带有标头的基本身份验证 - Javascript XMLHttpRequest
时间:2023-10-14问题描述
我正在尝试访问需要基本身份验证凭据的 Adyen 测试 API.
但我在尝试使用 XMLHttpRequest POST 请求访问 API 时收到 401 Unauthorized 响应.
Javascript 代码
var url = "https://pal-test.adyen.com/pal/servlet/Payment/v25/authorise";var username = "ws@Company.CompanyName";var 密码 = "J}5fJ6+?e6&lh/Zb0>r5y2W5t";var base64Credentials = btoa(用户名+":"+密码);var xhttp = new XMLHttpRequest();xhttp.open("POST", url, true);xhttp.setRequestHeader("内容类型", "应用程序/json");xhttp.setRequestHeader("授权", "基本" + base64Credentials);var requestParams = XXXXXXXX;xhttp.send(requestParams);
结果
PAL 是一个支付授权 API.您从不想从浏览器调用它.您只想公开您的用户名和密码,以便在您的后端代码中发送付款.
在客户端加密中,加密是在浏览器中完成的.然后,您将加密数据发送到您自己的服务器.然后在您的服务器上创建一个支付授权请求(其中加密数据是元素之一,以及支付金额等).
如果您能够设法从浏览器运行此操作,您的最终解决方案将允许您的购物者从 JavaScript 层更改金额、货币、支付元数据等.绝不应该是这种情况.
因此,授权是文档服务器端"集成部分的一部分:https://docs.adyen.com/developers/ecommerce-integration?ecommerce=ecommerce-integration#serverside
根据您的服务器端环境,您最喜欢的语言的 CURL 实现会有所不同,但大多数时候很容易找到.
亲切的问候,
阿诺德
I am trying to access Adyen test API that requires basic authentication credentials. https://docs.adyen.com/developers/ecommerce-integration
My credentials work when accessing the API page through browser.
But I get an 401 Unauthorized response when trying to access the API with XMLHttpRequest POST request.
Javascript Code
var url = "https://pal-test.adyen.com/pal/servlet/Payment/v25/authorise";
var username = "ws@Company.CompanyName";
var password = "J}5fJ6+?e6&lh/Zb0>r5y2W5t";
var base64Credentials = btoa(username+":"+password);
var xhttp = new XMLHttpRequest();
xhttp.open("POST", url, true);
xhttp.setRequestHeader("content-type", "application/json");
xhttp.setRequestHeader("Authorization", "Basic " + base64Credentials);
var requestParams = XXXXXXXX;
xhttp.send(requestParams);
Result
The PAL is a Payment Authorisation API. You never want to call it from a browser. You only want to expose your username and password to send in payments in your backend code.
In Client-side encryption, the encryption is done in the browser. You then send the encrypted data to your own server. On your server you then create a payment authorization request (of which the encrypted data is one of the elements, along side payment amount, etc).
If you would be able to manage to make this run from your browser, your end solution will allow your shoppers to change amounts, currency's, payment meta data etc from the JavaScript layer. This should never be the case.
The authorization is for that reason part of the "Server side" integration part of documentation: https://docs.adyen.com/developers/ecommerce-integration?ecommerce=ecommerce-integration#serverside
Depending on your server side landscape the CURL implementation in your favorite language differs, but most of the time are easy to find.
Kind regards,
Arnoud
这篇关于带有标头的基本身份验证 - Javascript XMLHttpRequest的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!
相关文章
即使在调用 abort (jQuery) 之后,浏览器也会等待Browser waits for ajax call to complete even after abort has been called (jQuery)(即使在调用 abort (jQuery) 之后,浏览器也会等待 ajax 调用- JavaScript innerHTML 不适用于 IE?JavaScript innerHTML is not working for IE?(JavaScript innerHTML 不适用于 IE?)
- XMLHttpRequest 无法加载,请求的资源上不存在“AXMLHttpRequest cannot load, No #39;Access-Control-Allow-Origin#39; header is present on the requested resource(XMLHttpRequest 无法加载,请求的资
- XHR HEAD 请求是否有可能不遵循重定向 (301 302)Is it possible for XHR HEAD requests to not follow redirects (301 302)(XHR HEAD 请求是否有可能不遵循重定向 (301 302))
- NETWORK_ERROR:XMLHttpRequest 异常 101NETWORK_ERROR: XMLHttpRequest Exception 101(NETWORK_ERROR:XMLHttpRequest 异常 101)
- XMLHttpRequest 206 部分内容XMLHttpRequest 206 Partial Content(XMLHttpRequest 206 部分内容)