I am using the authorize.net payment gateway using Direct Post Method.
[EDIT] Because of CARD PRESENT
Following Steps I am using currently:
#1: Collecting credit card information
#2: Sending details to My APP Server
#3: Calling the Direct Post Method API of Authorize.net through My APP Server.
But Because of Step 2, I need to make my server to be PCI-DSS compliance.
But If I use Stripe Payment Gateway it provides,
#1: Collecting credit card information [ They have written their own JavaScript ]
#2: Create a single use token [ Java scripts sent call to Stripe API and returns the some token]
#3: Now I can use the token for the other processing in the my APP server.
Because of the above approach I don't need to make my server to be
PCI-DSS compliance.
So I am looking forward to use SECOND type of approach if authorize.net provide ?
Thanks,
If you are trying to avoid PCI compliance you can use the Simple Integration Method or Direct Post Method. Both do not require you handling customer data as the process is done on Authorize.Net's servers.
Related
I am a bit confused on how does Authorize.net work and how to integrate it, in my project I am using Angular as frontend and node.js as backend and I have installed Authorize.net via npm install authorizenet also cloned the Node.js sample code and I would like to set Authorize.net like so.
Let's say I have a form on my website where the customer needs to enter their details including the credit card details, my question is when submitting (using HTTP Request Method: POST) does my website need to redirect to Authorize or is there a widget that Authorize uses that I can implement in my website or are the details send directly to Authorize and handled there.
On submitting the details from the website do I simply call let's say the function from the sample codes (modified for my site) charge-credit-card.js ?
After that where do I receive the response, do I need to somehow capture it ?
Do I simply use the Production API Endpoint: https://api.authorize.net/xml/v1/request.apiand use my Api login and transaction key to use Authorize, at least that's the way in the documentation from my understanding - After building the XML object for an API request, submit it to the Authorize.net payment gateway as a standard HTTPS POST to an Authorize.net API endpoint. The exact process for doing this will depend upon the development language that you use.
Thank you in advance.
Your server will never know the customer's credit card details.
when user first time registers in your site then you will create one customer for authorize.net using this code and you will save the customer id returned to your db for future reference.
To Update customer's credit card details:
create one API controller from your node server which will return authenticating token from authorize.net to your frontend. Get token code
Your front end will make call to above created controller's API and get the authorize.net token.
Now, your front end will use this token to get the update details form from authorize.
Then you will use authorize webhook facility to know if user has updated theit payment details or not.
Webhooks to be tracked:
net.authorize.customer.paymentProfile.updated
net.authorize.customer.paymentProfile.created
On receiving below notifications, your node server will perform the whatever task required.
Refer this doc for more details.
How can I intergrate dialogueflow with my chat interface?
I want to send and recieve text data from dialogueflow instead of using iframe or dialogueflow messenger.
You can use the following details below to integrate Dialogflow with your own web chat interface:
For Dialogflow CX:
detectIntent method - used to send user queries to your agent.
detectIntentResponse - the response from your agent. You can then process this data to display messages in your chat interface.
Interaction with the API
Client Libraries
Rest API
RPC API
For Dialogflow ES:
detectIntent method - used to send user queries to your agent
detectIntentResponse - the response from your agent. You can then process this data to display messages in your chat interface.
Interaction with the API
Client Libraries
Rest API
RPC API
from the docs: https://cloud.google.com/dialogflow/cx/docs/quick
Set up your CX agent
Build the agent in the CX Agent Console
Use interactions & end-points to interact with an API.
Your chat interface can use the API.
Following up on my previous response, to answer the questions of Ashutosh Gupta:
The Billing in Dialogflow will depend on the edition of your agent.
For Dialogflow Trial edition, billing is not required but there are limits on the amount of requests that you can make. This edition is suitable to experiment with Dialogflow.
For Dialogflow Essential edition, billing is required for making calls to API requests.
For Dialogflow CX edition, billing is required when enabling the API. However, each new customer will receive a $600 credit for a free trial of Dialogflow CX.
You can check the following documentation for more details:
Dialogflow Pricing
Cloud Billing
In addition, there are some generic quotas and limits to ensure appropriate use of the platform. Please be noted that Dialogflow quotas vary depending on the edition of your agent. If you are using a paid edition, you can request a quota increase. Please check default limits and instructions to increase quotas from Quotas and Limits documentation.
With this, you can try utilizing the Dialogflow Trial edition or try the $600 credit free trial of Dialogflow CX.
In addition, you can also check out the Dialogflow Trial Edition Terms of Service.
I have created the sign up Api in Django Rest FrameWork without authentication or any permissions and i want to use is it in mobile app.
my question is this api secure???
any person or Robots that access to the SignUp Api Url can create Account nonstop.is there any antibot or something???
If you implement the api without any type of security. Depending on what you let the user do with the api, which endpoints they can hit.
Is there any server side security?
You can implement Jason Web Token: simple JWT
You can check also django throttling : Throttling
You can also research on how to limit api calls from a device.
You can implement a check which will allow only one sign up from a IP address for a specific time so that your API doesn't get brute forced.
And Implement ReCaptcha as well
I'm currently working on a REST based SagePay Integration using a combination of Django on the backend and Vue / Nuxt on the front.
The current process is as follows:
Client makes a request to my backend server for a merchantSessionKey via a GraphQL resolver.
The backend graphene resolver uses the secret merchant integration key and password (stored in environment variables) to make a post request for the merchantSessionKey and returns it to the Vue frontend.
A user fills in the credit card form (using SagePay's Own Form integration)
I use the card data to generate a cardIdentifier that I will store in my vuex state and will use later to further the rest of the transaction.
Is this all safe to do? Obviously it will be secured via https and I will setup CORS properly when everything goes into production, but I am technically storing the merchantSessionKey and cardIdentifier on the end users machine.
Both expire after 400sec and must be send together within Payment Registration POST authenticated with your vendor/account IntegrationKey and IntegrationPassword from your server which IP is whitelisted by Sage Pay. MSK is required to authenticate card tokenization call from customer's browser to Sage Pay endpoint. As a result you receive cardIdentifier/Token. This method keeps your server free of cardholder details but all (MSK,Token, PAN and CV2) are allowed to exist in customer browser.
IntegrationKey and IntegrationPassword can't be stored in the customer browser.
If you decide to use your own payment pages instead of drop-in checkout, you can't reference files from 3rd-party non-PCI DSS server to archive PCI DSS SAQ A-EP attestation.
I've reviewed it with QSA
So I've seen this answer Using NodeJs with Firebase - Security that talks about syncing NodeJS with the Firebase data structure.
I don't use NodeJS (being a Railo/Coldfusion developer) and was wondering if something like this is possible outside of NodeJS? Through java or maybe just using REST endpoints. Or do I have to use the original solution in the above link of separately updating the data in my webserver.
Another way of wording it is; can I make a round trip from firebase to an HTTP server that isn't nodeJS?
EDIT: To clarify, exactly what I wanted to do was have a email webservice post to the REST API of Firebase, then firebase post that to an URL on my external railo server as my users need to know when the email arrives but the server just needs to make sure it stores it.
As I understand it my best bet is to get the email webservice to post to the URL on my railo server which then posts to the REST API on firebase.
Yes you can.
Firebase does not have a Coldfusion client library, so you need to use the REST APIs. You can use the REST API to read / write Firebase data from your server code.
The one thing you'll be missing is the notifications when data changes. With the node.js client, you can subscribe for updates to data but there's no way to do that from a REST API.
So if you need to know when Firebase data changes, and you're using REST, you'll have to poll the data periodically.
(Note: This is mostly copied #Michael's answer in the comments)