Searched a lot. I want to integrate Stripe Payment Gateway in my cordova application is there any way to achieve it in android and ios using javascript.
I emailed stripe, and apparently it works fine on iOS if you simply integrate it as you would on the web. Unfortunately it does not work on android yet! :(
While Checkout should work fine on iOS devices with PhoneGap (or anything that uses native WebViews), it does not work on Android devices with native WebViews. This is a known issue, and one we would like to fix in the future, but are not able to fix yet. The solution, for now, if Android is a requirement is to build a custom form using Stripe.js[0].
UPDATE:
Apparently one exists! I haven't tried it yet but here's the link
http://plugins.telerik.com/plugin/stripe
UPDATE 2: checkout.js actually works fine with phonegap or cordova now. Check out the docs here.
UPDATE 3: Apparenly checkout.js is broken again for anything over and including cordova ios 4.0.0, the latest version of cordova ios that works is 3.9.2. Got another question going on here about it: Using Stripe Checkout with Cordova ios 4.0.0+
UPDATE 4: We are now using Stripe V3 Elements but stripe checkout.js should work as long as you have whitelisted stripe as seen here
Edit 2:
My below proposal hasn't worked, checkout.js gives me an error saying something went wrong, and to try a different browser. I still don't have a situation besides building my own checkout form.
Edit 1:
Proposed solution and how I am solving this:
In order to address this part of the checkout.js docs (seen in the FAQ at the bottom):
Proposed solution:
In order to address this part of the checkout.js docs (See the FAQ at the bottom),
"All submissions of payment info using Checkout are made via a secure HTTPS connection. However, in order to protect yourself from certain forms of man-in-the-middle attacks, you must serve the page containing the payment form over HTTPS as well. In short, the address of the page containing Checkout must start with https:// rather than just http://."
To secure this, I am embedding an <iframe> in my Cordova app with the src set to an API endpoint I've made and I own. The API endpoint returns the <Form> snipper they show in the Simple implementation in the docs. So my api endpoint returns this HTML:
<form action="/charge" method="POST">
<script
src="https://checkout.stripe.com/checkout.js" class="stripe-button"
data-key="pk_test_6pRNASCoBOKtIshFeQd4XMUh"
data-amount="2000"
data-name="Stripe.com"
data-description="2 widgets"
data-image="/img/documentation/checkout/marketplace.png"
data-locale="auto">
</script>
</form>
This way the checkout is secured with https!
Now here's my warning about the plugin earlier mentioned. Thanks #Amrit Kahlon for updating that post!
Warning! DO NOT use the plugin discussed in this thread: Telerik-Verified-Plugins/Stripe
There doesn't seem to be a good alternative out there plugin-wise, you'll have to do it yourself as well it seems.
The plugin requires you to store your Stripe secret key on the client-side, which gives malicious people a chance to take it and use it.
The secret key is supposed to stay secret.
This is what the plugin's docs (https://github.com/Telerik-Verified-Plugins/Stripe/blob/master/doc/index.md) say about itself:
Security Warning
This plugin requires that the Stripe secret key is embedded into the application. As the name suggests, you should never share the secret key as it allows full access to the Stripe API. Embedding the secret key into the application means that anyone can discover the key and use it to access the API. This could cause sensitive data to leak (all previous charges are visible) or even financial loss (refunds can be initiated).
It is highly unlikely that you want to embed your Stripe secret key in a Cordova application, and hence highly unlikely you want to use this plugin.
https://support.stripe.com/questions/difference-between-secret-key-and-publishable-key
The correct method to accept payments from mobile devices uses the publishable key only. Whilst it is possible to submit payments using the secret key, anyone who obtains your secret key can view all prior charges, issue refunds, and initiate transfers.
Please carefully consider if this is what is intended before use.
Related
My question is similar to How to use OAuth with Github in a Safari extension, however, the answer there explains how to use oauth with the older safari extension API. I am trying to use OAuth with the new Safari App Extension API (https://developer.apple.com/library/content/documentation/NetworkingInternetWeb/Conceptual/SafariAppExtension_PG/).
The new API allows the writing of native code, in addition to providing the ability to inject content scripts. Where should I perform the authentication? I also developed a chrome extension, and Google provides an API for retrieving OAuth tokens (https://developer.chrome.com/apps/identity) -- however I do not see anything similar for Safari App Extensions.
Any help is greatly appreciated!
I am currently working on Safari App Extension similar to your needs and the logic, certs (if you use them) persistence, access and refresh tokens all of them goes to the native code. From the SFSafariExtensionHandler you can control the active window/tab and all the pages in the tab, also receive callbacks from the pages.
For the OAuth use any native lib. that solves most of your needs for the logic. I am using this one from AeroGear.
Some adaptation will be needed for the page controlling.
Some dev blogs have published information about the "fb://" url scheme for opening various views in the Facebook iPhone App. No matter how much I've searched, I haven't found one word from any official Facebook source about this.
Since the information is public anyways, I'm sure I'm not the only one who'd like to know, whether using this url scheme is officially approved, am I allowed to use it, does it work correctly, and if it's not approved, will it be and what's the approximate schedule for that?
Thanks in advance for any info on this subject!
It's there to support the iOS push notification system (i.e. you get a push notification that says "Friend's Name tagged you in a photo", and you tap on it, it takes you straight to the photo).
