[Adyen][POS][Local integration] Send metadata to the terminal - adyen

Currently, I try to send SaleToAcquirerData metadata to the terminal when the order to sync to Adyen Backend, I have checked at Adyen Backend but don't see metadata and my webhook cannot receive metadata
I need to send metadata to the terminal and receive metadata at my webhook

In this answer, I expect that you
Already receive webhooks events and that your webhook is well configured
That you receive core data from webhook events but that the POS related additional data is missing
Have you activated the POS additional data for this specific webhook?
You can do it in the Customer Area, Developer -> Webhook, select your webhook and then "Additional settings".
The UI looks like this :
Save, and exit. Your future webhooks events should contain POS metadata. Please note that you may still receive some events without the metadata that you except, because they were already generated at the time they were created.
EDIT : In case you want to use the API for this, you can also PATCH the existing webhook with additional settings using the new Management API.
While waiting for extra information, your question may be understood another way : You want to access the metadata field of the additional data section of a webhook event.
In that case, these metadata fields should be submitted at the time of payment in the POST /payments request.
You can find more information about this in the Webhooks documentation.

Related

Azure API Management REST call to create subscription for user (missing)

I'm attempting to delegate product subscription from Azure API Management using the sample provided here. My prototype has a functioning user authentication delegation however the product subscription delegation is befuddling.
During user login delegation I receive a request from APIM to my delegation page and handle it according to the sample link above without issue. During delegation of product subscription, a call is made to my login page first; not the delegation page. This leads me to my first series of questions:
Can someone explain why delegation of product subscription would fundamentally flow differently than delegation of user authentication?
If the login delegation page (as per the sample referenced above) handles user authentication by checking User.Identity.IsAuthenticated, why can't product delegation do the same and why would it be sent to the login page and not the delegation page?
I've handled the above issue by using the login page to evaluate whether or not the user is authenticated first, then to redirect them to the returnUrl as follows:
if (User.Identity.IsAuthenticated)
{
return LocalRedirect(returnUrl);
}
The value of returnUrl, as provided by APIM, contains the following variables:
Path = /Identity/Account/Manage/Delegate
productId = [productId]
userId = [userId]
operation = Subscribe
salt = [salt]
sig = [sig]
Since these are ALL the variables provided in the returnUrl from APIM, I have the following questions:
Following the documentation about subscription using APIM REST API, how do you determine the following required properties:
subscriptionId
resourceGroupName
serviceName
sid
Additionally for the request body, how do you determine properties.scope as per this reference.
As a test, I set a breakpoint in code just before calling the PUT method on the endpoint containing the following line of code. I used Postman to test creating a subscription by copying out the Authorization header in VS2017 and all relevant header/body data. I was able to get back a 201 response indicating a subscription was created, however it doesn't show up in the APIM portal anywhere and I certainly didn't have many of the "required" properties as defined in the docs article:
response = await client.PutAsync("/subscriptions/" + subscriptionId + "?api-version=" + apiVersion, new StringContent(ApimSubscriptionJson, Encoding.UTF8, "text/json"));
Here is the body of my test call to the API:
{
"userId" : "/users/c22afea6-3e9c-4b85-87a6-2d5e97e259cf",
"scope" : "/products/ring-0-beta-access"
}
Based on this oddity, I have the following additional questions:
If the subscription to the product was indeed created, where would it be if not in the Azure APIM portal? It also doesn't show up in the user's profile.
How am I able to get a 201 response on the PUT method if I haven't given the APIM REST API all the 'required' parameters?
I found a solution and wanted to share.
I was okay to use the method explained in the Channel 9 video. I was simply using the wrong property. Instead of userId it should be ownerId. I noticed after running a GET on my subscriptions that I could see them all. They have no association to a user so they don't show up in the Azure APIM portal.
Another key miss was notifications. If you leave out the &notify=true query string parameter you won't get notified when someone subscribes to your API. This is particularly troublesome when your API requires approval.
This seems like a potential product bug as you shouldn't be able to create an 'owner-less' subscription. It makes it nearly impossible to find if you don't know where to look.

How to identify the Requests received in azure API management

we have an production issue where the order is submitted twice. Currently we have an API for order and we are exposing this to client using API management and in these we have policies for URL mapping for customer facing to actual .
Now , our actual API got 2 request so we thought customer submitted twice but they have confirmed that they have not submitted twice , so either there is issue with API management which fired 2 request.
How can i Identify the request received by the API management ?
Is there any chance that API management will fire the request twice ?
Appreciate any pointers
The only way to fire request twice in APIM would be by the means of Retry policy or manually using SendRequest. Otherwise it should be a client calling your API two times. Each request in APIM get it's own unique id accessible in policies as context.RequestId, this is the main way to track and identify them. But these ids are produced inside APIM itself thus are useful only if you're tracking a call from APIM and into backend.
Your best option now is to try to identify requests by client ip, method, uri, and time frame. APIM allows you to grab logs for certain periods of time (better if kept short) in JSON or CSV with data I mentioned above. To do that look into byRequest report (https://learn.microsoft.com/en-us/rest/api/apimanagement/reports#ReportByRequest), grab JSON/CSV and try to identify calls of interest,
For future you could look into onboarding your service to azure monitor (https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-use-azure-monitor) or log analytics those provide easier way to traverse logs.

