Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(v2): Added Ephemeral auth for v2 #6813

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Conversation

Sarthak1799
Copy link
Contributor

@Sarthak1799 Sarthak1799 commented Dec 11, 2024

Type of Change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates
  • Documentation
  • CI/CD

Description

This PR contains -

  • Ephemeral auth support for v2 (including resource type product identifier)
  • Minor Fixes for Payment methods v2 CRUD APIs

Additional Changes

  • This PR modifies the API contract
  • This PR modifies the database schema
  • This PR modifies application configuration/environment variables

Motivation and Context

How did you test it?

  1. Create Payment Method Intent
curl --location --request POST 'http://localhost:8080/v2/payment-methods/create-intent' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'X-Profile-Id: pro_DMmRBLpkNczeVDPd2EKd' \
--header 'api-key: dev_HVwdf7yWqJ9GGfw1CLDbAgjOFYHrPXoisK8pJcVPfdbc73238GROVpDhN3M9cPe2' \
--data-raw '{
  "customer_id": "cus_0193ab7e6cc074939f389817610cd5b1"
}'

Response

{
    "merchant_id": "cloth_seller_pcGA5SfzTmVUTBKvh2T3",
    "customer_id": "cus_0193ab7e6cc074939f389817610cd5b1",
    "payment_method_id": "12345_pm_0193b69ba645716086c0fe21c462cf2d",
    "payment_method_type": null,
    "payment_method_subtype": null,
    "recurring_enabled": false,
    "created": "2024-12-11T16:44:34.261Z",
    "last_used_at": "2024-12-11T16:44:34.261Z",
    "ephemeral_key": "epk_0c6ebab77f51446ab30467640a6f8f02",
    "payment_method_data": null
}
  1. Use Ephemeral key to confirm intent
curl --location --request POST 'http://localhost:8080/v2/payment-methods/12345_pm_0193b69ba645716086c0fe21c462cf2d/confirm-intent' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'X-Profile-Id: pro_DMmRBLpkNczeVDPd2EKd' \
--header 'X-Resource-Type: payment_method' \
--header 'api-key: epk_0c6ebab77f51446ab30467640a6f8f02' \
--data-raw '{
    "payment_method_type": "card",
    "payment_method_subtype": "credit",
    "payment_method_data": {
        "card": {
            "card_number": "4242424242424242",
            "card_exp_month": "12",
            "card_exp_year": "2025",
            "card_holder_name": "joseph Doe"
        }
    },
    "customer_id": "cus_0193ab7e6cc074939f389817610cd5b1"
}'

Response -

{
    "merchant_id": "cloth_seller_pcGA5SfzTmVUTBKvh2T3",
    "customer_id": "cus_0193ab7e6cc074939f389817610cd5b1",
    "payment_method_id": "12345_pm_0193b69ba645716086c0fe21c462cf2d",
    "payment_method_type": "card",
    "payment_method_subtype": "credit",
    "recurring_enabled": false,
    "created": "2024-12-11T16:44:34.261Z",
    "last_used_at": "2024-12-11T16:44:34.261Z",
    "ephemeral_key": null,
    "payment_method_data": {
        "card": {
            "issuer_country": null,
            "last4_digits": "4242",
            "expiry_month": "12",
            "expiry_year": "2025",
            "card_holder_name": "joseph Doe",
            "card_fingerprint": null,
            "nick_name": null,
            "card_network": null,
            "card_isin": null,
            "card_issuer": null,
            "card_type": null,
            "saved_to_locker": true
        }
    }
}
  1. Retrieve a PM -
curl --location --request GET 'http://localhost:8080/v2/payment-methods/12345_pm_0193b69ba645716086c0fe21c462cf2d' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'X-Profile-Id: pro_DMmRBLpkNczeVDPd2EKd' \
--header 'X-Resource-Type: payment_method' \
--header 'api-key: epk_2ce0fd3229b64493bf7e39840837e267'

Response -

{
    "merchant_id": "cloth_seller_pcGA5SfzTmVUTBKvh2T3",
    "customer_id": "cus_0193ab7e6cc074939f389817610cd5b1",
    "payment_method_id": "12345_pm_0193b69ba645716086c0fe21c462cf2d",
    "payment_method_type": "card",
    "payment_method_subtype": "credit",
    "recurring_enabled": false,
    "created": "2024-12-11T16:44:34.261Z",
    "last_used_at": "2024-12-11T16:44:34.261Z",
    "ephemeral_key": null,
    "payment_method_data": {
        "card": {
            "issuer_country": null,
            "last4_digits": "4242",
            "expiry_month": "12",
            "expiry_year": "2025",
            "card_holder_name": "joseph",
            "card_fingerprint": null,
            "nick_name": "some_name11",
            "card_network": null,
            "card_isin": null,
            "card_issuer": null,
            "card_type": null,
            "saved_to_locker": true
        }
    }
}
  1. Update a PM -
curl --location --request PATCH 'http://localhost:8080/v2/payment-methods/12345_pm_0193b69ba645716086c0fe21c462cf2d/update-saved-payment-method' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'X-Profile-Id: pro_DMmRBLpkNczeVDPd2EKd' \
--header 'X-Resource-Type: payment_method' \
--header 'api-key: epk_0c6ebab77f51446ab30467640a6f8f02' \
--data-raw '{
    "payment_method_data": {
        "card": {
            "card_holder_name": "joseph",
            "nick_name": "some_name11"
        }
    }
}'

