Example failure

[petertellgren]

I'm trying out this API wrapper as a pure exercise and also trying to write my own version in ruby later on. However I fail on step 1 as the example php file fails for me. I'm not sure but does it have to run on a public facing php-server?

I tried it locally running on MAMP.

error given:

Swedbank-fel: Inlogging misslyckades. Kontrollera användarnman, lösenord och authorization-nyckel. (Err #10) 
#0 SwedbankJson/swedbankJson.php(190): SwedbankJson->login() 
#1 SwedbankJson/swedbankJson.php(153): SwedbankJson->swedbankInit() 
#2 SwedbankJson/example.sample.php(13): SwedbankJson->accountList()
#3 {main}

[walle89]

You can run it on you local machine, but I think this is a problem related to your firewall. Here is one common problem and how you fix it: http://stackoverflow.com/questions/8419747/php-curl-does-not-work-on-localhost

[HalfVoxel]

I think Swedbank might have changed their API recently. I have been using this API with a cron script for a month or two, it has all worked fine until just a few days ago when it started reporting that the login failed. I double checked my logins and even tried to change the login on the swedbank website, but still no luck.

Does it work for you?

[walle89]

It seams to be a problem, below you can see a response the API returns when I try to login via current code. The Swedbank app don't don't have something like this in the traffic log and I don't know what is wrong with the code more than the headers is not in the right order, but it's still the same headers,

This can take a while to find the problem and solve it, because I can't use much time for this. You are all welcome to assist me.

HTTP/1.1 201 Created
Server: FSB
Date: Sat, 10 May 2014 20:55:40 GMT
Cache-control: no-cache
Set-cookie: JSESSIONID=0000n_OfE-6SJBU_436X19uvhdS:18mbubho5; Path=/; Domain=api.swedbank.se; Secure; HttpOnly
X-powered-by: Servlet/3.0
Content-language: sv_SE
Content-type: application/json; charset=UTF-8
Pragma: no-cache
Cache-control: no-cache, no-store, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-cookie: SWBTC=gi35jCq1KpGexTaK8FLZIEgVIKk=:MjVkMDUzMzoxNDVlN2FjOWQ0MjotNTc3NQ==:FdmKbQ==; Expires=Thu, 09-May-19 20:55:40 GMT; Path=/; Domain=.swedbank.se; Secure
Set-Cookie: mobilsession=rd1o00000000000000000000ffff0a9b3040o443; path=/
Vary: Accept-Encoding, User-Agent
Content-Encoding: gzip
Content-Length: 182
Connection: Keep-Alive

‹ÿŒË
ƒ0D¥ÜµE´¡+û T‹Pº*¢WM‰M|‹ÿ^]ÍÀ™33Ô¨´1÷dŠ^‹Ÿøk™ÂÜ,æ
àL”ÜÍ–6…\9Ü.Ð*¶v³#f­dÆ8š°,`¬G_æLÜ·é4Le_~ý0{;ç1øT=µ_{ÙVeOi„WŸXar8òä´~jTªˆU¸ºÔ"¶åkG©ë8°ü
HFò¶"
}

[HalfVoxel]

The order of the headers should not matter. Quoting the spec:

The order in which header fields with differing field names are received is not significant. However, it is "good practice" to send general-header fields first, followed by request-header or response- header fields, and ending with the entity-header fields.

I don't use the mobile application, but maybe I should download it to track what it is doing. Do you know of any good application to capture the requests? I obviously cannot use something like Wireshark because it is not running on my local machine.

[eminos]

Yep. Same problem here. The API wrapper seems broken (swedbank_företag) :( Damn you Swedbank!

[walle89]

@HalfVoxel That's what I meant, it shouldn't matter. Yes, you can use Wireshark to monitor a LAN, but only non encrypted traffic unless you have the private key. When I looking into the mobile app SSL-traffic I'm using Charles Proxy and you can download and use it for free for 30 days. Here is instructions for Andorid (http://jaanus.com/blog/2012/02/12/debugging-http-on-an-android-phone-or-tablet-with-charles-proxy-for-fun-and-profit/) and IOS (http://blog.cloudfour.com/using-charles-proxy-to-examine-ios-apps/).

@eminos You said it.

[Mrbrand]

The 'Mitt-Saldo' app still works for swedbank on my iphone: https://itunes.apple.com/se/app/mitt-saldo-fungerar-med-seb/id397681188?mt=8

The author has released the project code and libraries on github: https://github.com/bjornsallarp/Mitt-Saldo https://github.com/bjornsallarp/Mitt-Saldo-Library

Don't know if this is any help.

