Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Accepting iDEAL, Bancontact/Mister Cash, SOFORT Banking, Creditcard, SEPA Bank transfer, SEPA Direct debit, PayPal, Belfius Direct Net, KBC/CBC, Klarna Pay later/Pay now/Slice it, paysafecard, Giftcards, Giropay, EPS, Przelewy24 and Billie online payments without fixed monthly costs or any punishing registration procedures. Just use the Mollie API to receive payments directly on your website or easily refund transactions to your customers.
To use the Mollie API client, the following things are required:
If your application uses a recent v2 version of the Mollie API client and you're ready to migrate to v3, read all about the API changes that we made. Use the docs to quickly find how to update your integration code and use the v3 client correctly.
Please note: If you want to install an older version of the Mollie API client (current major version is v3
), then please refer to their respective github branches for installation instructions:
By far the easiest way to install the Mollie API client is to install it with pip. The command below will install the latest released version of the client.
$ pip install mollie-api-python
You may also git checkout or download all the files, and include the Mollie API client manually.
Create and activate a Python >= 3.8 virtual environment (inside a git checkout or downloaded archive).
$ cd mollie-api-python
$ python -m venv .venv
$ source .venv/bin/activate
Install the additional requirements for the examples, then install the Mollie API client itself.
$ pip install flask
$ pip install -e .
Run the examples.
export MOLLIE_API_KEY=test_YourApiKey
$ python examples/app.py
If you are working from a development machine, you should use a tool like ngrok.com to get a publicly available URL that can be used in callback and redirect URLs. Start the service and expose the forwarding URL (https) to the mollie example code:
export MOLLIE_API_KEY=test_YourApiKey
export MOLLIE_PUBLIC_URL=https://some.ngrok.url.io
$ python examples/app.py
To successfully receive a payment, these steps should be implemented:
Use the Mollie API client to create a payment with the requested amount, currency, description and optionally, a payment method. It is important to specify a unique redirect URL where the customer is supposed to return to after the payment is completed.
Immediately after the payment is completed, our platform will send an asynchronous request to the configured webhook to allow the payment details to be retrieved, so you know when exactly to start processing the customer's order.
The customer returns, and should be satisfied to see that the order was paid and is now being processed.
Find our full documentation online on docs.mollie.com.
Importing the Mollie API Client
from mollie.api.client import Client
Initializing the Mollie API client, and setting your API key
mollie_client = Client()
mollie_client.set_api_key('test_dHar4XY7LxsDOtmnkVtjNVWXLSlXsM')
Creating a new payment.
payment = mollie_client.payments.create({
'amount': {
'currency': 'EUR',
'value': '10.00'
},
'description': 'My first API payment',
'redirectUrl': 'https://webshop.example.org/order/12345/',
'webhookUrl': 'https://webshop.example.org/mollie-webhook/',
})
After creation, the payment id is available in the payment.id
property. You should store this id with your order.
After storing the payment id you can send the customer to the checkout using the payment.checkout_url
.
For a payment create example, see Example 1 - New Payment.
In general, request body parameters for an API endpoint should be added to a dictionary and provided as the first argument (or data
keyword argument). Query string parameters can be provided as keyword arguments.
We can use the payment.id
to retrieve a payment and check if the payment isPaid
.
payment = mollie_client.payments.get(payment.id)
if payment.is_paid():
print('Payment received.')
Or retrieve a collection of payments.
payments = mollie_client.payments.list()
For an extensive example of listing payments with the details and status, see Example 5 - Payments History.
When the status of a payment changes the webhookUrl
we specified in the creation of the payment will be called.
There we can use the id
from our POST parameters to check te status and act upon that, see Example 2 - Webhook verification.
Since the 2.0 version of the API (supported by version 2.0.0 of the client) non-EUR payments for your customers is now supported. A full list of available currencies can be found in our documentation.
payment = mollie_client.payments.create({
'amount': {
'currency': 'USD',
'value': '10.00'
},
'description': 'Order #12345',
'redirectUrl': 'https://webshop.example.org/order/12345/',
'webhookUrl': 'https://webshop.example.org/mollie-webhook/',
})
After the customer completes the payment, the payment.settlement_amount
will contain the amount + currency that will be settled on your account.
If you want to fully integrate iDEAL payments in your web site, some additional steps are required. First, you need to retrieve the list of issuers (banks) that support iDEAL and have your customer pick the issuer he/she wants to use for the payment.
