I'm trying to initiate a Square Register payment from a web app. The web app will only run on iPads that are within my control.
The HTML I'm using to call it takes this form:
Open Square Register
Where the data parameter is, I believe, a properly URL-encoded form of this:
{
"amount_money": {
"amount": 500,
"currency_code": "USD"
},
"callback_url": "https://mycallbackurl.org",
"client_id": "{{my_app_id}",
"merchant_id": "{{my_merchant_id}}",
"supported_tender_types": [
"CREDIT_CARD",
"CASH"
]
}
The Square Register app is giving me this error:
API ErrorSorry, we could not process the incoming request. Please try again or contact support.
What am I doing wrong? Is this possible to do from a web app, as I'm trying to?
This error can occur if your application is not authorized to use the Square Commerce API. From the documentation:
The Commerce API is currently available only to approved partners. If you're interested in using the Commerce API to integrate your iOS app with Square Register, please contact partners#squareup.com.
In their API docs it says that supported tender types should be nested under options:
{
"options": {
"supported_tender_types": [
"CREDIT_CARD"
]
}
}
Related
I have a SPA website built over Laravel and Vue.
I am using axios to get the responses and all working fine.
The most of the data is vendor, categories and products and nothing sensitive in it however products has some data which I need to use in frontend however I don't want my competitors to get hold on to that data.
How to do I go about that? so I get the data but it's hidden as well?
So I thought may be I encrypt it and then decrypt it but not sure if that's the right approach
{
"Products": [
{
"ID": 9950,
"VID": 114,
"Name": "TBH Special Burger ",
"Category": 224,
"Description": "",
"Image": "",
"Price": "250",
"DisplayPrice": 0,
"DealPrice": 0,
"Percentage": "15",
"Cust_Percentage": "0.00",
"DateTime": "2018-10-08 19:03:40",
},
],
}
In above response only percentage related data is I am trying to secure.
You are looking for Laravel Passport.
Laravel makes API authentication a breeze using Laravel Passport, which provides a full OAuth2 server implementation for your Laravel application in a matter of minutes.
With Passport, only authenticated users can access your data via API.
Read the documentation in the link above and give it a try.
If non authenticated users access your api by typing the url in his browser, this is the response that he will get:
{
"message": "Unauthenticated"
}
Consuming Your API With JavaScript
Laravel provides a middleware that allow you to consume your api from your JS app. From the docs:
Typically, if you want to consume your API from your JavaScript application, you would need to manually send an access token to the application and pass it with each request to your application. However, Passport includes a middleware that can handle this for you. All you need to do is add the CreateFreshApiToken middleware to your web middleware group in your app/Http/Kernel.php file:
'web' => [
// Other middleware...
\Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
],
Hope it helps.
You can use API Resources to specify witch fields you would like to show in response
take look to docs:
https://laravel.com/docs/5.8/eloquent-resources
Following the steps for creating incoming webhooks via add to slack button. The final response will look like this:
{
"access_token": "xoxp-XXXXXXXX-XXXXXXXX-XXXXX",
"scope": "incoming-webhook,commands,bot",
"team_name": "Team Installing Your Hook",
"team_id": "XXXXXXXXXX",
"incoming_webhook": {
"url": "https://hooks.slack.com/TXXXXX/BXXXXX/XXXXXXXXXX",
"channel": "#channel-it-will-post-to",
"configuration_url": "https://teamname.slack.com/services/BXXXXX"
},
....
}
This provides access to team_name, channel the webhook will post to, and a url for configuration.
While this is working great and after initially storing the 'configuration' to my own webapp it displays correctly. But after a someone uses the 'configuration_url' link from the response these previous values like the channel could become obsolete. For example the webhook could be deleted from this link.
My Question is:
Is there a way to reflect this changes in my external app? As far as I can see there is no way to query information for 'incoming webhooks' via an api call from an external web application?
I also could not find any api calls that could change webhook configuration directly without using the provided link.
Its not possible to change the webhook configuration after it is created. The only possible change is that the workspace that installed your Slack app (which contains the webhook) is uninstalled.
If that happens the webhook will no longer work and you will get an error in response.
You can also get notified when you app is uninstalled by listening to the app_uninstalled event.
