Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

AppGameKit Classic Chat / Support for HTTPS? - Looking to Build A Credit Card Payment App/POS

Author
Message
JHA
20
Years of Service
User Offline
Joined: 30th Dec 2003
Location: Massachusetts, USA
Posted: 5th Apr 2017 22:05 Edited at: 6th Apr 2017 20:07
Link
[SOLVED] - Thank You!!

Hello All,

My company provides Credit Card Payment Solutions and we are looking to develop a Simple POS System, that uses an existing Payment Gateway to process the Cards.

I have the API for the Payment Gateway and I know how to build the required Post String to run a card.

Does AppGameKit support the HTTPS Protocol and if so, are there any full examples of Opening a Connection, Sending Data, Waiting for a Response and then Closing the Connection?
I've looked at the examples that come with AppGameKit, but I'm having a little trouble combining them into a working solution.

Here is the POST URL: (Fake Credentials In Below URL)
https://secure.cocardgateway.com/api/transact.php?username=demo&password=password&ccnumber=4111111111111111&ccexp=1220&cvv=999&amount=1.01&orderid=999777444&order_description=April Invoice Payment&first_name=Joe&last_name=Austin

A Typical Response would be:
response=1&responsetext=SUCCESS&authcode=123456&transactionid=3564763631&avsresponse=N&cvvresponse=M&orderid=999777444&type=&response_code=100

Any help would be greatly appreciated.

Thank you
JHA
Proverbs Challenge: http://pc.potentialsunleashed.com/

Using AppGameKit V2 Tier 1 - FPSC Reloaded / Game Guru
Back to top
Profile PM Email Website
Jack
19
Years of Service
User Offline
Joined: 4th Oct 2004
Location: [Germany]
Posted: 6th Apr 2017 05:13 Edited at: 6th Apr 2017 09:23
Link
Interesting...
Quote: "
Does AppGameKit support the HTTPS Protocol?"

integer SetHTTPHost( iHTTP, szHost, iSecure )

iSecure - Set to one to use an HTTPS secure connection, 0 to use a standard HTTP connection.

Quote: "are there any full examples?"

Maybe you also need to look at the core/ string commands to solve your response code?
The given examples should be enough to solve that.

Quote: "
Credit Card Payment Solutions and we are looking to develop a Simple POS System,"


Are you shure you want to do this in AppGameKit T1?
I mean, bytecode... you can nearly follow all steps with a hex editor.. all constants and variables are readable,
.. sniffer, deep package inspection and stuff, you know?

Please, for the sake of your company, go at least Tier 2.
If you want to be better, use a custom vpn to transfer the data and chifer the memory of the app...



In my opinion, there is no such thing as a simple POS

[/url]

Attachments

Login to view attachments
Back to top
Profile PM Email Website
Mobiius
Valued Member
21
Years of Service
User Offline
Joined: 27th Feb 2003
Location: The Cold North
Posted: 6th Apr 2017 09:05
Link
Quote: "https://secure.cocardgateway.com/api/transact.php?username=demo&password=password&ccnumber=4111111111111111&ccexp=1220&cvv=999&amount=1.01&orderid=999777444&order_description=April Invoice Payment&first_name=Joe&last_name=Austin"

What company is this for. (So I never use their software and expose my financial details in a simple publicly visible URL that can be viewed with a simple packet sniffer!)
Signature removed by mod because it's larger than 600x120... please resize and try again.
Back to top
Profile PM Email Website
Phaelax
DBPro Master
21
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 6th Apr 2017 14:03
Link
Quote: "Here is the POST URL: (Fake Credentials In Below URL)
https://secure.cocardgateway.com/api/transact.php?username=demo&password=password&ccnumber=4111111111111111&ccexp=1220&cvv=999&amount=1.01&orderid=999777444&order_description=April Invoice Payment&first_name=Joe&last_name=Austin"

Looks more like a GET url to me. And POST data is no more secure really. You're at least right in wanting to use SSL, which AppGameKit can do.

I have no comment about the security of the bytecode, but if it's as easy to read variables as folks are saying, then it wouldn't matter how well you encrypt the data before sending it over ssl. At least not securely enough for a financial system.


Quote: "Does AppGameKit support the HTTPS Protocol and if so, are there any full examples of Opening a Connection, Sending Data, Waiting for a Response and then Closing the Connection?"

