Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
yandex-money-sdk
Advanced tools
Readme
Simply run npm install yandex-money-sdk
Using Yandex.Money API requires following steps
Obtain token URL and redirect user's browser to Yandex.Money service.
Note: client_id
, redirect_uri
, client_secret
are constants that you get,
when register app in Yandex.Money API.
var yandexMoney = require("yandex-money-sdk");
// scope is array(e.g. scope = ['account-info', 'operation-history'])
url = yandexMoney.Wallet.buildObtainTokenUrl(clientId, redirectURI, scope);
// redirect user to url
After that, user fills Yandex.Money HTML form and user is redirected back to
REDIRECT_URI?code=CODE
.
You should immediately exchange CODE
with ACCESS_TOKEN
.
function tokenComplete(err, data) {
if(err) {
// process error
}
var access_token = data.access_token;
// save it to DB, config, etc..
}
yandexMoney.Wallet.getAccessToken(clientId, code, redirectURI, clientSecret,
tokenComplete);
Now you can use Yandex.Money API.
var api = new yandexMoney.Wallet(access_token);
// get account info
api.accountInfo(function infoComplete(err, data) {
if(err) {
// process error
}
// process data
var balance = data.balance;
var user_account = data.account;
// etc..
});
// fetch last 3 records of operation history
api.operationHistory({ records: 3 }, function operationHisComplete(err, data) {
if(err) {
// process error
}
// process data
var opertaions = data.operations;
var first_title = operations[0].title;
// etc..
});
//make request payment and process it
var options = {
"pattern_id": "p2p",
"to": "410011161616877",
"amount_due": "0.02",
"comment": "test payment comment from yandex-money-nodejs",
"message": "test payment message from yandex-money-nodejs",
"label": "testPayment",
"test_payment": true,
"test_result": "success"
};
api.requestPayment(options, function requestComplete(err, data) {
if(err) {
// process error
}
if(data.status !== "success") {
// process failure
}
var request_id = data.request_id;
api.processPayment({
"request_id": request_id
}, processComplete);
});
function processComplete(err, data) {
if(err) {
// process error
}
// process status
}
Fetch instantce-id(ussually only once for every client. You can store result in DB).
yandexMoney.ExternalPayment.getInstanceId(clientId,
function getInstanceComplete(err, data) {
if(err) {
// process error
}
var instanceId = data.instance_id;
// save it to DB
});
Make request payment
var externalPayment = new yandexMoney.ExternalPayment(instanceId)
var options = {
// pattern_id, etc..
};
externalPayment.request(options, function requestComplete(err, data) {
if(err) {
// process error
}
var requestId = data.request_id;
});
Process the request with process-payment.
externalPayment.process({"request_id": requestId}, function (err, data) {
if(err) {
// process error
}
// process data
});
err
, data
and response
.
Where err
is equal to null
when status of response is 2**
, data
is JSONed
response and response
is a full server response(you can check
response.statusCode
for example).test/constants.js
using test/constants.js.sample
as a template.npm run test
and check the output.FAQs
SDK for working with yandex money API
The npm package yandex-money-sdk receives a total of 20 weekly downloads. As such, yandex-money-sdk popularity was classified as not popular.
We found that yandex-money-sdk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.