Hey guys, I'm trying to create a website that can help a user purchase items from other websites. What would be the best way to go about doing this?
I know most of the sites I'm using are sending their information using FORM:POST, but I'm having trouble finding the exact POST packet in fiddler (I'm assuming it's encrypted?), and know that a lot of the sites are using login credentials, so that complicates things a bit.
Is there any way I could use webkit or something to handle all the http stuff, and just pass javascript to fill in the forms? Or is there an even simpler way to create proper POST packets and use a WebRequest?
Thank you!
1) get permission
2) use their published API
If the sites do not have an API and allow you to use their server process, copy their forms to your site and use post. You can post from your server with credentials using for example CURL
Usually shopping cart and credit-card transaction use SSL and you have to login in the site. So I think it's not so simple to bridge with a javascript or a simple webrequest.
There's not a statndard-simple-way way to do this!
You're heading for a world of hurt.
First, you should check if what you're trying to do is legal. Does the web site allow "proxy orders"? Or are they forbidden by their EULA?
Second, you'll have to handle the user's confidential data (username, password, credit card number), and especially credit card numbers are calling for troubles.
Third, how are you planning to implement payment methods like PayPal? You're going to collect the user's PayPal credentials in order to make payments on their behalf? (See point number two if answer is yes.)
Fourth, since you have to fake HTTP requests, as soon as the web site changes a single field, your tool will break, how are you planning to handle this?
Or you're trying to automate only the first steps of the orders and not the payment?
Related
I am trying to use the PayPal Here Sideloader (C# web application). I am getting unexpected results where the Application doesn't always return to my web application in Safari (iPad). Also, it opens a new tab every time. So I decided to use IPN to handle processing after the purchase.
But while using PayPal HERE, I noticed that check and cash transactions are not calling my IPN Url. I tried to search transactions using the REST API and I don't even see them. Credit card and Apple pay transactions work fine. So my question is two fold.
After speaking to someone at PayPal who might or might not know what they are talking about said something to the effect of, 'those transactions aren't supported'. I don't necessarily believe that because if I have the Invoice Id (INV2-XXXX-XXXX-XXXX-XXXX) I can use the REST API to get what I need. Was the person correct, or has anyone else done this before?
What if I have my custom Order Id (see image), how can I get the Invoice Id?
(I've looked at the Invoicing API (REST) and TransactionSearch (NVP) and neither of these return information about the transaction.
After feeling like I have searched the ENTIRE internet, I saw that the documentation for the iOS and Andriod SDK mentioned the URL for the PayPal Here API.
That url (for production) is https://www.paypal.com/webapps/hereapi/merchant/v1
I just happen to add '/invoices/' to it and got an authentication error. Once I was able to authenticate, I see that this returns a list of all 'invoices' processed in PayPal Here. You'll need to connect using OAuth2, but the list is what I needed to filter based on order ID.
I have coded a C# MVC5 Internet application and I have a Web API 2 web service that returns JSON data. I am retrieving this JSON data in an android application.
How can I add a feature to the web service such that only my android application can retrieve the JSON data? I am wanting to do this so that other web users cannot hammer the url and the web service will not send my data to unwanted applications and/or users.
Is this possible? If so, how should I do this?
Thanks in advance.
You have various ways to achieve this in fact.
For example, you can store a key in your android application and use send this key together with the request to your WebAPI. Your webAPI will than check if they key is valid and if it is, it will return the JSon.
However, there's no way to ensure that nobody else can request and get your data. For example by reverse engineering your android application and extracting the key, or by monitoring the network traffic and find the key in there.
You need to understand that there isn't anthing that guarantuees you 100% security.
See it as the following:
You have an open door right now, you can close it little by little, but closing and locking down is not possible. There will always be gap. A house also can't by made burglar proof, but you can make it very hard for a buglar to enter.
Go to this link Web Api. I have used the individual authentication for my web api. When you will register the user the response you will get is access token and use that access token as Authentication header in your ajax call if you are using Jquery ajax to call your Web Api. Refer this The OAuth 2.0 Authorization Framework. Hope this help you.
Are you looking for something like this?
http://httpd.apache.org/docs/2.2/howto/access.html
If you have other web server, there should be appropriate means to support such.
I know the question sounds too vague so let me explain exactly what I want to implement.
I have a WebApplication that many users log into to submit a request, Request in my project is a form that accepts some information from the user and when he click submit, it reflects on the administrator page. then the admin can grant or decline this request. and of course the result need to be sent to the user's 'Pending Requests' page.
this process is all about time so I need a clean and efficient way to show the admin the requests instantly and for the user to see the admin's response instantly. (kind of like facebook notification system).
