search

paytrail / api-documentation

Paytrail Payment API documentation
MIT License
6 stars 11 forks source link

Adding (tokenizing) cards 401 (Unauthorized) #50

Closed raidokulla closed 9 months ago

raidokulla commented 2 years ago

Unable to get 301 redirect URL. Response: 401 (Unauthorized)

The documentation states that no signature header is needed, auth is done with form params. I am working with Node.js.

My params to calculate the Hmac signature key.

 const params = {
      'checkout-account': process.env.PAYTRAIL_ID,
      'checkout-algorithm': 'sha256',
      'checkout-method': 'POST',
      'checkout-nonce': '123456',
      'checkout-redirect-success-url': 'http://localhost:3000',
      'checkout-redirect-cancel-url': 'http://localhost:3000'
    }

The key will be: 5c07c04aa2d97a6eb0f8a8240e47f5a1e838cdf0d88edc7a21e347f76d8f55c6

As the documentation states, it's a form data with method POST. My form:

const form = new FormData()
    form.append('checkout-account', process.env.PAYTRAIL_ID)
    form.append('checkout-algorithm', 'sha256')
    form.append('checkout-method', 'post')
    form.append('checkout-nonce', '123456')
    form.append('checkout-redirect-success-url', 'http://localhost:3000')
    form.append('checkout-redirect-cancel-url', 'http://localhost:3000')
    form.append('signature', signature)

And then we send out the request:

  form.submit(payTrail, function(err, res) {
      console.log(res.statusCode)
      console.log(res.statusMessage)
      res.resume()
    })

Response: 401 / Unauthorized

Let's console.log to check what was sent out

hmacPayload: checkout-account:375917 checkout-algorithm:sha256 checkout-method:POST checkout-nonce:123456 checkout-redirect-cancel-url:http://localhost:3000 checkout-redirect-success-url:http://localhost:3000

PAYTRAIL URL: https://services.paytrail.com/tokenization/addcard-form PAYTRAIL SECRET: SAIPPUAKAUPPIAS PAYTRAIL ID: 375917

Here is the full code from my controller:

const payTrail = 'https://services.paytrail.com/tokenization/addcard-form'

    const params = {
      'checkout-account': process.env.PAYTRAIL_ID,
      'checkout-algorithm': 'sha256',
      'checkout-method': 'POST',
      'checkout-nonce': '123456',
      'checkout-redirect-success-url': 'http://localhost:3000',
      'checkout-redirect-cancel-url': 'http://localhost:3000'
    }

    const signature = await myFunc.calculateHmac(process.env.PAYTRAIL_KEY, params, undefined)

    console.log('PAYTRAIL URL:', payTrail)
    console.log('PAYTRAIL SECRET:', process.env.PAYTRAIL_KEY)
    console.log('PAYTRAIL ID:', process.env.PAYTRAIL_ID)
    console.log('Hmac:', signature)

    const form = new FormData()
    form.append('checkout-account', process.env.PAYTRAIL_ID)
    form.append('checkout-algorithm', 'sha256')
    form.append('checkout-method', 'post')
    form.append('checkout-nonce', '123456')
    form.append('checkout-redirect-success-url', 'http://localhost:3000')
    form.append('checkout-redirect-cancel-url', 'http://localhost:3000')
    form.append('signature', signature)

    form.submit(payTrail, function(err, res) {
      console.log(res.statusCode)
      console.log(res.statusMessage)
      res.resume()
    })

Here is the Hmac function I use (copied from Paytrail example for Node.js)

// CALCULATE HMAC
const calculateHmac = (secret, params, body) => {
  const hmacPayload = Object.keys(params)
    .sort()
    .map((key) => [key, params[key]].join(':'))
    .concat(body ? JSON.stringify(body) : '')
    .join('\n');

  console.log('hmacPayload:')
  console.log(hmacPayload)

  return crypto.createHmac('sha256', secret).update(hmacPayload).digest('hex')
}