhook and place this in your cloud code for testing :
Parse.Cloud.define("update_user", function(request, response) {
response.success('** WEBHOOK WORKING **' + request);
});
When running the test in the stripe dashboard you should see:
Hope that this helps someone - Would be grateful of any input anyone has as to my implementation or a slick function to run on my User class update.
Mostly I think your solution will work.
I think using the javascript key could pose a security risk if you are not validating events that come from stripe.
Your javascript keys will be present in your web site. Someone could get it and call your cloud code function. I'd use the master key so you know its only from sources you trust. They might be able change important billing information.
In your cloud function definition you can check if the master key was used.
Parse.Cloud.define('stripeEvents', function (request, response) {
if (request.master){
return response.success('stripeEvents - master');
}
response.error('stripeEvents - must use master key');});
Related
We are using BotFramework Composer to create bots. These bots are supposed to get information from a backend REST service, where we need to know, which user is submitting the request for data. We are currently using {turn.activity.from.id} to get the Teams user's id, and sending it in a special http header in the "Send an HTTP request" action. We then perform a mapping of this id to our internal users.
We are, of course, aware, that this is not secure at all, since anyone who knows this, could get the user's id and send it to our service. We are currently thinking along the lines of generating a short-lived jwt token in the Bot to send to our application. However, we see no direct way of implementing this token generation in the Bot Framework Composer itself.
Also, we don't want to use OAuth, because we don't want the user to have to log in via the bot.
Is there a way to implement custom token generation using C# or js and assigning it to a dialog variable to be used in a "Send an HTTP request" action?
This document discusses how to implement an HTTP request in Composer. The first half is focused on creating a login for OAuth, which I know is not your focus, so look at the second half. If you set up a simple server that can generate a token for you, then you can make a request to it from Composer using the method described.
As links can break and docs can change (and Composer is still in Preview), I would recommend saving the doc somewhere and checking back every so often for any updates.
I've used HTTP requests from within Composer, myself, so I know this will work for you.
Hope of help!
You can create a custom Action or a package component and create any c# methods there for JWT generation. This will keep it all local to the bot.
https://learn.microsoft.com/en-us/composer/how-to-create-custom-actions
I am trying to automate a Google Sheet import as soon as someone has committed their changes to Google Sheet's version control (and not just edited any cell like the onEdit event seems to trigger, I need it committed).
While polling is an option, I'd rather really have Google Sheets send out a message to PubSub. Now PubSub requires the authentication JSON and such and I haven't seen any integration with Google Sheets that integrates this concept, which surprised me.
I searched on the internet for triggers in Google Sheet and some way to automate code to connect to external resources. Apparently, the Google Drive Push Notification API seems to be the way to go. I'd really like to keep everything in my Google Cloud space so I went for a Google Cloud Function with an HTTP(S) endpoint. I already started working out the Function and PubSub channel when I went back to the documentation to read up on how to send a call to the HTTP endpoint.
Bad luck. Seems you need to register the domain to prove you own it and wishing I could, I can not prove that I own cloudfunctions.net. So there went my plan.
It seems very not-Google like to not integrate its Cloud SDK on Google Sheets triggers since they do offer a Sheets API using Cloud Service Accounts.
So my conclusion is I have two options:
1) I am able to send an HTTP callback on a onEdit() function but only if it's my own domain and I seem to require to set up an environment just for that.
2) I would have to poll the last version of the Google Sheets commit compared to the latest version to trigger it myself.
Am I overlooking something very simple or are these my only options?
Cloud functions count as an AppEngine Standard Endpoint as described here and here, and so do not require domain verification. You can use a cloud function using a Cloud Pub/Sub trigger freely- you don't even need to explicitly set up a subscription.
Edit: I didn't understand the OPs question correctly, they want to prove their ownership of a cloud function to the Google Drive Push Notification API, not Cloud Pub/Sub push. This should be possible through HTML tag verification as described here. In whatever framework you are using for your web server, you should be able to set the appropriate HTML meta tag on the response.
I am currently building a NodeJS backend app that is querying the Google Calendar API. I have setup a new project on Google Cloud API platform and have generated all the required credentials. As stated by the google calendar API page, the allowed queries per day is 1,000,000. Since I am only querying for testing purposes at the moment, I am sure that I haven't even hit a 100. Yet whenever I try to query the API it returns the error:
"The API returned an error: Error: Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup."
Also I have noticed that the dev console has generated a API key for me. Where am I supposed to put that?
My initial thinking is that Google API requires me to perform an additional signup using some CLI tools or something along those lines to signup. If not, where am I supposed to sign up?
Thanks in advance.
Note: I already have all the information from the cloud platform such as client_id, client_secret, project_id.
In "Error: Daily Limit for Unauthenticated Use Exceeded", they key word is Unauthenticated. Your request to the Calendar API is missing an OAuth Access Token. You will need to research Google OAuth.
This question has been answered many times. Please learn how to search SO for similar questions whenever you post a new question. https://stackoverflow.com/search?q=google+oauth+%22daily+limit+for+unauthenticated%22
To anyone who comes across this post in the future. I fixed the issue by using the project generated by Google Calendar API site (https://developers.google.com/calendar/quickstart/nodejs) by clicked the big blue "Enable the google calendar api" and then changing the name of the quickstart project that was generated. I don't know why it works now but it does and it's been working quite stably so far. Lets see how to goes.
I am developing an API for a social network website. This API will basically get all the requests from the users (get friend list, post a status update etc) and reply back if necessary.
We will implement OAuth 2.0 protocol for authentication. Consumer (our php project) has API id and secret.
Basic scenario:
Client wants to log in
API Consumer (php web project) takes this request, directs user to API
User send his/her user credentials to the api, gets the token.
User comes back to our website, pass token to the consumer.
Consumer goes to the api server, gets the access token.
Now consumer (php project) has access to user's private information.
Since this is a social network website, we want app developers to be able to use our API in the future.
I am not experienced in API-design. Does that flow make sense? I guess the simplest authentication would be accessing user information through php project. But we don't want to access database in php code. We will use ajax in client side and send a request to the API. And I believe there should be a better solution, what would you suggest?
Sure, API design is basically point where you need to choose technology.
Either it can be PHP or .net or Java.
I would prefer either PHP or .Net as we get lot of flexibility in it.
API will return XML or Json depending upon the request.
There are lot of CMS in php which can be helped.
.net we have Service Stack to help you.
API's had to be fully independent from other world as well as within API method as well.
If you are able to achieve this, then you will surely create a good architecture.
I am trying to implement Google Checkout in my website.
I have the PHP code sample named "checkout-php-1.3.2" from http://code.google.com/p/google-checkout-php-sample-code/.
I have followed the instructions and am able to send contents to Google Cart successfully.
The problem is i do not know how to update my website's database after the payment has been made.
I looked a little in the demo code and there is a page responsehandlerdemo.php and there i can see a lot of notification cases namely
merchant-calculation-callback
new-order-notification
order-state-change-notification
charge-amount-notification
If anybody can provide any help regarding which callback to use and how to parse the xml.
It will be very helpful.
Regards,
Sourav Mukherjee
With the exception of merchant-calculation-callback (ref), all the other notifications mean something to your order processing (everything that has to do after successful checkout).
E.g.
new-order-notification - is what it says it is, data representing a new order
order-state-change - orders move into different states (status), so this notification notifies you of them
You should go over the Developer docs particularly the Notification API for details.
I'm not a PHP developer (.Net) but I've seen the sample code and it already includes XML parsing for the notifications you receive. Once you get to know the API, you'll know when/where in the flow you need to add your business code (i.e. database storage, etc.).