I am using Authorize.Net ARB for paid membership. I am not sure, how to know when recurring payment has been cancelled (or something else) and I should disable the account.
The only one thing I have found is a Silent Post functionality, but not all transactions post a respose with Silent Post.
Is there any other way my script can be notified about all transactions?
Silent Post is the only way to know about the status of recurring billing transactions from ARB. You can use the ARBGetSubscriptionStatusRequest API call to get the status of any subscription so that should do what you need.
Authorize.Net has since added Webhooks which can tell you about a lot of events including those related to ARB. You can now be notified of the following events:
net.authorize.customer.subscription.cancelled
net.authorize.customer.subscription.created
net.authorize.customer.subscription.expiring
net.authorize.customer.subscription.suspended
net.authorize.customer.subscription.terminated
net.authorize.customer.subscription.updated
Once you receive the webhook notification you can react the the event accordingly using existing ARB API calls.
Using Webhooks is the preferred method over Silent post.
Specifically, in this case, the following events:
net.authorize.customer.subscription.terminated
net.authorize.customer.subscription.cancelled
net.authorize.customer.subscription.expiring
Related
The scenario would be this.
I would start the skill with the corresponding command ("Alexa, do whatever.."), handle the subsequent LaunchRequest in the Skill Endpoint, and later (minutes later), Alexa would prompt the user with some question.
I'd like to know if I can trigger that late prompt (reprompt actually) in Alexa by sending a request to the corresponding Endpoint from a third Web Service. I guess I can handle HTTP request in the Endpoint (AWS Lambda function or whatever), but I don't know if I can trigger reactions in Alexa withouth it starting them first.
I don't think this would be allowed as it would break a fundamental privacy issue whereby interactions need to be initiated by the user and so be against the Alexa TOS.
If your "reprompt" doesn't actually require some 3rd party trigger e.g if you don't what to run something in response to a code event, then you could look at the reminders API.
You do need to request their permission initially to do this, so it would potentially change your flow somewhat, but then you could prompt them to re-engage with your skill this way.
I've seen that twitter changed their endpoints to get and send direct messages, I noticed from a reply from here that it is a workaround to be able to send messages with well-known libraries such as tweepy, but all I need in this case is to list the messages in my inbox.
I've noticed that there is an account activity api which I can use to achieve this goal.
But, I do not understand how to implement Challenge-Response Checks, can you provide an example? how twitter checks this? it is through a post request to my site? to what specific URI they do this? I tried sending a pipedream url as webhook (to see what kind of request they were doing, but absolutely no request was shown)
The account activity endpoint is part of Twitter's Premium product - so you may need to pay to use it. They have comprehensive documentation on the CRC - that includes a sample Python implementation.
I think you will find it easier to use to use the GET direct_messages/events/list API call.
That will list all of the messages in your inbox for the last 30 days.
I am developing one e-commerce app project where I have to track the order status. I use Aftership Webhook API. Webhook provides a tracking event updates to our specified webhook URL(defined in our server). I read documentation but I dont know the proper approach to test the API. and in documentation it is also not defined. Can anyone tell or suggest me how can I test or track the updates.
To test Aftership API, first, you can follow the API reference to get your API key. And to tracking an order with webhook, your need to do the POST /trackings to https://api.aftership.com/v4 beforehand with body like(you can add optional parameter to the request body):
{"tracking": {"tracking_number": "<order tracking number>"}
And then you can follow the webhook documentation and add your webhook URL and configure the types of updates you want to get. At this point, you should be able to see the tracking update HTTP request coming into your webhook URL. Remember it will only send callback request when there is tracking status update.
Also, you can use other tracking APIs to get the status, update the tracking or delete it now.
I am setting up an Authorize.Net DPM (Direct Post Method) payment gateway for a site. There is something I am fundamentally not understanding, and can't tie up the pieces.
The basic operation of DPM is that the merchant site - my site - provides a credit card form. That form is posted direct to Authorize.Net. After the CC and other posted details are authorized, Authorize.Net will POST the results back to my site. I'll refer to this as the callback post. Now here is where things don't quite tie up for me.
The callback POST comes direct from Authorize.Net and does not share a session with the user, so the POST handler only has the information that has been posted to hand. The amount (x_amount) and the Authorize.Net generated transaction ID (x_trans_id) are hashed with a pre-agreed secret and the Authorize.Net account login ID. This can be used to check the authenticity of the system providing that callback. From what I can tell, it is really just checking that the sender knows the pre-agreed secret.
So the only data I can trust in the callback is the amount and the gateway generated transaction ID (and this is the first point at which that ID is available to my site, so its value is meaningless).
What I cannot see, is how to tie the results of the authorisation back to the transaction that the end user is paying. There is no other data in the POST that can be trusted not to have been changed, and it does not pass on the merchant-generated ID anyway (a combination of x_fp_sequence and x_timestamp).
What I am expecting to be able to do in the callback is to take the result of the card authorisation, be sure that the result can be trusted, tie it back to the pending transaction stored in the database before the user posted the form to Authorize.Net, so that the transaction can be confidently marked as complete. But how?
I have worked with the SagePay Server gateway, and that also has a callback. However, the callback contains all the fields needed to tie the result back to the transaction being processed (it includes the merchant-generated transaction ID) and importantly it provides a hash of ALL the POSTed fields that need to be trusted so they can be checked.
So what am I overlooking? I can provide sample data if that helps to explain the issue. I'm using OmniPay and am extending the driver for this gateway.
We're looking to replace an existing API manager with wso2 and one of the features of the other platform is that we can identify a 'user' of the API at run time and have the throttling work.
The 'user' is not OAuth identified, rather they authenticate via the API and a session id is returned (so they've never registered at a 'store'). This session id is then used to setup the throttling at the API Manager. Additionally the other tool has code to look for the user logging in and using that id in the throttling. so if a user tries to login too many times per hour the API manager blocks the request in addition to too many requests for a logged in user per hour. The combinations of login attempts, API calls etc. are summed into the throttle. (All this was implemented by their services team years ago)
The main reason we need this is we don't want to force our old clients to go to OAuth immediately but want much more visibility, reporting and throttling.
Thoughts on how to do this with wso2? I see where we can add our own Handlers to the API to figure out session ids, login ids etc. but I don't see where to create the logic to do the throttling.
Thanks,
Chris
Login to Carbon and edit the tiers.xml (/_system/governance/apimgt/applicationdata/tiers.xml)。You can found the section <throttle:ID throttle:type="ROLE">Unauthenticated</throttle:ID>