贝宝API证书

发布于 2024-08-18 19:36:51 字数 463 浏览 7 评论 0原文

好吧,我在编码和发送第 3 方 SOAP API 调用时从未见过这种情况,但看起来 PayPal 要求他们的大客户使用 X509 证书才能发送 API 调用,而不是像大多数 API 那样仅通过标准 API 签名发送要求你做。

我是唯一一个认为这有点奇怪或不标准的人吗?

http://en.wikipedia.org/wiki/X.509

我不知道不明白这与 API 调用有何关系。我看到他们给我的一个示例代码,用 C# 实现了 .NET 中的 ICertificatePolicy 接口...但这对我来说很陌生,这与他们仍然在 PayPal 沙箱中为您提供 API 签名这一事实有何关系。那么为什么我需要读取物理文件证书并使用 API 签名呢?我想我没有看到证书和 PayPal SOAP API 之间的链接。

Ok, I've never seen this ever when coding againts and sending 3rd party SOAP API calls but looks like PayPal requires their bigger clients to use the X509 certificate in order to send API calls rather than just sending over a standard API signature like most APIs require you to do.

Am I the only one who thinks this is kinda strange or not stadnard?

http://en.wikipedia.org/wiki/X.509

I don't get how this relates to an API call. I see an example code that they gave me in C# implementing the ICertificatePolicy interface in .NET...but it's just foreign to me and how this relates to the fact that they still give you an API signature too in the PayPal sandbox regardless. So why would I need to read a physical file Certificate AND use an API Signature? I guess I don't see the link between the Certificate and the PayPal SOAP API.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

甜心小果奶 2024-08-25 19:36:51

在处理需要更安全的“握手”的连接时,这在较大的名称中是常见的事情,而这就是它的全部用途。

该文件是由根证书制成的,通常是 .pem、.p12、.pfx,这是一个使用 python 和 cURL 的示例,它非常简单,如果您对 X.509 文件有任何问题,我会得到与您购买根证书的任何人联系,或者只是在谷歌上搜索如何导出您需要的文件(我个人总是得到一个 .p12 文件)。

这是与 SOAP 一起使用的 python 代码,

        c = pycurl.Curl()
        c.setopt(pycurl.URL, FirstDataAPI_URL)
        c.setopt(pycurl.HTTPHEADER, ["Accept:"])
        c.setopt(pycurl.POST, 1)
        c.setopt(pycurl.POSTFIELDS, urllib.urlencode(FirstDataAPI_PostData))
        b = StringIO.StringIO()
        c.setopt(pycurl.WRITEFUNCTION, b.write)
        c.setopt(pycurl.FOLLOWLOCATION, 1)
        c.setopt(pycurl.MAXREDIRS, 5)
        #c.setopt(pycurl.SSLCERT, '/home/***/***/***/ssl/digitalID.p12')
        c.setopt(pycurl.SSLCERT, '/home/***/***/***/ssl/productionDigitalId.p12')
        c.setopt(pycurl.SSLCERTTYPE, 'p12')
        c.setopt(pycurl.SSLCERTPASSWD, '******')
        c.perform()

我会寻找一个允许您设置证书文件的设置,然后您就会被设置。

顺便说一句,这只是表明 Paypal 已经好几年没有更新他们的 API 了……我工作的大多数需要 X509 证书的 API 都非常过时,我还没有看到它在 API 中使用这是最近两年写的。

This is a common thing among larger names when dealing with connections that demand a more secure "handshake" and thats all it is used for.

This file is made from a Root Certificate and usually a .pem, .p12, .pfx here is an example using python and cURL, it is very simple to do and if you have any trouble with the X.509 file, I would get in contact with whoever you buy your root certificate from or just search google on how to export the file you need ( I personally always end up with a .p12 file ).

Here is the python code

        c = pycurl.Curl()
        c.setopt(pycurl.URL, FirstDataAPI_URL)
        c.setopt(pycurl.HTTPHEADER, ["Accept:"])
        c.setopt(pycurl.POST, 1)
        c.setopt(pycurl.POSTFIELDS, urllib.urlencode(FirstDataAPI_PostData))
        b = StringIO.StringIO()
        c.setopt(pycurl.WRITEFUNCTION, b.write)
        c.setopt(pycurl.FOLLOWLOCATION, 1)
        c.setopt(pycurl.MAXREDIRS, 5)
        #c.setopt(pycurl.SSLCERT, '/home/***/***/***/ssl/digitalID.p12')
        c.setopt(pycurl.SSLCERT, '/home/***/***/***/ssl/productionDigitalId.p12')
        c.setopt(pycurl.SSLCERTTYPE, 'p12')
        c.setopt(pycurl.SSLCERTPASSWD, '******')
        c.perform()

For use with SOAP I would look for a setting that allows you to set a Certificate file and you will be set.

Just as a side note, this just goes to show that Paypal has not updated their API in quite a few years ... most API's I work on that require a X509 cert are extremely outdated and I haven't seen this used in an API that was writing in the last 2 years.

夏末染殇 2024-08-25 19:36:51

你正在处理人们的钱,虽然我不知道证书如何工作的具体细节,但基本上它是确保从你的应用程序发送的付款更安全。

我认为简单的 API 密钥更容易被欺骗,并且更容易发生欺诈。

You're dealing with people's money, and while I'm unaware of the specifics on how the certificate's work, basically it's ensuring that payments sent from your application are more secure.

A simple API key would be easier to spoof, and allow fraud more easily I assume.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文