Signing Paypal, "X-PAYPAL-AUTHORIZATION" in Ruby

Question

Signing Paypal, "X-PAYPAL-AUTHORIZATION" in Ruby

Is there any library in Ruby that generates the Signature header, 'X-PAYPAL-AUTHORIZATION' , which is required to make calls on behalf of the account owner who allowed us through the PayPal permission API. I ended up with a permission stream and get the required access token, tokenSecret. I feel that I am generating the signature incorrectly, since all my calls with the generated "X-PAYPAL-AUTHORIZATION" fail. They give the following errors:

To call NVP, I get:
You do not have permissions to make this API call

And for calling GetBasicPersonalData, I get:
Authentication failed. API credentials are incorrect.

Has anyone gone through this in Ruby? The best way to create a signature. Paypal just provided some SDK in Paypal, Java, but not an algorithm for generating a signature.

Thanks,
Nilesh

+4

ruby signature paypal

Nilesh Mar 6 '12 at 6:22

source share

2 answers

X-PAYPAL-AUTHORIZATION header [generated with the URL "https://svcs.paypal.com/Permissions/GetBasicPersonalData". (see page 23 and chapter 7 here)

NVP, which states that "you do not have permission to make this API call," means that your API credentials are correct, just that your account does not have permission for the specific API that you are trying to call. Something between the two calls you make does not use the same API credentials.

To call NVP, I get:

What is the challenge of NVP?

TransactionSearch (see comments below)

In addition, if you have not already done so, you will want to use the APP-ID for the sandbox for testing in the sandbox, and you will need to apply for the application identifier with the Technical Development Services (DTS) in PayPal to get the App-ID for life.

EDIT:

To use the TransactionSearch API, all you need to submit is listed below. You do not need to specify additional headers.

 USER=xxxxxxxxxxxxxxxxxx PWD=xxxxxxxxxxxxxxxxxx SIGNATURE=xxxxxxxxxxxxxxxxxx METHOD=TransactionSearch VERSION=86.0 STARTDATE=2009-10-11T00:00:00Z TRANSACTIONID=1234567890 //And for submitting API calls on bob behalf, if his PayPal email was bob@bob.com : SUBJECT=bob@bob.com

+2

Sgtpooki Mar 07 '12 at 3:49

source share

Mark paine · Accepted Answer · 2012-04-17T15:32:31+0000

Take a look at the gram of PayPal permissions.

https://github.com/moshbit/paypal_permissions

In particular, lib / paypal_permissions / x_pp_authorization.rb requires 'cgi' require 'openssl' requires 'base64'

 class Hash def to_paypal_permissions_query collect do |key, value| "#{key}=#{value}" end.sort * '&' end end module ActiveMerchant #:nodoc: module Billing #:nodoc: module XPPAuthorization public def x_pp_authorization_header url, api_user_id, api_password, access_token, access_token_verifier timestamp = Time.now.to_i.to_s signature = x_pp_authorization_signature url, api_user_id, api_password, timestamp, access_token, access_token_verifier { 'X-PAYPAL-AUTHORIZATION' => "token=#{access_token},signature=#{signature},timestamp=#{timestamp}" } end public def x_pp_authorization_signature url, api_user_id, api_password, timestamp, access_token, access_token_verifier # no query params, but if there were, this is where they'd go query_params = {} key = [ paypal_encode(api_password), paypal_encode(access_token_verifier), ].join("&") params = query_params.dup.merge({ "oauth_consumer_key" => api_user_id, "oauth_version" => "1.0", "oauth_signature_method" => "HMAC-SHA1", "oauth_token" => access_token, "oauth_timestamp" => timestamp, }) sorted_query_string = params.to_paypal_permissions_query base = [ "POST", paypal_encode(url), paypal_encode(sorted_query_string) ].join("&") base = base.gsub /%([0-9A-F])([0-9A-F])/ do "%#{$1.downcase}#{$2.downcase}" # hack to match PayPal Java SDK bit for bit end digest = OpenSSL::HMAC.digest('sha1', key, base) Base64.encode64(digest).chomp end # The PayPalURLEncoder java class percent encodes everything other than 'a-zA-Z0-9 _'. # Then it converts ' ' to '+'. # Ruby CGI.encode takes care of the ' ' and '*' to satisfy PayPal # (but beware, URI.encode percent encodes spaces, and does nothing with '*'). # Finally, CGI.encode does not encode '.-', which we need to do here. def paypal_encode str s = str.dup CGI.escape(s).gsub('.', '%2E').gsub('-', '%2D') end end end end

Examples of parameters:

 url = 'https://svcs.sandbox.paypal.com/Permissions/GetBasicPersonalData' api_user_id = 'caller_1234567890_biz_api1.yourdomain.com' api_password = '1234567890' access_token = 'YJGjMOmTUqVPlKOd1234567890-jdQV3eWCOLuCQOyDK1234567890' access_token_verifier = 'PgUjnwsMhuuUuZlPU1234567890'

Signing Paypal, "X-PAYPAL-AUTHORIZATION" in Ruby

More articles: