Once dropped off how do i make payment to lyft.
I am using stripe as payment mechanism but cannot find any endpoint wherein i can pass the charge to actually make payment to lyft.
I do see that i can make a tip through this endpoint
https://developer.lyft.com/reference#ride-request-rating-and-tipping
and also ride receipt is generated after payment
Ride receipt but what i cannot figure out is where exactly the payment is made
Lyft automatically charged the user's default personal payment. At this time, they don't allow you to select different payment methods. You must call the PUT /rides/:id endpoint with the rating and tip amount to close out the ride and grab the ride receipt via the webhook.
Online reference:
https://developer.lyft.com/v1/reference
Related
I'm searching for an alternative to NONCES to prevent replay attacks.
My scenario:
I have implanted a ticket shop where you can buy tickets and to prevent two persons trying to buy the same ticket, I added a reservation system. So when you select the seats, a request to a reservation service is sent which stores the reservation for 10mins. Now my problem: How can I prevent that a potential attacker sniffs the reservation requests and replays it over and over again. This blocks the seats (and in the worst case ALL seats) infinitely.
As the ticket shop is open source, the code is available if necessary! Thank you already!
When someone else's facing the same kind of issue, here's what I did to solve the problem:
I added an optional (admins of the ticket shop can enable it) integration of reCAPTCHA. Once a seat is selected (and therefore needs to be reserved) the invisible captcha is executed and a client-side token is generated. This token is available for 2mins and sent to the back-end server, where it will be verified using the google API. When the token has already been used or timed out, the server sends an error to the client which will generate a new reCAPTCHA token and retries the request. Potential exploiters would need to generate such tokens on their own, which is - according to google - not possible.
I am using the hosted form payment approach to accepting payments from users on my site. I dont see any examples of how to go about verifying the payment once the user is redirected back to my site. Here is how I'm trying to approach it:
Generate a token/form based on the cart
Post to the form url and send the user away
User returns to a verifying page
I have set up a webhook for all payment notifications
I receive the notification
?????
Verify the payment status and price are correct
Navigate the user away from the verifying screen to the next page
In step 6 all i have is the token that was generated for the transaction and the webhook doesnt provide that token back to me. How do I say "this transaction belongs to this user who is waiting to be verified"?
You can use the getTransactionDetailsRequest in their Transaction Reporting API to get the transaction details. The best place to put this information is in the refTransId field which is a value you can pass in as part of your transaction.
I am using Stripe to handle my payments for my own rental website. (Backend - DJANGO)
Previously, I was using Stripe ChargesAPI and was manually sending out payouts to the Host of the property but I came to know that it can be automated by using Stripe PaymentIntentsAPI.
I have successfully managed to onboard my customers to receive payments in their bank accounts using Stripe Express.
After creating the payment intent and passing to the client I can charge their account as well as update my database for the booking.
The problem I am facing here is after the payment is done, I want to redirect the customer to the success page or payment failure page which I was able to do it by passing my reservation ID and updating it as payment received which I now do by using Webhooks.
How can redirect my customer to the success page showing the receipt of the booking?
You'll have to setup Payment Intent using a custom payment flow.
Briefly, how it works:
Capture your user's credit/debit card information and send a request to Stripe to authorize the card. If any additional verification checks are needed, Stripe provides you with an easy way to handle this
After authorization is complete, you capture the payment
If payment is successful, you show the user a success page, if not you show them an error message
Here's a link to the documentation: https://stripe.com/docs/payments/accept-a-payment?integration=elements
I'm using the hosted payment form with getHostedPaymentPageRequest
After successful payment the browser opens by success url correctly.
However, i dont know how to verify that payment was actually completed. I have the token from getHostedPaymentPageRequest, but i cant find an API to call to get the result of that transaction.
I can see that when using an IFrame we can use the IFrameCommunicator, but we would prefer to not use that.
How can i verify the transaction succeeeded after redirect back from the hosted payment page?
If you don't use the iframe you won't get the results of the transaction in real time. Your best option then is to use a webhook to receive a notification of the successful payment. You can then get the transaction info using the transaction ID provided by the webhook. But that would mean the user won't know the status of their payment when they arrive back at your site. For that to happen you'd have to build a mechanism that does the above and have your receipt page poll your backend until it has the results of the transaction and then can display them to the user.
I am setting up an Authorize.Net DPM (Direct Post Method) payment gateway for a site. There is something I am fundamentally not understanding, and can't tie up the pieces.
The basic operation of DPM is that the merchant site - my site - provides a credit card form. That form is posted direct to Authorize.Net. After the CC and other posted details are authorized, Authorize.Net will POST the results back to my site. I'll refer to this as the callback post. Now here is where things don't quite tie up for me.
The callback POST comes direct from Authorize.Net and does not share a session with the user, so the POST handler only has the information that has been posted to hand. The amount (x_amount) and the Authorize.Net generated transaction ID (x_trans_id) are hashed with a pre-agreed secret and the Authorize.Net account login ID. This can be used to check the authenticity of the system providing that callback. From what I can tell, it is really just checking that the sender knows the pre-agreed secret.
So the only data I can trust in the callback is the amount and the gateway generated transaction ID (and this is the first point at which that ID is available to my site, so its value is meaningless).
What I cannot see, is how to tie the results of the authorisation back to the transaction that the end user is paying. There is no other data in the POST that can be trusted not to have been changed, and it does not pass on the merchant-generated ID anyway (a combination of x_fp_sequence and x_timestamp).
What I am expecting to be able to do in the callback is to take the result of the card authorisation, be sure that the result can be trusted, tie it back to the pending transaction stored in the database before the user posted the form to Authorize.Net, so that the transaction can be confidently marked as complete. But how?
I have worked with the SagePay Server gateway, and that also has a callback. However, the callback contains all the fields needed to tie the result back to the transaction being processed (it includes the merchant-generated transaction ID) and importantly it provides a hash of ALL the POSTed fields that need to be trusted so they can be checked.
So what am I overlooking? I can provide sample data if that helps to explain the issue. I'm using OmniPay and am extending the driver for this gateway.