I'd assume it's not intended for third party use and therefore subject to change. Hell, Facebook's public-facing APIs are subject to change on a whim anyhow, so I'd be especially cautious about something they hadn't documented.
It's for iOS only. The iOS API lets you define you own URL scheme, so Facebook must have developed their application to register the fb:// URL scheme on iOS devices. It's not a feature that was created by Apple, it's something you, the developer, can make up.
Here are some resources you can investigate
The Facebook iOS SDK
Here on StackOverflow
A tutorial on how it works (not Facebook-specific)
You can use it from your own applications on iOS, but only if the Facebook application is installed. There are, however, plugins and browser extensions out there that mimic the behavior by handling the fb:// schema on your desktop browser.
I am getting this error when I switch to sandbox mode using the cordova paypal plugin, located here https://github.com/paypal/PayPal-Cordova-Plugin
When I run this plugin using the PayPalEnvironmentNoNetwork mode, everything works perfectly as I intended. I set up a classic payapl api app and put in the correct production id and sandbox id, but it does not seem to want to work with those is there something I am missing?
I have never used PayPal's api before so I am not quite sure what I am doing, just trying to set up a simple donation flow in my app.
You need to create a rest paypal api app, not classic since the cordova sdk is built on top of the mobile sdks which calls the rest apis. This should be helpful to get started https://developer.paypal.com/docs/integration/direct/make-your-first-call/
I have website link at which I have designed a html/javascript web app. I used iOS and Android app to create an app that encapsulates the web app.
Is there a way to block access to the website link and only allow access to the website link only thru the native apps calling the link.
In short safari, IE, Chrome must not be able to access the link, but the iPhone & Android app should be able to access it.
Is there some way to tell that the app is accessing the site and not the phone or pc browsers.
I am sure there a number of ways to implement this.
Thanks,
It depends on how is the web app implemented. Since native Web Views are pretty much the wrapper for the standard browser (Safari/Chrome), you will find it tough to filter it based on that.
What you can do, however, is to add an extra GET variable (for ex. &ref=youruniquecodehere) or a custom User-Agent, based on which you will be able to identify, whether your application authorized the request (with a proper access code) or if it's a generic request using browser.
However, both of these options can still be bypassed if researched, although it'd require slightly more time. Not sure whether a solution that would work in 100% of cases exists.
Hope that helps, please correct me if I'm wrong.
Can a website (HTML5,JavaScript) access a mobile device's (android/iPhone)
contact list, SDCard files?
A website as in one opened in a browser not a phonegap application/webapp.
There was an attempt at the W3C to create a browser API to access contacts from the browser.
This is often mentioned as one of the new HTML5 APIs.
However the attempt never became a real specification and never got implemented by any browser vendors. Now it is officially discontinued:
http://www.w3.org/TR/contacts-api/
You can't access the mobile device file system through a website, it would be a major security problem. You might be able to steal all user files if you can access them through the browser. Hope this helps.
At this point in time there is no way to access the internal APIs from Android, iOS and Windows Phone via a simple website. This also precludes you from accessing aspects such as the contact list because these are all only accessible via API calls.
Solutions that allow you to code phone apps or web apps in JavaScript or HTML5 and still grant access to APIs do so by utilizing a wrapper with calls back to the native code. But you can't call native code from an external source such as a website.
Chrome has since shipped their own version of a "Contact Picker" HTML5 API in Chrome 80: https://web.dev/contact-picker.
Chrome only: it is not a W3C Standard nor is it on the W3C Standards Track.
selectRecipientsButton.addEventListener('click', async () => {
const contacts = await navigator.contacts.select(['name', 'email'], {multiple: true});
if (!contacts.length) {
// No contacts were selected in the picker.
return;
}
// Use the names and e-mail addresses in |contacts| to populate the
// recipients field in the website’s UI.
populateRecipients(contacts);
});
Am not so sure if the author of this question will still be interested in a solution but I use this on my apps, its really a handy way of access native api from html5 apps. http://bridgeit.mobi/bridgeit.html#features
BridgeIt enables any web application to access a wide range of mobile device capabilities using a simple JavaScript API.
Using this tool is as easy as 1, 2, 3…
Include the BridgeIt JavaScript in your page
<script type="text/javascript" src="http://api.bridgeit.mobi/bridgeit/bridgeit.js"></script>
Attach a BridgeIt call to some action element on your page, and provide a callback to handle returned values from BridgeIt. For instance, a button to retrieve a contact from the address book...
bridgeit.fetchContact('element_ID', callback_Function);
Access the page from your mobile browser. If the BridgeIt utility app is not already installed, you will be prompted to do so. Once the BridgeIt utility app is installed, your application can access all of BridgeIt's native features.
Example code can be found here https://github.com/bridgeit/bridgeit.js/wiki/Contact-List-Tutorial
https://developers.google.com/people/
You can't access Contacts by website stored on phone, but you can do it server side using People API. If user stored everything on the cloud - you win. Perhaps this is only way to provide native-like experience on your website
You can access address book using Autofill feature of safari browser in iOS devices (but settings > safari > autofill > contact info must be turn on). And the name field in must be "name, email, phone, tel, etc" to get autofill works properly. It works only in Safari but not in other browsers.
Using pure HTML
<input type="file">
you can access files from mobile device,but you cant access contact.