Expiration of Saferpay API

[martinclaus]

The SaferPay API will be shut down at the end of 2020. Are there plans to migrate to the JSON API to support 3-D Secure 2?

[martinclaus]

I have just read that from 14th of Septermber 2019, Online Credit Card Payments must support 3-D Secure 2. This increases the urgency a little bit.

[maxfischer2781]

It seems that my institution will not use Indico for ePayments after August 2019 due to internal regulations. This means I do not have any resources for the required maintenance. While I could probably free up some time for coding a draft using the JSON API, this would be completely untested. IMO this is not an adequate level of quality for such an API.

I am open for a pull-request or an external test-bed. The documentation shows almost the entire plugin would stay intact, with most of the API calls translated and only small changes.

• [ ] Successlink and NotifyUrl require an explicit call to PaymentPage/Assert
• [ ] Security verification is changed from explicit signatures to HTTP/S authentication.

[martinclaus]

The token send by Saferpay with the response to the Payment Page initialization request must be stored to be later able to create an assert request for that transaction. My suggestion is to already register the transaction as "pending" after receiving the response to the initialization request. This transaction can then be altered when the payment is captured, cancelled or has not been successful (redirection to abort or cancel url).

[martinclaus]

The implementation of the JSON API is completed. See #11.

[ThiefMaster]

Does this mean the plugin, in its current state, is no longer usable at all?

[maxfischer2781]

I assume so. Please see #11 for the current state.

Since I don't have any means to test SixPay via my institution anymore, I would not mind giving ownership of the package to someone who does.

[ThiefMaster]

We (CERN Indico developers) are not interested in taking over maintenance as we do not use it ourselves, but we'd probably be willing to give a hand with #13 if needed (I think the basic upgrade to run on Python 3 would take me maybe 1h max, but of course I cannot test it as soon as it comes to interacting with sixpay APIs).

However, if the plugin is broken at the moment it means that it's much less priority as we can suggest to just disable it for the time being when upgrading the instances that currently use it to Python 3.

[ThiefMaster]

I just checked the DB of an instance using this plugin, and the last successful transaction was on 2021-01-15. so I guess we can assume the plugin still works.

[ThiefMaster]

And a few minutes later (completely unrelated to this I guess) I saw a request for https://www.saferpay.com/hosting/CreatePayInit.asp 404ing on that same instance when someone tried to pay...

[maxfischer2781]

We are not interested in taking over maintenance as we do not use it ourselves

That's practically where I am at now. As long as the plugin works with the API that I have tested it for, I am in no hurry to take it down. But since ePayment going wrong does have serious implications, I cannot comfortably approve content changes that are untestable to me.
Something like porting to Python3 would be fine by me, as long as there are no other changes such as formatting.

[ThiefMaster]

Yeah, I also would not want to install an untested payment plugin on any Indico instance I'm managing - that's why having someone who can test it (ideally with a test account to avoid actually paying money) is certainly important.

[ThiefMaster]

https://test.saferpay.com/BO/Welcome and https://www.six-payment-services.com/en/site/e-commerce-developer/testaccount.html#section-test-account looks like it's not too hard to get up to date test accounts by the way. So maybe that would help whoever will update the plugin?