Skip to content
Permalink
Browse files

Readme.md updated

  • Loading branch information...
MaximKalga committed Apr 1, 2019
1 parent a216d46 commit 724107effce90da4fde5e661d7b238729bc8f224
Showing with 131 additions and 0 deletions.
  1. +131 −0 Readme.md
131 Readme.md
@@ -9,6 +9,9 @@ xBit Android payments library
- [Requirements](#requirements)
- [Installation](#installation)
- [Usage](#usage)
- [Callback](#callback)
- [Signature](#signature)
- [Currency Rates](#currency-rates)
- [License](#license)

## Requirements
@@ -98,6 +101,7 @@ The library module is copied to your project, so you can actually edit the libra

## Usage

To start accepting payments in xBit you need to create [xChange](https://xbitcrypto.com/) account, configure a [Merchant](https://xbitcrypto.com/merchant/) and get your API Key and API Secret.
To initiate a payment, you need to import library and call it's method this way to get Activity with payment View. After that you should present it:

<details>
@@ -148,6 +152,133 @@ class MainActivity : AppCompatActivity() {

Example project is available at /app folder of the repository. To test it, clone repository and open it in Android Studio


## Callback

xChange offers a callback service that will notify your system about successfull payments and used to mark an order as paid.

The callback service is asynchronous and as such will not interfer with or prolong the processing time of the API request generating a callback - eg. the time your customer will have to wait for payment confirmation.

In the event that your system is not able to receive or correctly process the callback, the callback service will try to deliver its message up to 10 times, with gradually increasing delays between each try.


### Callback params:

| Param | Description |
| --- | --- |
| api_key | your Merchant API Key |
| amount | amount in xBit |
| order_id | given Order ID |
| signature | calculated signature for callback validation |

## Signature

For protocols HTTP and HTTPS it is specified that xChange signs the callback. If the client verifies the signature according to the specified signature method, any data sent with the callback can be used safely. To verify that the values, which you have received in the result URL, are valid and have not been tampered in the process, refer to this examples.

To verify that the values, which you have received in the result URL, are valid and have not been tampered in the process, refer to this examples:

<details>
<summary><strong>PHP</strong></summary>

``` php
<?php
class XBitGateway
{
private $apiKey;
private $apiSecret;
private $logger;
public function processCallback()
{
$this->logger->putLog("Callback");
foreach (["api_key", "amount", "order_id", "signature"] as $name) {
if (empty($_POST[$name])) {
$this->logger->putLog("Callback fail. \n" . var_export($_SERVER, 1) . "\n" . var_export($_REQUEST, 1));
wp_die( 'XBIT Request Check Failure', 'XBIT payment', array( 'response' => 500 ) );
}
}
if (!$this->checkSignature()) {
wp_die( 'XBIT Request Check Failure', 'XBIT payment', array( 'response' => 500 ) );
}
$order = wc_get_order($_POST['order_id']);
if (($total = get_post_meta($_POST['order_id'], "_xbit_total", true)) == $_POST["amount"]) {
$this->logger->putLog("Everything is OK");
$order->payment_complete();
} else {
$this->logger->putLog("Order Total is $total but amount is $_POST[amount]");
}
}
private function checkSignature()
{
$recalculatedSignature = hash("sha256", $this->apiKey . $_POST["order_id"] . sprintf("%.02f", round($_POST["amount"], 2)) . $this->apiSecret);
if ($recalculatedSignature !== $_POST["signature"]) {
$this->logger->putLog("Invalid signature\nRecalculated Signature is $recalculatedSignature\nSent signature is $_POST[signature]\n" . var_export($_REQUEST, 1));
return false;
}
return true;
}
}
?>
```
</details>

<details>
<summary><strong>Python</strong></summary>

``` python
from hashlib import sha256
def process_callback(request):
data = request.POST.dict()
api_key = 'YourMerchantAPIKey'
order_id = data.get('order_id')
amount = data.get('amount')
api_secret = 'YourMerchantAPISecret'
sign = '{api_key}{order_id}{amount}{api_secret}'.format(
api_key=api_key,
order_id=order_id,
amount=amount,
api_secret=api_secret
)
signature = sha256(sign.encode('ascii')).hexdigest()
# compare calculated signature with received from request
if signature == data.get(signature):
# callback is authenticated
else:
# callback is not authenticated
...
```
</details>


## Currency rates

You can get xBit rates in JSON format sending GET request to Currency Rates endpoint:<br />
[https://xbitcrypto.com/api/v1/xbit_currency_rates/](https://xbitcrypto.com/api/v1/xbit_currency_rates/)


#### Response example:
``` glade
{
"status": 1,
"rates":{
"EUR": "0.296766823",
"USD": "0.332283877",
"GBP": "0.256415435",
"BTC": "0.000080135",
"ETH": "0.002346883"
}
}
```


## Contributing

Issues and pull requests are welcome!

0 comments on commit 724107e

Please sign in to comment.
You can’t perform that action at this time.