Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
⭐ Typed QIWI Wallet SDK. Supported API's: Personal & P2P Bill Payments
Typed QIWI Wallet SDK for NodeJS. Supported API's: Personal & P2P Bill Payments
Весь JSDoc библиотеки на русском языке, как и большая часть документации.
Основной README.md
файл на английском потому что:
Language: Русский | English
1.1.0
(18 Jan. 2020) will work on version 4.0.0
(26 May 2022) with little changes. Also qiwi-sdk
provides classes to make migration from similar libs effortless.
Express
integration out of the boxLanguage: Русский | English
npm
npm i qiwi-sdk
Yarn
yarn add qiwi-sdk
pnpm
pnpm add qiwi-sdk
Language: Русский | English
From the library you can import all the APIs separately, because use cases are different.
CommonJS (default for Node JS)
const { P2p, Wallet, Detector } = require("qiwi-sdk");
TypeScript or ES Modules
import { P2p, Wallet, Detector } from "qiwi-sdk";
The table shows the currently implemented APIs.
Class (Legacy v2) is a compatible class only for those who are upgrading from version 2. The rest are advised to use the new version of the API - Class v3.
Class (v3) | Documentation by QIWI | Recommended var name | |
---|---|---|---|
Wallet | Personal | https://developer.qiwi.com/en/qiwi-wallet-personal | wallet (or qiwi ) |
P2p | P2P | https://developer.qiwi.com/en/p2p-payments | p2p |
P2p | - | https://developer.qiwi.com/en/bill-payments | p2p (or payments ) |
Detector | DetectorCompat | https://developer.qiwi.com/en/qiwi-wallet-personal/#search-providers | detector |
To see detailed documentation on a class, click on its name.
node-qiwi
;@qiwi/bill-payments-node-js-sdk
.const { Wallet, P2p, Detector } = require("qiwi-sdk");
// ✅ - The right way (since v3.0.0)
const wallet = Wallet.create(process.env.QIWI_TOKEN, process.env.QIWI_WALLET);
const p2p = P2p.create(process.env.QIWI_SECRET_KEY, process.env.QIWI_PUBLIC_KEY);
const detect = Detector.create();
// ✅ - Also right way (but since v3.2.0)
const wallet = new Wallet({
token: process.env.QIWI_TOKEN,
walletId: process.env.QIWI_WALLET
});
const p2p = new P2p({
secretKey: process.env.QIWI_SECRET_KEY,
publicKey: process.env.QIWI_PUBLIC_KEY
});
const detect = new Detector();
The following environment variables were used in this example. It's recommended to store all data for API access in environment variables or in another protected place, but not in the code.
Name | Type | Description |
---|---|---|
QIWI_TOKEN | String(32 chars) - Hex | Qiwi token got on https://qiwi.com/api |
QIWI_WALLET | String(10-16 chars) - Digits | Wallet's phone number |
QIWI_SECRET_KEY и QIWI_PUBLIC_KEY | Strings | Key pair created on https://qiwi.com/p2p-admin/transfers/api |
const wallet = Wallet.create(process.env.QIWI_TOKEN);
wallet.personProfile.getCurrent().then(console.log);
// => { contractInfo: {...}, authInfo: {...}, userInfo: {...} }
const wallet = Wallet.create(process.env.QIWI_TOKEN);
// 100 RUB from RUB account to QIWI (99) `79123456789` including commission
// All above can be configured
wallet.payments.quickPay({
amount: 100,
account: "79123456789"
});
const p2p = P2p.create(process.env.QIWI_SECRET_KEY);
p2p.bills
.create({
amount: {
value: 1000,
currency: P2p.Currency.RUB
},
successUrl: "https://youtu.be/dQw4w9WgXcQ"
})
.then(console.log);
// => { payUrl: 'https://oplata.qiwi.com/...' }
const { SocksProxyAgent } = require("socks-proxy-agent");
const wallet = Wallet.create(process.env.QIWI_TOKEN);
wallet.agent = new SocksProxyAgent("socks://login:password@host:port");
// do work here
// Remember to dispose agent
wallet.agent = undefined;
const p2p = P2p.create(process.env.QIWI_SECRET_KEY);
const app = express();
app.post(
"/webhook/qiwi",
p2p.notificationMiddleware({}, (req, res) => {
// Bill body
console.log(req.body);
// { "siteId": "9hh4jb-00", "billId": "cc961e8d-d4d6-4f02-b737-2297e51fb48e", ... }
})
);
app.use((error, req, res, next) => {
if (error instanceof P2pBillNotificationError) {
// Somebody sent invalid notification
console.log(error);
}
return next();
});
Language: Русский | English
Distributed under the MIT License. See LICENSE.txt for more information.
CONTRIBUTING.md
You can write issue, or if i am slow to answer it, you can DM me in
Telegram: @AlexXanderGrib
Interested in P2P acquiring in Russia?
Check out my other SDK for YooMoney (formerly Yandex.Money) 👉 github.com/AlexXanderGrib/yoomoney-sdk
Language: Русский | English
FAQs
⭐ QIWI SDK for node: P2P Payments & Wallet management
The npm package qiwi-sdk receives a total of 1,300 weekly downloads. As such, qiwi-sdk popularity was classified as popular.
We found that qiwi-sdk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.