問題描述

我正在嘗試訪問需要基本身份驗證憑據的 Adyen 測試 API.

但我在嘗試使用 XMLHttpRequest POST 請求訪問 API 時收到 401 Unauthorized 響應.

Javascript 代碼

var url = "https://pal-test.adyen.com/pal/servlet/Payment/v25/authorise";var username = "ws@Company.CompanyName";var 密碼 = "J}5fJ6+?e6&lh/Zb0>r5y2W5t";var base64Credentials = btoa(用戶名+":"+密碼);var xhttp = new XMLHttpRequest();xhttp.open("POST", url, true);xhttp.setRequestHeader("內容類型", "應用程序/json");xhttp.setRequestHeader("授權", "基本" + base64Credentials);var requestParams = XXXXXXXX;xhttp.send(requestParams);

結果

PAL 是一個支付授權 API.您從不想從瀏覽器調用它.您只想公開您的用戶名和密碼，以便在您的后端代碼中發送付款.

在客戶端加密中，加密是在瀏覽器中完成的.然后，您將加密數據發送到您自己的服務器.然后在您的服務器上創建一個支付授權請求(其中加密數據是元素之一，以及支付金額等).

如果您能夠設法從瀏覽器運行此操作，您的最終解決方案將允許您的購物者從 JavaScript 層更改金額、貨幣、支付元數據等.絕不應該是這種情況.

因此，授權是文檔服務器端"集成部分的一部分:https://docs.adyen.com/developers/ecommerce-integration?ecommerce=ecommerce-integration#serverside

根據您的服務器端環境，您最喜歡的語言的 CURL 實現會有所不同，但大多數時候很容易找到.

親切的問候，

阿諾德

I am trying to access Adyen test API that requires basic authentication credentials. https://docs.adyen.com/developers/ecommerce-integration

My credentials work when accessing the API page through browser.

But I get an 401 Unauthorized response when trying to access the API with XMLHttpRequest POST request.

Javascript Code

var url = "https://pal-test.adyen.com/pal/servlet/Payment/v25/authorise";

var username = "ws@Company.CompanyName";
var password = "J}5fJ6+?e6&lh/Zb0>r5y2W5t";
var base64Credentials = btoa(username+":"+password);

var xhttp = new XMLHttpRequest();
xhttp.open("POST", url, true);
xhttp.setRequestHeader("content-type", "application/json");
xhttp.setRequestHeader("Authorization", "Basic " + base64Credentials);

var requestParams = XXXXXXXX;
xhttp.send(requestParams);

Result

The PAL is a Payment Authorisation API. You never want to call it from a browser. You only want to expose your username and password to send in payments in your backend code.

In Client-side encryption, the encryption is done in the browser. You then send the encrypted data to your own server. On your server you then create a payment authorization request (of which the encrypted data is one of the elements, along side payment amount, etc).

If you would be able to manage to make this run from your browser, your end solution will allow your shoppers to change amounts, currency's, payment meta data etc from the JavaScript layer. This should never be the case.

The authorization is for that reason part of the "Server side" integration part of documentation: https://docs.adyen.com/developers/ecommerce-integration?ecommerce=ecommerce-integration#serverside

Depending on your server side landscape the CURL implementation in your favorite language differs, but most of the time are easy to find.

Kind regards,

Arnoud

這篇關于帶有標頭的基本身份驗證 - Javascript XMLHttpRequest的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！