[walle89]

I believe it is fetching the data from https://mobilbank.swedbank.se/. Simply put, you fetch the HTML and then using one big or several smaller regeular expressions to extract transactions data. This site was used for there old mobile app. The reason I don't want to use the old mobile page is I believe Swedbank will shut it down sooner or later and then we will be in this situation again. Plus I have to rewrite the code from scratch.

Thank you @Mrbrand any way.

[HalfVoxel]

And besides. A json API is so much nicer to have than having to parse HTML using regex.

So, you said the mobile app didn't have any of this in the traffic log? I really hope so, because that means it is just a bug and not that swedbank suddenly has started to encrypt the results for some reason.

[walle89]

The result is not encrypted, just using HTTPS.

[walle89]

I think I have found a solution. I played with Guzzle (https://github.com/guzzle/guzzle) and at least the first step of the login part worked and now I get a nice non encrypted JSON response. I don't know what "magic" Guzzle do and mine code doesn't, but I will continue investigate and either find out what this magic is or convert the project to use Guzzle. Converting to Guzzle depends of course on if I can make the rest of the API requests to Swedbank work. But I think it's more of "when" and not "if" I can make it work.

If I convert the project to Guzzle, I have to higher minimum requirements for this project. The requirement will be PHP version 5.4+ and I have also to convert the project to Composer. But I think this is not a problem for any of you. I will of course provide an installation guide for Composer on release.

[eminos]

Fixing the current problem would of course be a better solution, since PHP54+ requirement, composer requirement and guzzle wouldn't add anything to this wrapper (except a couple of requirements). But a working script is better than no script :)

BTW, why would you need to convert to composer? Can't you just pull in guzzle manually?

[walle89]

Well fixing the current problem depends on you know what the problem is and how much work is it to fix it. It could be a CURL setting (not likely, I have tried everything related to SSL), but it could also be I have to rewrite everything related to Curl. I simply don't know and I don't have much time to find out because I have a project that needs this API. Now I have a potential alternative solution with Guzzle, I'm taking the safe route and I'm staring convert it to Guzzle. Besides with Guzzle I will able to clean up the code a bit and have much nicer debugging tools.

I don't know how much you know about Composer, but I can say it's really awesome for manage dependences. You can read about it here: https://getcomposer.org/doc/00-intro.md. Not only I don't have to maintain and update some else's code, it's makes relay easy for someone import to there own project and keep it up to date. I already have converted to Composer for a few weeks ago. All I need to do before commit and push is to test it out.

If you are not convinced then you can still clone as usual and download each dependency manually.

[eminos]

Do your thing Eric! I'm looking forward to the updated version :) I know about Composer, I'm using it a lot with Laravel projects, it's great. Let me know if you want me to help testing or something.

[walle89]

I can now confirm that the API works with Guzzle. My simplified prototype works and reached the last step of Swedbank's API. Now I have to implement into the wrapper, which is the big part.

[walle89]

Can someone with Swedbank business confirm it's working?

[eminos]

I'm stuck at what seems to be Composer related.

require 'vendor/autoload.php';

use walle89\SwedbankJson\SwedbankJson;
use walle89\SwedbankJson\AppData;

define('USERNAME',  123401011234);
define('PASSWORD',  '123456');
define('BANKID',    'swedbank_företag');

try
{
    $bankConn    = new SwedbankJson(USERNAME, PASSWORD, AppData::bankAppId(BANKID));
    $accounts    = $bankConn->accountList();
    $accountInfo = $bankConn->accountDetails($accounts->transactionAccounts[0]->id);
    $bankConn->terminate();
}
catch (UserException $e)
{
    echo $e->getMessage();
    exit;
}

Fatal error: Class 'walle89\SwedbankJson\SwedbankJson' not found in /home/user/swedbank_cron/SwedbankCheckCron.php on line 17

Line 17 is $bankConn = new SwedbankJson()...

The installation went fine. I've moved the files up a directory so I ran composer dump-autoload to be sure. Everything seems fine. Can't figure out what's wrong :/

[walle89]

It's the same issue as #8. And the wired thing is it's working on OSX but not on my Ubuntu servers. When I get home from work, I will try a new composer.json that might work.

[walle89]

It's fixed now. Remove everything and start over. I have updated the installation instructions and example code because I have changed the namespace and that means some adjustments to the code.

I would be grate if someone like @eminos could test out Swedbank business aspects of the warpper.

[eminos]

"composer update" + namespace adjustments worked fine. And yes, the wrapper works again :) Thank you.

[walle89]

Well, when I executed "composer update", it didn't update my renamed files until I removed and installed again. Maybe I did miss something.

Oh well. thank you for your time.