Service now api how to comment as specific user

I'm working on a project that consumes Service Now API (Rest). To do so our client has registered us as a user in order to login and make all service calls we need to. This project has an interface where users can login once they have an account on Service Now as well, the username they type to log in has nothing to do with service now by the way, but later they associate theirs service now users to it. They can do some operations through this interface, where all of them are done using the integration user/pass not their service now users theirselves, even because they do not need to share their passwords with us. But it's needed to track the correct user to register on service now and I'm in trouble specifically about commenting on an incident. The endpoint to comment is the following :
http://hostname/api/now/table/incident/{sys_id}
where request body is a json object just as simple as :
{
"comments": "My comment is foo bar"
}
but when this comment is registered on Service Now it is under integration user instead the user which commented. Is there any way I could keep a specific user, considering I already have the user id on Service Now ready to inform it on the request the way it should be.
I tried reading Service Now documentation but had no clue how to solve it, altought I've found something about impersonate
This is happening because you're being proxied through the "Integration User" instead of your own account. As long as this is the case, your comments are going to be attributed to the Integration User.
I can think of two ways to fix this issue.
Ask the client to log you into their system directly as a user.
Implement a special API (Scripted REST API, available in Geneva or later) that allows you to identify the Incident and enter the comment, and then the script forges the comment on your behalf, attributing authorship correctly.
The first solution can be expensive due to possible additional licensing costs.
The second solution will require a willing client to devote 2-3 hours of development time, depending on the programmer.
Firstly, you need an integration user with suffient rights. Our integration user has suffient rights out of the box, but your story could be different. A quick check is to try impersonate as other user using menu.
Login as integration user to ServiceNow instance.
Go to https://{instance}.service-now.com/nav_to.do
Click on username at top right corner. This is a drop down.
There should be at least three menu items: "Profile", "Impersonate User", and "Logout". If you do not have "Impersonate User" in this menu, your integration user miss some permissions. Contact system administrator if you miss this menu item to configure appropriate permissions.
Then you need to find sys_id of user that you want to impersonate. For example:
https://{instance}.service-now.com/api/now/table/sys_user?sysparm_query=user_name={username}&sysparm_fields=sys_id
If you have suffient privileges, you could invoke the folling endpoint with sys id of user that you want to impersonate:
HTTP POST to https://{instance}.service-now.com/api/now/ui/impersonate/{user_sys_id} with body "{}" and content type "application/json". You need to provide HTTP basic authentication to this query as your integration user.
The response code on success is 200. The response body could be ignored. The interesting result of this response is a set of cookies for impersonated user in response headers. These cookies could be used for subsequent REST API calls until they expire. Use some HTTP rest client dependent method to capture them and to provide them to next calls.
For Apache HTTP Client (Java), I'm creating http client context using:
HttpClientContext context = HttpClientContext.create();
context.setCookieStore(new BasicCookieStore());
Pass thing context to impersonation request and to subsequent API calls until I get 401 reply, after that I'm reaquiring cookies. Setting new cookie store is important, as otherwise some default cookies store is used.
Two things to note:
This API looks like internal one, so it could change at any time. If it happens, look for what "Impresonate User" menu item does, and repeat it youselves.
ServiceNow permissions are quite fine-grained, so the target user could lack permissions to perform operation. In some cases, if there is no permission to update the field the operation PATCH on object returns reponse 200, but field is not updated. This introduces a surprising mode of failure when you use impersonation.

Reading file content based on Box Webhooks Events

I want to develop an app that listens to Box Webhooks events for a file create or upload event, and then reads the content of that newly created/uploaded file.
However, I am not able to do so because as far as I understand I need an access token to be able to read contents of a file, but the Box Webhooks [create/upload] event does not provide me with any access token.
Could you please suggest a way using which I can implement my app?
Webhooks are kinda like a postcard. They only give you the bare minimum of info to tell you what file has changed. They're being sent over the wire to an unauthenticated destination, so when a webhook goes out, it can't have a lot of secret information already in it.
It's up to you to catch that webhook, look at the file-id (and potentially some other info, like the user-id) and know what user to have login and get the additional information.
If your application is server-side, and the users have signed in, then you'll already have their credentials, and you can go get the extra info.
If your application is a mobile app with no server side, then you will have to have the client make the extra API calls to get the details.

Box Rest API: Getting user info after login

I know the steps to authenticate user and getting the user info after performing this call:
GET https://www.box.com/api/1.0/rest?action=get_auth_token&api_key={your api key}&ticket={your ticket}
But what I'm really looking for is to get user info after performing certain operation such as upload new file, in particular the user quota:
<space_amount>1234567</space_amount>
<space_used>1234</space_used>
Is there any way to get the latest user quota without calling the 'get_auth_token' again? As I understand it, 'get_auth_token' will generate new auth_token which I'd like to avoid.
There isn't yet a fully equivalent method in the v2 API. but you can utilize the get_account_info method from the v1 API to retrieve this information.