Plugins: Use a variable obteined from HTML Header

Hi, I need to get the VISA “x-pay-token”, in order to do that I have the script below. How can I get the XPayToken variable created in that script and use it in the API header?

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
def hmac(String secretKey, String data) {
Mac mac = Mac.getInstance(“HmacSHA256”)
SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getBytes(), “HmacSHA256”)
byte[] digest = mac.doFinal(data.getBytes())
return digest
def APIKey = ‘MYapikey’
def sharedSecret = ‘MYsharedscret’
def URI = “helloworld”
def QS = “apikey=”+APIKey
def timeStampUTC = String.valueOf(System.currentTimeMillis().intdiv(1000L))
def payload = “”
def HMACDigest = hmac(sharedSecret, timeStampUTC + URI + QS + payload)
def encodedDigest = HMACDigest.encodeHex().toString()
def XPayToken = “xv2:”+ timeStampUTC + “:” + encodedDigest
testRunner.testCase.setPropertyValue(“xpayToken”, XPayToken)

Can you say more about what you are trying to do? Where/when is the script to be run, where are you calling the API from, what has this got to do with a plugin?

FYI Java is not the same as Javascript, you’d need to rewrite it.

I’m trying to make a plugin to use CyberSource Payments (by VISA).

In order to make it functional, header must contain a token named “X PAY TOKEN” created using the API key and a Shared Secret key provided by VISA. (doc about x-pay-token: )

Thanks for expanding further, @salvuccicarlos.

The shared secret shouldn’t be exposed to the web page, so the token shouldn’t be generated by client javascript, although the message itself can be.

The plugins server javascript is still in beta, and its unclear at this stage if crypto libraries can be used there, so that’s not an option yet either.

Bubble has a text function to generate a HMAC SHA256 Digest …


So there is an option for the app to do this on an API Workflow step.

This produces a string like:

Once you’ve created the token, you can send the message to VISA, this can be done via the API connector, or one of the API calls defined in the plugin.

Yes, but the problem is that there are multiple elements besides converting the string to a SHA256. In Visa’s documentation they offer the code needed in order to get the x pay token and get access to visa’s network

Yes, the sample code they offer can’t be run on Bubble, but it is useful in showing in detail the steps needed to be done.

Its a bit trickier to do in Bubble, for example concatenating strings usually needs unintuitive workarounds, as there are no variables.

The timestamp is easy to generate, but the tricky part is using the same timestamp both in calculating the hash, and in the token. Probably the best approach is to pass the timestamp to the API workflow endpoint as a parameter, so the same value can be used in more than one step.

A good way to start is:

  • Install the plugin API connector
  • Create an API call to VISA, initialise with manually set data
  • Create an API Workflow endpoint
  • Add a step to make the API call
  • Fill in the API call fields - this is where you’ll discover some interesting hacks
  • Schedule the API workflow from a page button

OK, I never use the API Workflow endpoint. I’m guessing how to use it. But meanwhile the problem I’m having is tht the API I created for hello world to VISA isn’t working because I need to initialize the call beafore making useable.

I tried creating the X-Pay-Token string manually, but it keeps retrieving errors in the authentication… I’m starting to give up, it much more complicate than I’m used to.

This sort of exercise is in the hard category … instead of starting with something that works which you can add to, the starting point is broken until every piece is working spot on.

Can you say more about why you need this problem solved? It can help in suggesting next steps.

For example, if you want to provide VISA payment gateway to a group of paying client’s apps, then it’d likely be worth it for you to offer payment to get you a working sample, to get you over the first hurdle.

Mishav, first of all I must thank you for your interest.

I’m from Argentina, here in my country there are some companies which offer much more easy APIs to implement VISA’s Payments. Yet, the fee they charge for each transaction is very high because to their wage you have to sum VISA’s own fee (that here in Argentina is 1,2% from the total you pay for debit cards).

I want to minimize all the charges I can, in order to achieve that I should first get rid of all the intermidiates beetwen VISA and me.

I could do the x-pay-token thing for you, but it’d take a few hours of my time. Are you willing to sponsor it? : )

Mishav, that would have bern great yesterday. I could do the hello world thing! Thanks for your help

1 Like

Well done getting that working, good effort!

1 Like

Hi, I have the same problem, can you help me with that?

Hi @salvuccicarlos have you successfully integrated Cybersource? In particular saving and authenticating a card for later use?

Hi @mishav have you had experience integrating Cybersource? can you say what the capabilities are in yes/no responses if I post a list here?