You can review the code for my online high score system, it uses https.
http://purpletoken.com/faq.php

"I like offending people, because I think people who get offended should be offended." - Linus Torvalds
Back to top
Profile PM Email Website
JHA
20
Years of Service
User Offline
Joined: 30th Dec 2003
Location: Massachusetts, USA
Posted: 6th Apr 2017 14:39
Link
Thank you for the responses!

Don't worry, I am not looking to build a POS with Tier 1, I am only using Tier 1 for prototyping and wanted to make sure it could handle it, before going too far.

The interface is with an existing PCI Compliant Payment Gateway, so the security that I would need to implement would only involve encrypting the card information. For the prototype, I would only use test card information anyway, so no real card data is being passed.

I do appreciate the concern though, as I would have been worried about it myself, if I had seen this posted by someone else.

Thanks Again!
JHA
Proverbs Challenge: http://pc.potentialsunleashed.com/

Using AppGameKit V2 Tier 1 - FPSC Reloaded / Game Guru
Back to top
Profile PM Email Website
Jack
19
Years of Service
User Offline
Joined: 4th Oct 2004
Location: [Germany]
Posted: 6th Apr 2017 15:14 Edited at: 6th Apr 2017 15:16
Link
Quote: "I am only using Tier 1 for prototyping"

Be careful, I've once written a simple prototype in Tier 1 and they took it as the final product without any changes, even though I did my best to recommend a native development, but failed.
I managed to build a simple rule: "The customer will always take the worst product."

But for testing purposes, AppGameKit fits your needs! Just be careful...

[/url]
Back to top
Profile PM Email Website
JHA
20
Years of Service
User Offline
Joined: 30th Dec 2003
Location: Massachusetts, USA
Posted: 6th Apr 2017 16:13
Link
Thanks Jack. No customers will be seeing the prototype at all. This is for internal use until we manage a full product. I hear you though and appreciate the warning!

Another question:
Is there a way to pass a PORT number?
I'm not seeing that in any of the HTTP Commands and I need to pass one.

Would I just put it at the end of the Server Address, like below?
secure.networkmerchants.com:443

Thanks again for the responses! Much appreciated!
JHA

(BTW - The API for this gateway is listed publicly on their website, so I am not giving away any secrets here)
Proverbs Challenge: http://pc.potentialsunleashed.com/

Using AppGameKit V2 Tier 1 - FPSC Reloaded / Game Guru
Back to top
Profile PM Email Website
JHA
20
Years of Service
User Offline
Joined: 30th Dec 2003
Location: Massachusetts, USA
Posted: 6th Apr 2017 20:07
Link
Never mind about the PORT number. I just got it to work and I get a proper response as well!! Sweeeet!!


Thank you ALL for the help!!!
JHA
Proverbs Challenge: http://pc.potentialsunleashed.com/

Using AppGameKit V2 Tier 1 - FPSC Reloaded / Game Guru
Back to top
Profile PM Email Website
Ortu
DBPro Master
16
Years of Service
User Offline
Joined: 21st Nov 2007
Location: Austin, TX
Posted: 6th Apr 2017 20:23
Link
I'll agree that there is no such thing as a simple POS, however:

As easy as it is to extract info from bytecode, it is even more trivial to do so from a web page, this is not an issue for ecommerce and online banking etc.

If the app is only transmitting user input and not storing data locally, it falls under the same security needs and concerns as a website handling financial data. https is a must and will handle most of it.

Secure the connection, secure the server, store nothing locally, and an AppGameKit T1 app is no worse off or less secure than amazon in your browser.
http://games.joshkirklin.com/sulium

A single player RPG featuring a branching, player driven storyline of meaningful choices and multiple endings alongside challenging active combat and intelligent AI.
Back to top
Profile PM Email Website
JHA
20
Years of Service
User Offline
Joined: 30th Dec 2003
Location: Massachusetts, USA
Posted: 6th Apr 2017 22:06
Link
Thank you Ortu.

By simple, I just meant the Prototype version would be simple. The actual POS will be quite a bit more complex.
Interesting take on T1, but I'm still looking to either use T2 or an entirely different solution all together.

AGK is great for quick testing and I already have it working now anyway, so a few more tweaks and I can show it to the Powers-That-Be for the go ahead on the main project.

Again, I thank you all for the responses!!
JHA
Proverbs Challenge: http://pc.potentialsunleashed.com/

Using AppGameKit V2 Tier 1 - FPSC Reloaded / Game Guru
Back to top
Profile PM Email Website
Back to top

Login to post a reply

Server time is: 2024-05-20 20:11:45
Your offset time is: 2024-05-20 20:11:45