Or you can also test if your app and webhook is still valid by checking the token you received during the Add to Slack process. Just call the API method auth.test with that token. If it returns the following error than the webhook is no longer valid:
{
"ok": false,
"error": "invalid_auth"
}
I am trying to test the Google Cloud Logging API on the "Try this API" feature that Google Cloud Platform has on their documentation, but I get this response back:
{
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}
I know that my response body is correct because it works with OAuth 2.0 but fails when I use API Key.
Auth 2.0:
Working request using OAuth 2.0
API Key:
Non-Working request using API Key
Google docs says that they generate their own API Key for this "Try this API" feature. https://developers.google.com/explorer-help/
Since Google is using their own API Key, I do not understand why I am getting a response status of PERMISSION_DENIED.
Edit:
Here is a link to the Try this API feature in Google Cloud Platform if you would like to give it a try. https://cloud.google.com/logging/docs/reference/v2/rest/v2/entries/write?apix_params=%7B%22resource%22%3A%7B%22entries%22%3A%5B%7B%22logName%22%3A%22projects%2F%5BPROJECT_ID%5D%2Flogs%2Frequests%22%2C%22resource%22%3A%7B%22type%22%3A%22http_load_balancer%22%2C%22labels%22%3A%7B%7D%7D%7D%5D%7D%7D
Here is the python request that I am using in my code to create an entry:
import requests
entry = {
"entries": [
{
"logName": "projects/[PROJECT_ID]/logs/requests",
"resource": {
"type": "http_load_balancer",
"labels": {}
}
}
]
}
requests.post('https://logging.googleapis.com/v2/entries:write?key=[YOUR_API_KEY]', data=json.dumps(entry))
The API key was created from my user that has "logs writer", "logs viewer", and "logging admin" permissions. This theoretically should be all the permissions I need to make the post request. However, it is still returning a "PERMISSION_DENIED" status.
Any help would be much appreciated. Thank you in advance.
It looks like you are making a request to write data which isn't publicly writable. API Keys have no concept of user, they are only identifying you are allowed to call an API. So it looks like your API key request is working to the extent it can, but the response is telling you: I don't know who you are so I can't let you do this.
OAuth 2.0 is the solution here, as it acts on behalf of your account (you have to give consent), allowing the API to verify you have permission to take this action.
Service accounts are another option, to act on behalf of your project instead of your user, but they aren't practical from a web UI.
I am doing a simple GET request using this instagram API endpoint: https://api.instagram.com/v1/users/{USER ID}/media/recent?access_token={ACCESS TOKEN}
I get the access token via OAuth2Authenticator from Xamarin.Auth plugin.
I just notice today that the get recent media request is returning this :
{
"pagination": {},
"data": [],
"meta": {
"code": 200
}
PS: I am testing with my admin instagram account, and also with approved sandbox users.
Scope : basic
The answer is really basic.
If you are in the sandbox mode then you will need to switch your account privacy to public in Instagram. Private accounts are not working properly for me.
i wanted to test some API Requests from Proximity Beacon API. So i followed the steps from this site and put a test redirect url (https://developers.google.com/oauthplayground) into the OAuth-2.0-Client-ID. When i try to make an request from the playground i get following output:
{
"error": {
"status": "PERMISSION_DENIED",
"message": "Google Proximity Beacon API has not been used in project google.com:oauth-2-playground before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/proximitybeacon.googleapis.com/overview?project=google.com:oauth-2-playground then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
"code": 403,
"details": [
{
"#type": "type.googleapis.com/google.rpc.Help",
"links": [
{
"url": "https://console.developers.google.com/apis/api/proximitybeacon.googleapis.com/overview?project=google.com:oauth-2-playground",
"description": "Google developers console API activation"
}
]
}
]
}
}
obviously it is using the wrong project, but i only got to a step where i was able to pick my account but not my project. i checked everything twice and my only guess is that i cannot use this redirect_url.
So my question: Why is it trying to use the project google.com:oauth-2-playground instead of mine? And how can i change this?
The Proximity Beacon API was not enabled on the default credentials that the OAuth 2.0 Playground uses. I've just enabled that API and now this should work.
Alternatively you can setup the OAuth 2.0 Playground to use your own app's OAuth Credentials (Client ID and Client Secret) in the configuration menu of the playground.