How to encrypt payload in Python to make a payment - Adyen payment gateway

守給你的承諾、 提交于 2021-02-11 08:15:54

问题


I'm fairly new to coding, this is one of my first bigger Python projects that I'm working on and I have a problem with Adyen payment submission.

I'm trying to make a payment on a website that uses an Adyen payment gateway. Adyen encrypts your payment data client side and only accepts encrypted requests otherwise they'll throw back a 400 bad request and the payment will not go through.

I'm stuck when it comes to ideas, I analyzed the traffic in Charles when I'm making a payment manually - before making a payment the phone will send a GET request to this link on the Adyen website and then the next request is a PUT request to the payment URL with the data already encrypted.

I have no idea how I can encrypt my details in a way that Adyen will accept them and the payment goes through successfully. Do I make a JS file on my computer with the code from the link before making a payment and then I can just call the JS in my Python script to encrypt the details?

I've tried sending unencrypted data to the payment URL but like I previously said it just throws back a 400 status code and the payment doesn't go through. The encrypted data that a correct request sends looks something like this: "encryptedData": "adyenjs_0_1_18$......"

def payment():
        payParams = {
            'api_key': 'websiteAPIKey',
            'channel': 'iphone-mosaic',
            'type': 'CARD'
        }
        payPayload = {
            'number': cardN,
            'expiryMonth': expM,
            'expiryYear': expY,
            'cvc': cvc,
            'holderName': fName + ' ' + lName
        }
        pay = s.put('websiteUsingAdyenGateway', headers = payHeaders, params = payParams, data = json.dumps(payPayload))

The expected result should be a 200 status code with the payment actually going through but with no encryption, it always throws back a 400 status code.


回答1:


I think you are inserting yourself into the processes where you shouldn't. Adyen is purposefully encrypting the details for you on the client. This is required for PCI compliancy.

Only handle raw card data if you are PCI level 1 or 2. You need to be processing one million or more transactions annually to qualify.

Presuming not, you should be using a component (Adyen term for a bundled js shopper collection form) to collect the card details. You have two components to choose from:

  • card component: more plug-and-play, insert a single div for all card collection fields
  • secure fields component: more customizable, insert a div for each fields of a card (e.g. number, cvc, expiration)

Note: Both require you to create an origin key that has to match to the domain you are making a payment. e.g. if you are doing a test and hosting your server on localhost on port 8080, create an origin key for http://localhost:8080.

In either case, both of these require you to implement a callback that will provide you the encrypted blobs you need to pass to Adyen.

function handleOnChange(state, component) {
    if (state.isValid){
        // All card fields pass formatting validation
        fetch('localhost:8080/handleComponentData',{
            method: 'POST',
            headers: {
                'Content-Type': 'application/json'
            },
            body: JSON.stringify(state.data)
        })
    }
}

That state.data can be passed, as is, in the paymentMethod object as part of a /payments request

state.data's contents:

{
    type: "scheme",
    encryptedCardNumber: "adyenjs_0_1_18$MT6ppy0FAMVMLH...",
    encryptedExpiryMonth: "adyenjs_0_1_18$MT6ppy0FAMVMLH...",
    encryptedExpiryYear: "adyenjs_0_1_18$MT6ppy0FAMVMLH...",
    encryptedSecurityCode: "adyenjs_0_1_18$MT6ppy0FAMVMLH..."
}

The /payment request:

curl https://checkout-test.adyen.com/v46/payments \
-H "x-API-key: YOUR_X-API-KEY" \
-H "content-type: application/json" \
-d '{
  "amount":{
    "currency":"EUR",
    "value":1000
  },
  "reference":"YOUR_ORDER_NUMBER",
  "paymentMethod":{
    "type":"scheme",
    "encryptedCardNumber":"adyenjs_0_1_18$MT6ppy0FAMVMLH...",
    "encryptedExpiryMonth":"adyenjs_0_1_18$MT6ppy0FAMVMLH...",
    "encryptedExpiryYear":"adyenjs_0_1_18$MT6ppy0FAMVMLH...",
    "encryptedSecurityCode":"adyenjs_0_1_18$MT6ppy0FAMVMLH..."
  },
  "returnUrl":"https://your-company.com/checkout/",
  "merchantAccount":"YOUR_MERCHANT_ACCOUNT"
}'


来源:https://stackoverflow.com/questions/56445791/how-to-encrypt-payload-in-python-to-make-a-payment-adyen-payment-gateway

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!