Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
v:2.0:pre_payment_webhook [2019/04/22 19:22] – [Pre-Payment Webhook] foxybrett | v:2.0:pre_payment_webhook [2021/05/26 10:30] (current) – [Headers] adam | ||
---|---|---|---|
Line 9: | Line 9: | ||
* Integrations with custom validation or fraud-check services (such as [[https:// | * Integrations with custom validation or fraud-check services (such as [[https:// | ||
- | ==== Enabling the pre-payment Hook ==== | + | ===== Enabling the pre-payment Hook ===== |
To enable the pre-payment hook, head to the " | To enable the pre-payment hook, head to the " | ||
Line 19: | Line 19: | ||
- | ==== Handling the request ==== | + | ===== Handling the request |
+ | |||
+ | ==== Headers ==== | ||
+ | |||
+ | Any requests made to your webhook' | ||
+ | |||
+ | ^ Header ^ Description ^ | ||
+ | | '' | ||
+ | | '' | ||
+ | | '' | ||
+ | |||
+ | ==== Events ==== | ||
+ | |||
+ | The prepayment webhook is primarily triggered right before the payment is sent to your gateway for handling. For this trigger, the '' | ||
+ | |||
+ | For a couple gateways though, we do also trigger the prepayment webhook prior to the 3DSv2 challenge occurring, which has an event header of '' | ||
+ | |||
+ | * [[gateways: | ||
+ | * [[gateways: | ||
+ | ==== Example Payload | ||
When the customer attempts to complete their purchase, after the Google reCAPTCHA is validated (if active), a POST request is sent off to your custom post-checkout hook endpoint with a JSON payload representing the current cart. It follows the same structure as our [[https:// | When the customer attempts to complete their purchase, after the Google reCAPTCHA is validated (if active), a POST request is sent off to your custom post-checkout hook endpoint with a JSON payload representing the current cart. It follows the same structure as our [[https:// | ||
Line 270: | Line 289: | ||
</ | </ | ||
- | === Notes === | + | ==== Notes ==== |
* The payload includes several '' | * The payload includes several '' | ||
Line 281: | Line 300: | ||
- | ==== Sending a response ==== | + | ===== Sending a response |
In response, FoxyCart expects a JSON payload in the following format to be output on the page (prettified for display purposes): | In response, FoxyCart expects a JSON payload in the following format to be output on the page (prettified for display purposes): | ||
- | === Approve === | + | ==== Approve |
<code javascript> | <code javascript> | ||
Line 294: | Line 313: | ||
</ | </ | ||
- | === Reject === | + | Note that if you're using [[/ |
+ | |||
+ | ==== Reject | ||
<code javascript> | <code javascript> | ||
Line 309: | Line 330: | ||
</ | </ | ||
- | ==== Example Endpoint ==== | + | ===== Example Endpoint |
- | The following is an example PHP endpoint that could be used to handle the pre-payment hook: | + | The following is an example PHP endpoint that could be used to handle the pre-payment hook. Note that this is for illustrative purposes only. It'll work as is, but blocking based on IP or email isn't necessarily a recommended approach: |
<code php> | <code php> | ||
Line 320: | Line 341: | ||
$response = array( | $response = array( | ||
' | ' | ||
- | ' | + | ' |
); | ); | ||
+ | $log_file = ' | ||
+ | $date = new DateTime(); | ||
+ | $date_string = $date-> | ||
+ | |||
+ | $log_line = $date_string . ': ' . $cart_details[' | ||
+ | |||
+ | // Example: Loop through cart items and reject on specific product names | ||
foreach($cart_details[' | foreach($cart_details[' | ||
if ($item[' | if ($item[' | ||
Line 329: | Line 357: | ||
} | } | ||
} | } | ||
+ | |||
+ | // Example: Reject on specific IP addresses | ||
+ | // The IPs to block should be in a separate file named `ips_to_reject.txt` | ||
+ | // Note that this looks for exact matches. | ||
+ | // If you wanted to check CIDR ranges, try adding something like https:// | ||
+ | $ips_to_reject = file(' | ||
+ | if ($ips_to_reject) { | ||
+ | foreach ($ips_to_reject as $ip) { | ||
+ | if ($ip == $cart_details[' | ||
+ | $log_line .= "IP MATCH: $ip"; | ||
+ | $response[' | ||
+ | break; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | |||
+ | // Example: Reject on specific email addresses (exact matches) | ||
+ | // The emails to block should be in a separate file named `emails_to_reject.txt` | ||
+ | $emails_to_reject = file(' | ||
+ | if ($emails_to_reject) { | ||
+ | foreach ($emails_to_reject as $email) { | ||
+ | if (trim($email) == trim($cart_details[' | ||
+ | $log_line .= "EMAIL MATCH. REJECTING."; | ||
+ | $response[' | ||
+ | break; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | |||
+ | $log_line .= (string) $response[' | ||
+ | $fp = fopen($log_file, | ||
+ | fwrite($fp, $log_line); | ||
header(' | header(' | ||
Line 334: | Line 394: | ||
</ | </ | ||
- | ==== Debugging Errors ==== | + | ===== Debugging Errors |
If your pre-payment hook endpoint fails to return a response, or returns a non-JSON response, a error will be added to your store' | If your pre-payment hook endpoint fails to return a response, or returns a non-JSON response, a error will be added to your store' |