看看貝寶權限寶石。
https://github.com/moshbit/paypal_permissions
具體地說LIB/paypal_permissions/x_pp_authorization。RB 需要 'CGI' 需要 'openssl的' 需要 '的base64'
class Hash
def to_paypal_permissions_query
collect do |key, value|
"#{key}=#{value}"
end.sort * '&'
end
end
module ActiveMerchant #:nodoc:
module Billing #:nodoc:
module XPPAuthorization
public
def x_pp_authorization_header url, api_user_id, api_password, access_token, access_token_verifier
timestamp = Time.now.to_i.to_s
signature = x_pp_authorization_signature url, api_user_id, api_password, timestamp, access_token, access_token_verifier
{ 'X-PAYPAL-AUTHORIZATION' => "token=#{access_token},signature=#{signature},timestamp=#{timestamp}" }
end
public
def x_pp_authorization_signature url, api_user_id, api_password, timestamp, access_token, access_token_verifier
# no query params, but if there were, this is where they'd go
query_params = {}
key = [
paypal_encode(api_password),
paypal_encode(access_token_verifier),
].join("&")
params = query_params.dup.merge({
"oauth_consumer_key" => api_user_id,
"oauth_version" => "1.0",
"oauth_signature_method" => "HMAC-SHA1",
"oauth_token" => access_token,
"oauth_timestamp" => timestamp,
})
sorted_query_string = params.to_paypal_permissions_query
base = [
"POST",
paypal_encode(url),
paypal_encode(sorted_query_string)
].join("&")
base = base.gsub /%([0-9A-F])([0-9A-F])/ do
"%#{$1.downcase}#{$2.downcase}" # hack to match PayPal Java SDK bit for bit
end
digest = OpenSSL::HMAC.digest('sha1', key, base)
Base64.encode64(digest).chomp
end
# The PayPalURLEncoder java class percent encodes everything other than 'a-zA-Z0-9 _'.
# Then it converts ' ' to '+'.
# Ruby's CGI.encode takes care of the ' ' and '*' to satisfy PayPal
# (but beware, URI.encode percent encodes spaces, and does nothing with '*').
# Finally, CGI.encode does not encode '.-', which we need to do here.
def paypal_encode str
s = str.dup
CGI.escape(s).gsub('.', '%2E').gsub('-', '%2D')
end
end
end
end
樣品參數:
url = 'https://svcs.sandbox.paypal.com/Permissions/GetBasicPersonalData'
api_user_id = 'caller_1234567890_biz_api1.yourdomain.com'
api_password = '1234567890'
access_token = 'YJGjMOmTUqVPlKOd1234567890-jdQV3eWCOLuCQOyDK1234567890'
access_token_verifier = 'PgUjnwsMhuuUuZlPU1234567890'
感謝@SgtPooki。我有權限,我打包成功完成權限流程。是的,我在沙盒上使用Sandbox APP-ID:APP-80W284485P519543T 我製作的NVP調用是'TransactionSearch'並且也獲得了所需的權限。即使我有權限,但我覺得我得到了「您無權進行此API調用」,因爲我在生成簽名「X-PAYPAL-AUTHORIZATION」標題時犯了一些錯誤。所以當時正在尋找一些能夠正確識別它的紅寶石樣本,或者通過某種方式來了解它是否正確生成。 – Nilesh 2012-03-07 05:42:15
@Nilesh,感謝您的回顧! TransactionSearch不是Adaptive Payments API的一部分,所以它不需要發送X-PayPal授權。請參閱上面所做的編輯。 – SgtPooki 2012-03-07 15:47:02
我需要代表授權我的賬戶持有人進行TransactionSearch調用,所以我肯定需要'X-PAYPAL-AUTHORIZATION'標頭。我正在尋找的是一個生成這個頭文件的ruby庫。 – Nilesh 2012-03-09 06:01:13