Papara
Fulfilling a papara deposit involves a 2 (at most 3) step process.
- Get the customers' papara account email and password. See Papara First Login.
- Verify the received 2FA code. See Papara 2FA.
- (Optionally) verify the newly created device. See Papara Validate User Device.
Papara First Login
After creating a deposit request using:
curl -X 'POST' \
'https://grassman.vevopay.io/api/services/app/TransactionRequests/CreateDeposit' \
-H 'accept: text/plain' \
-H 'WebApiKey: 5FA6CE55-B9FF-40D0-BFD5-1642D53B3C37' \
-H 'Content-Type: application/json-patch+json' \
-H 'X-XSRF-TOKEN: null' \
-d '{
"amount": 1,
"userId": "string",
"name": "string",
"username": "string",
"referenceId": "hello-vevopay-deposit",
"transactionType": 1,
"paymentMethod": 1,
"hashCode": "string"
}'
And acquiring a transactionId,
the customer must provide their account's email and password.
email: Just a regular email.password: A 6 digit password. Such as123456.
After getting these values, you need to provide them to our first login endpoint. Here's an examplary curl one-liner:
curl -X 'POST' \
'https://grassman.vevopay.io/api/services/app/TransactionRequests/PaparaCustomerLogin' \
-H 'accept: text/plain' \
-H 'WebApiKey: 5FA6CE55-B9FF-40D0-BFD5-1642D53B3C37' \
-H 'Content-Type: application/json-patch+json' \
-H 'X-XSRF-TOKEN: null' \
-d '{
"trackingId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"userName": "[email protected]",
"password": "123456"
}'
If the papara account exists and the password is valid, this will return a response like this:
{
"result": "this will be a JWT",
"targetUrl": null,
"success": true,
"error": null,
"unAuthorizedRequest": false,
"__abp": true
}
You will want to save the JWT token because we will need it in the next step, 2 factor auth
Papara 2FA
After getting the token from the previous step, an SMS with a code will be sent to the customer. You will want to ask the user for that in this step.
tfaCode: A 6 digit verification code received by the customer. Such as123456.
You can then use these two values to verify the provided 2FA code:
curl -X 'POST' \
'https://grassman.vevopay.io/api/services/app/TransactionRequests/Papara2Fa' \
-H 'accept: text/plain' \
-H 'WebApiKey: 5FA6CE55-B9FF-40D0-BFD5-1642D53B3C37' \
-H 'Content-Type: application/json-patch+json' \
-H 'X-XSRF-TOKEN: null' \
-d '{
"trackingId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"token": "jwt-token",
"code": "123456"
}'
If the provided JWT isn't expired and the 2fa code is valid, this will return a response like this:
{
"result": {
"next_step": "Completed", // or ValidateUserDevice
"token": "another JWT",
"account_number": 123423451
},
"targetUrl": null,
"success": true,
"error": null,
"unAuthorizedRequest": false,
"__abp": true
}
There are two paths to take after this depending on the next_step:
Completed: we have completed the transaction successfully and deposited the money. There are not more steps left after this and the customer can be redirected back to where he was supposed to be.ValidateUserDevice: See Papara Validate User Device
Papara Validate User Device
After getting the token from the previous step, an email with a device verification button will be sent to the customer. They should verify the newly signed-in device to complete this last step for this deposit to be done.
You can either periodically (every 2 seconds for example) or by asking the customer (via an "I've verified the device" button) check if the device was approved.
An example request for doing so is:
curl -X 'POST' \
'https://grassman.vevopay.io/api/services/app/TransactionRequests/PaparaValidateUserDevice' \
-H 'accept: text/plain' \
-H 'WebApiKey: 5FA6CE55-B9FF-40D0-BFD5-1642D53B3C37' \
-H 'Content-Type: application/json-patch+json' \
-H 'X-XSRF-TOKEN: null' \
-d '{
"token": "string",
"trackingId": "3fa85f64-5717-4562-b3fc-2c963f66afa6"
}'
If the JWT hasn't expired and the customer verified the device, it will return a response like this.
{
"result": "Completed",
"targetUrl": null,
"success": true,
"error": null,
"unAuthorizedRequest": false,
"__abp": true
}
At this point the customer deposited the money successfully. You can redirect them at to where they are supposed to be.