I hope my problem is know clear. I understand that there are many ways to implement this and I have a very small knowledge about them. But I just want you guys to recommend an effecient way because I'm sure that the good ways to do this is limited.
Thanks in advance everybody :)
I will suggest you take a look at SignalR (https://github.com/SignalR/SignalR). It is a framework developed by a few MS developers for doing long polling/notifications from the server.
Link for webforms walkthrough - http://www.infinitelooping.com/blog/2011/10/17/using-signalr/.
You could also look into using a Timer control. It's a client side control that will cause a postback for ASP.NET AJAX applications. Here's a simple tutorial
http://ajax.net-tutorials.com/controls/timer-control/
What you're talking about is a 'push' notification, where the server would pass a notification to the client (a browser) without the client requesting anything.
This isnt something which HTTP is naturally capable of, however have a read about Comet - this will let you know the current state of what is possible.
You may opt for creating a 'heartbeat' on the client side - a polling mechanism which requests from the server every x seconds, and updates the page when new content is found.
I need a clean and efficient way to show the admin the requests instantly and for the user to see the admin's response instantly.
Instantly is a very strong term and isn't usually very scalable.
For some ideas on how you might implement this I'd recommend you take a look at Wikipedia's Comet Programming page
When a user submit requests I assume that his request is first stored in the database. So on the admin & user part you use ajax which periodically update data from database (for un-approved data), do some google search on ajax auto-update or Javascript's timeout or similar function. The same process will be involved in user part.
First time poster. Back to programming after being away for a few years, trying to clean off the rust. I'm creating a dashboard that will run initially on my laptop (Macbook Pro, 10.4.x O/S). Amongst other things I want it to retrieve latest information from my online accounts. I'm starting with html, but will probably migrate to something else (TBD, possibly ruby or c#). What would sample code look like for logging into account, going through specific account workflow, retrieve data/docs/other, and pull it back to be stored locally.
It is a little open-ended, apologies and thanks in advance.
Are you looking for something like Google Gears?
It depends on the kind of accounts you want to log onto.
For instance there is a Google has an specific API for that Google Accounts API, other services provide similar API's some other do not.
So it depends pretty much what are your "online accounts" all about and if they do provide a public API or not.
EDIT
As per your comment and for the products you've mentioned, I'll suggest your to start looking at browsers plugin development and to start understanding the HTTP protocol and all the related technologies around it ( HTTPS, encryption, authentication etc. )
The public API let you easily login into an account, but you don't really need one to do it ( although it make life much more simpler ) If you do not have a public API, you can still login into any account by "simply" doing what the browser does. Sending an HTTP(s) request with the appropriate security mechanism and following the protocol.
If you know how does the browser send the request and you have the user trusting your their passwords, the only remaining thing you have to do is ... :) code it.
As of now the question is too broad to be answered. Pick one service at a time and ask specific questions about it.
I would suggest you to start with the previously mentioned "Google Accounts" API and learn from there.
One open source product that already manages google account authentication is "Ubiquity" you can take a peak at their source code and start understanding how do they fetch the user contact list.
I'm trying to build a C# console application to automate grabbing certain files from our website, mostly to save myself clicks and - frankly - just to have done it. But I've hit a snag that for which I've been unable to find a working solution.
The website I'm trying to which I'm trying to connect uses ASP.Net forms authorization, and I cannot figure out how to authenticate myself with it. This application is a complete hack so I can hard code my username and password or any other needed auth info, and the solution itself doesn't need to be something that is viable enough to release to general users. In other words, if the only possible solution is a hack, I'm fine with that.
Basically, I'm trying to use HttpWebRequest to pull the site that has the list of files, iterating through that list and then downloading what I need. So the actual work on the site is fairly trivial once I can get the website to consider me authorized.
I have dealt with something similar, and the hardest part is figuring out exactly what you needed to "fake" to get authorized. In my case it was authorizing into some Lotus Notes webservice, but the details are unimportant, the method is the same.
Essentially, we need to record a regular user session. I would recommend Fiddler http://www.fiddler2.com but if you're on linux or something, then you'll need to use wireshark to figure some of the things out. Not sure if there is a firefox plugin that could be used.
Anyway, start up IE, then start up Fiddler. Complete the login process.
Stop what you're doing. Switch to the fiddler pane, and examine the recorded sessions in detail. It should give you exactly what you need to fake using WebRequests.
This page should get you started. You need to first make a request to the page, and then saving the cookie to a container that you include in all later request. That should keep you logged in, and able to retrieve the files.