問題描述

我正在嘗試訪問需要基本身份驗證憑據(jù)的 Adyen 測試 API.

但我在嘗試使用 XMLHttpRequest POST 請求訪問 API 時收到 401 Unauthorized 響應(yīng).

Javascript 代碼

var url = "https://pal-test.adyen.com/pal/servlet/Payment/v25/authorise";var username = "ws@Company.CompanyName";var 密碼 = "J}5fJ6+?e6&lh/Zb0>r5y2W5t";var base64Credentials = btoa(用戶名+":"+密碼);var xhttp = new XMLHttpRequest();xhttp.open("POST", url, true);xhttp.setRequestHeader("內(nèi)容類型", "應(yīng)用程序/json");xhttp.setRequestHeader("授權(quán)", "基本" + base64Credentials);var requestParams = XXXXXXXX;xhttp.send(requestParams);

結(jié)果

PAL 是一個支付授權(quán) API.您從不想從瀏覽器調(diào)用它.您只想公開您的用戶名和密碼，以便在您的后端代碼中發(fā)送付款.

在客戶端加密中，加密是在瀏覽器中完成的.然后，您將加密數(shù)據(jù)發(fā)送到您自己的服務(wù)器.然后在您的服務(wù)器上創(chuàng)建一個支付授權(quán)請求(其中加密數(shù)據(jù)是元素之一，以及支付金額等).

如果您能夠設(shè)法從瀏覽器運(yùn)行此操作，您的最終解決方案將允許您的購物者從 JavaScript 層更改金額、貨幣、支付元數(shù)據(jù)等.絕不應(yīng)該是這種情況.

因此，授權(quán)是文檔服務(wù)器端"集成部分的一部分:https://docs.adyen.com/developers/ecommerce-integration?ecommerce=ecommerce-integration#serverside

根據(jù)您的服務(wù)器端環(huán)境，您最喜歡的語言的 CURL 實現(xiàn)會有所不同，但大多數(shù)時候很容易找到.

親切的問候，

阿諾德

I am trying to access Adyen test API that requires basic authentication credentials. https://docs.adyen.com/developers/ecommerce-integration

My credentials work when accessing the API page through browser.

But I get an 401 Unauthorized response when trying to access the API with XMLHttpRequest POST request.

Javascript Code

var url = "https://pal-test.adyen.com/pal/servlet/Payment/v25/authorise";

var username = "ws@Company.CompanyName";
var password = "J}5fJ6+?e6&lh/Zb0>r5y2W5t";
var base64Credentials = btoa(username+":"+password);

var xhttp = new XMLHttpRequest();
xhttp.open("POST", url, true);
xhttp.setRequestHeader("content-type", "application/json");
xhttp.setRequestHeader("Authorization", "Basic " + base64Credentials);

var requestParams = XXXXXXXX;
xhttp.send(requestParams);

Result

The PAL is a Payment Authorisation API. You never want to call it from a browser. You only want to expose your username and password to send in payments in your backend code.

In Client-side encryption, the encryption is done in the browser. You then send the encrypted data to your own server. On your server you then create a payment authorization request (of which the encrypted data is one of the elements, along side payment amount, etc).

If you would be able to manage to make this run from your browser, your end solution will allow your shoppers to change amounts, currency's, payment meta data etc from the JavaScript layer. This should never be the case.

The authorization is for that reason part of the "Server side" integration part of documentation: https://docs.adyen.com/developers/ecommerce-integration?ecommerce=ecommerce-integration#serverside

Depending on your server side landscape the CURL implementation in your favorite language differs, but most of the time are easy to find.

Kind regards,

Arnoud

這篇關(guān)于帶有標(biāo)頭的基本身份驗證 - Javascript XMLHttpRequest的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網(wǎng)！