Retrieve the iDEAL method and include the issuers
method = mollie_client.methods.get(mollie.api.objects.Method.IDEAL, include='issuers')
method.issuers
will be a list of Issuer objects. Use the property id
of this object in the
API call, and the property name
for displaying the issuer to your customer. For a more in-depth example, see Example 4 - iDEAL payment.
payment = mollie_client.payments.create({
'amount': {
'currency': 'EUR',
'value': '10.00'
},
'description': 'My first API payment',
'redirectUrl': 'https://webshop.example.org/order/12345/',
'webhookUrl': 'https://webshop.example.org/mollie-webhook/',
'method': mollie.api.objects.Method.IDEAL,
'issuer': selectedIssuerId, # e.g. "ideal_INGBNL2A"
})
The payment.checkout_url
is a URL that points directly to the online banking environment of the selected issuer.
The API also supports refunding payments. Note that there is no confirmation and that all refunds are immediate and definitive. Refunds are only supported for iDEAL, credit card, Bancontact, SOFORT Banking, PayPal, Belfius Direct Net, KBC/CBC, ING Home'Pay and bank transfer payments. Other types of payments cannot be refunded through our API at the moment.
payment = mollie_client.payments.get(payment.id)
# Refund € 2 of this payment
refund = payment.refunds.create({
'amount': {
'currency': 'EUR',
'value': '2.00'
}
})
For a working example, see Example 11 - Refund payment.
At https://docs.mollie.com/oauth/getting-started the OAuth process is explained. Please read this first.
OAuth authentication process redirects back to your application. Therefore you should expose your local web server (the examples) as public urls. A webservice like ngrok.com can help you with that. To run the examples, take the following steps:
Install the ngrok
client (or a similar service), and make sure it works:
python examples/oauth/oauth_app.py
ngrok http 5000
, and visit the public URL from the ngrok client.Mollie OAuth examples: You need to setup OAuth first
.Login to your Mollie account, and visit Developers -> Your Apps. Create a new application. In the Redirect URL
field, you enter the ngrok public URL you just visited, and append /callback
to the end of the URL. After saving the new application, you'll receive a Client ID
and a Client Secret
.
Go back to the examples app. Now that all other stuff is setup, we can run the examples with all required configuration:
export MOLLIE_CLIENT_ID=your_client_id
export MOLLIE_CLIENT_SECRET=your_client_secret
export MOLLIE_PUBLIC_URL=https://some.ngrok.url.io
python examples/oauth/oauth_app.py
After starting the application, visit the URL on the page to start the OAuth flow with Mollie.
The Authorize endpoint (where the URL takes you to) is the place on the Mollie website where the merchant logs in, and grants authorization to your client application. E.g. when the merchant clicks on the Connect with Mollie button, you should redirect the merchant to the Authorize endpoint.
The merchant can then grant the authorization to your client application for the scopes you have requested. This means that your application can access the merchants' data.
Mollie will then redirect the merchant back to the Redirect URI you have specified. The URI will contain some query parameters, which contains the auth token. At the page listening at the Redirect URI, you should extract that token, and use it to request a regular OAuth token.
You should implement the get_token
and set_token
methods yourself. They should retrieve and store the OAuth token that is sent from Mollie somewhere in your application (f.i. in the database).
The token data is JSON, which is handled as a dict.
These are example methods, you should use a storage method that fits your application.
def get_token():
"""
:return: token (dict) or None
"""
if os.path.exists('token.json'):
with open('token.json', 'r') as file:
return json.loads(file.read())
def set_token(token):
"""
:param token: token (dict)
:return: None
"""
with open('token.json', 'w') as file:
file.write(json.dumps(token))
mollie_client = Client()
is_authorized, authorization_url = mollie_client.setup_oauth(
client_id,
client_secret,
redirect_uri,
scope,
get_token(),
set_token,
)
# When "is_authorized" is False, you need to redirect the user to the authorization_url.
# After the user confirms the authorization ate the Mollie Authorize page, she is redirected back to your redirect_uri.
# The view on this uri should call setup_oauth_authorization_response(), with authorization_response as parameter.
# This is the full callback URL (string) from the request that the user made when returning from the Mollie website.
mollie_client.setup_oauth_authorization_response(authorization_response)
# The token will be stored via your `set_token` method for future use. Expired tokens will be refreshed by the client automatically.
# Now You can query the API:
mollie_client.organizations.get('me')
If you wish to learn more about our API, please visit the Mollie Developer Portal. API Documentation is available in English.
Want to help us make our API client even better? We take pull requests, sure. But how would you like to contribute to a technology oriented organization? Mollie is hiring developers and system engineers. Check out our vacancies or get in touch.
BSD (Berkeley Software Distribution) License. Copyright (c) 2014-2022, Mollie B.V.
Contact: www.mollie.com — info@mollie.com — +31 20 820 20 70
FAQs
Mollie API client for Python
We found that mollie-api-python demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.