Open cbunicef opened 1 year ago
Transformation for the phone number for South Africa: "Remove the plus, and if it starts with 0 replace that 0 with 27. Then remove any non-number characters."
Also consider validating the user's phone number input via a separate endpoint: https://docs.moyapay.app/#checking-customers
When we make the payment through the endpoint we will receive a response with a definitive answer on whether the payment was successful. There's no need to make additional calls to validate the payment, eg as there would be if the payment response was "pending".
Users are sent a notification instantly on their smart phone via the Moya app. The Moya app on a single phone can only access a single Moya account, you need to clear data or delete/download the app
Recommendation from Moya on best practice for abuse prevention:
Ndeshi has looked into the 'abuse prevention' point raised by IoGT and has the following advice to be implemented by IoGT / Yoma when rewarding customers (point 6): • Store the request bodies made for paying users and keep a consistent form of referencing for paying customers. Additionally store the returned results for this so you can have a cross reference for successful payments and the username's associated with it. This way you can then use this referencing style and the username to ensure that certain customers are only paid once. For this I'd imagine having a check before the pay is run to make sure that the username and reference combination are not ones that have been used before • Create an interval of sorts between payments for usernames. So once a payment is made, have some sort of block from allowing calls to be made to the same username within a certain period of time. Related is to create a timestamp for when a payment is made this way you can have a way to keep track of when certain users were paid and for what.
Moya have sent a sandbox token to use in our development: https://dev.azure.com/unicef/ICTD-IOGT/_boards/board/t/ICTD-IOGT%20Team/Stories/?workitem=153637
Community comment moderator can edit profile and add/edit moyapay username & phone number
Admin will add MoyaPay settings (It can be added on site settings as well as new settings):
Approval for payments (if and when)
Can’t detect same person with different accounts as of now
After the moderation of comment, it will trigger the payment process.
The payment validation before calling to the endpoint.
Think of generic activities that are tied to payments instead of comments directly.
After the successful validation, we will make the payment through the endpoint, we will receive a response with a definitive answer (successful or not). The response will be stored in a new model MoyaPayPayment.
In case the status is unsuccessful for any reason, such as insufficient funds or system errors it will be treated as a pending payment.
Here is an example model table named MoyapayPayment with its fields and description:
Activity model table to keep the track of the activity related to the payment:
For example: Ali Hassan (Actor) approved (verb) a comment (object) on IoGT site and received payment (target) for his work.
Note: All the pending payments will be processed in the background to ensure their success.
Documentation: https://docs.moyapay.app/#http-request
This looks like simple API structure to "pay customers":
Example Request
We would need to get the Moya username from each user, and also get an authentication token which would be set in the Admin Panel.
Ideally an Admin could add multiple authentication tokens in the Admin Panel, and they can select one of the tokens for use in community moderation. Each token has a nickname which does not include the authentication string.
These settings should have a separate permission to access in the Admin Panel.
The integration with community moderation should trigger a payment to the IoGT user's Moya username when they moderate a comment for the first time.
How do we prevent abuse?