Response -

{
    "merchant_id": "cloth_seller_pcGA5SfzTmVUTBKvh2T3",
    "customer_id": "cus_0193ab7e6cc074939f389817610cd5b1",
    "payment_method_id": "12345_pm_0193b69ba645716086c0fe21c462cf2d",
    "payment_method_type": "card",
    "payment_method_subtype": "credit",
    "recurring_enabled": false,
    "created": "2024-12-11T16:44:34.261Z",
    "last_used_at": "2024-12-11T16:44:34.261Z",
    "ephemeral_key": null,
    "payment_method_data": {
        "card": {
            "issuer_country": null,
            "last4_digits": "4242",
            "expiry_month": "12",
            "expiry_year": "2025",
            "card_holder_name": "joseph",
            "card_fingerprint": null,
            "nick_name": "some_name11",
            "card_network": null,
            "card_isin": null,
            "card_issuer": null,
            "card_type": null,
            "saved_to_locker": true
        }
    }
}
  1. Delete a PM -
curl --location --request DELETE 'http://localhost:8080/v2/payment-methods/12345_pm_0193b69ba645716086c0fe21c462cf2d' \
--header 'Accept: application/json' \
--header 'X-Profile-Id: pro_DMmRBLpkNczeVDPd2EKd' \
--header 'X-Resource-Type: payment_method' \
--header 'api-key: epk_0c6ebab77f51446ab30467640a6f8f02'

Response -

{
    "payment_method_id": "12345_pm_0193b69ba645716086c0fe21c462cf2d"
}
  1. Standalone Ephemeral key create -
curl --location --request POST 'http://localhost:8080/v2/ephemeral-keys' \
--header 'Content-Type: application/json' \
--header 'X-Profile-Id: pro_DMmRBLpkNczeVDPd2EKd' \
--header 'X-Resource-Type: payment_method' \
--header 'api-key: dev_HVwdf7yWqJ9GGfw1CLDbAgjOFYHrPXoisK8pJcVPfdbc73238GROVpDhN3M9cPe2' \
--data-raw '{
    "merchant_reference_id": "cus_0193ab7e6cc074939f389817610cd5b1"
}'

Response -

{
    "id": "eki_AJe5hpQZrLEdNgdkbcUF",
    "merchant_id": "cloth_seller_pcGA5SfzTmVUTBKvh2T3",
    "customer_id": "cus_0193ab7e6cc074939f389817610cd5b1",
    "resource_type": "payment_method",
    "created_at": 1733936777,
    "expires": 1733940377,
    "secret": "epk_2ce0fd3229b64493bf7e39840837e267"
}

Can use the ephemeral key obtained here to hit the above APIs

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code
  • I added unit tests for my changes where possible

@Sarthak1799 Sarthak1799 self-assigned this Dec 11, 2024
@Sarthak1799 Sarthak1799 requested review from a team as code owners December 11, 2024 18:52
@hyperswitch-bot hyperswitch-bot bot added the M-api-contract-changes Metadata: This PR involves API contract changes label Dec 11, 2024
@Sarthak1799 Sarthak1799 linked an issue Dec 11, 2024 that may be closed by this pull request
2 tasks
crates/router/src/core/payments/helpers.rs Outdated Show resolved Hide resolved
crates/router/src/core/payments/helpers.rs Show resolved Hide resolved
@@ -251,6 +261,11 @@ pub async fn payment_method_delete_api(
})
.into_inner();

let auth = match auth::is_ephemeral_auth(req.headers()) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is api-key based auth and not ephemeral_auth

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should our SDK not handle the delete API? Will the SDK not support delete API or will there be a callback to merchant for this?

@@ -224,6 +229,11 @@ pub async fn payment_method_retrieve_api(
})
.into_inner();

let auth = match auth::is_ephemeral_auth(req.headers()) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is reason to make retrieve as ephemeral_auth?

Remove ephemeral_auth, this should be only api-key based auth.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
M-api-contract-changes Metadata: This PR involves API contract changes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[FEATURE] Ephemeral Auth for v2
2 participants