Help Requested: POSTing to POLL API via Javascript or VB


#1

So I’m trying to integrate the ETN instant payment stuff into a website that I’m working on.

Issue is, my site is written in ASPX not PHP.
It uses javascript for client code, and VB for server-side.

I’ve been trying to get the API POST working in either language, but keep coming across this error:

Error 403
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://poll.electroneum.com/vendor/check-payment. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Can anyone shed light on this?
From what I can see, it seems to be a server-side issue ??

I know my Signature is good as it EXACTLY matches the signature produced by my Android POS (which works), and the JSON data ‘appears’ correct???

The actual Javascript that I’m using:
Note i’ve edited my ETN wallet ID so the secret cant be reverse engineered.

<script>

xhr = new XMLHttpRequest();
var url = "https://poll.electroneum.com/vendor/check-payment";
xhr.open("POST", url, true);
xhr.setRequestHeader("Content-type", "application/json");
xhr.setRequestHeader("ETN-SIGNATURE","5585f38b0b5537a3b14cb80efc091d9437515964bd46221f1e12402837a47a9d")
xhr.onreadystatechange = function () { 
    if (xhr.readyState == 4 && xhr.status == 200) {
        var json = JSON.parse(xhr.responseText);
        console.log(json.payment_id + ", " + json.vendor_address)
    }
}
var data = JSON.stringify({"payment_id":"0000000001","vendor_address":"etn-it-5c98e50cd0761"});
xhr.send(data);
   
 </script>

#2

Ive not played around with VbScript in a long time (since college) but have you tried ajaxing from your client side to a function that is serverside doing the actual call and then returning the results from your server via a json array.


#3

Thanks for the tip

Ive tried the following AJAX and still get the same error (403) regarding cross domain violations:
Now im not sure if this is my server, or ETN’s that’s causing this issue as I’ve installed all the CORS (cross domain) stuff and have added absolutely every possible allowance and permission there is!

Also, if it is my machine then if I’m connecting to my own machine, via a browser on said machine - it should just connect to ‘localhost’ and not involve domains whatsoever.

Am stumped :weary:

$.ajax({
url: ‘https://poll.electroneum.com/vendor/check-payment’,
dataType: ‘JSONP’,
jsonpCallback: ‘callbackFnc’,
type: ‘GET’,
headers: {

             'ETN-SIGNATURE': 'etn-it-5b98e50cd5000',
             'Content-Type': 'application/json'
         },
         data: JSON.stringify(<%= payload %>),
         async: false,
         crossDomain: true,
         success: function (result) {
             alert("2" + JSONP.stringify(result));

         },
         error: function (xhr, status, error) {
             alert("2" + status);
         },
         failure: function () { },

     });

#4

Heres the VB stuff in code-behind
This avoids the 403 error completely (yay!) but now gives 400 ‘Bad Request’ meaning I have some variable wrong somewhere.

Any help?

    Dim signature As String = "" ' place holder for my hashed secret
    Dim payload = New With {.payment_id = "0000000003", .vendor_address = "etn-it-5b98e50cd1000"} ' created my payload this way to make it easiest.
    Dim serializer As New JavaScriptSerializer()
    serializedResult = serializer.Serialize(payload)  ' convert to JSON compatible string

    signature = Hashmac(serializedResult)  ' Calls a function below to HASH my signature against my key, works !
    Dim myWebRequest As HttpWebRequest = HttpWebRequest.Create("https://poll.electroneum.com/vendor/check-payment")
    myWebRequest.Method = "POST"
    Dim byteArray As Byte() = Encoding.UTF8.GetBytes(serializedResult)  ' Convert to byes, is this wrong?!?

    ' Set the variables for the request
    myWebRequest.ContentType = "application/json utf-8"
    myWebRequest.ContentLength = byteArray.Length
    myWebRequest.ContentLength = serializedResult.Length
    myWebRequest.Headers.Add("ETN-SIGNATURE", signature)
    myWebRequest.Accept = "application/json utf-8"   ' I dont know why, but this works on my Android Java

    Dim dataStream As System.IO.Stream = myWebRequest.GetRequestStream()
    dataStream.Write(byteArray, 0, byteArray.Length)
    dataStream.Close()

    Try
        Dim responsex = myWebRequest.GetResponse().GetResponseStream()
        Dim reader As New IO.StreamReader(responsex)
        Dim result = reader.ReadToEnd()
        reader.Close()
        Response.Write("<script>alert('made it!')</script>")
    Catch ex As Net.WebException
        Dim responsex = ex.Response
        response.Write("<script>alert('Fail: ' + ex.Message.ToString() )</script>")


    End Try
    ' ATTEMPT NUMBER 2

    ' Recreating the payload from scratch, using a different method to try and get it 100% correct
    Dim obj1 As New Payloadstuff With {.payment_id = "0000000003", .vendor_address = "etn-it-5b98e50cd1000"}  ' my payload
    Dim objStudentList As New List(Of Payloadstuff)() From {obj1}
    Dim objJSSerializer As New System.Web.Script.Serialization.JavaScriptSerializer()

    'Serialization .NET Object to JSON
    Dim strJSON = objJSSerializer.Serialize(objStudentList) ' converts to a serialized JSON compatible string
    signature = Hashmac(strJSON)  ' hashing my JSON string against my secret key
    Dim byteArray1 As Byte() = Encoding.UTF8.GetBytes(strJSON) ' Convert the payload to bytes  - IS THIS WRONG?!?

    Dim req As WebRequest = WebRequest.Create("https://poll.electroneum.com/vendor/check-payment") ' the url
    req.ContentType = "application/json utf-8"  '- IS THIS WRONG?!?
    req.Method = "POST"
    req.ContentLength = byteArray1.Length
    req.Headers.Add("ETN-SIGNATURE", "e8dbb6725ede1fcfa1de9c12cbfbd1851b13247892db3bb7fb1775c1c7eb6291")  ' My hashed signature, this is correct, matches my androids one perfectly
    'Fire the request
    Dim stream = req.GetRequestStream()
    stream.Write(byteArray1, 0, byteArray1.Length)
    stream.Close()
    Dim result2 = req.GetResponse().GetResponseStream()
Public Class Payloadstuff
    Public Property payment_id As String
    Public Property vendor_address As String
End Class

#5

OK making progress:

Error 502 = Your signature is wrong
Error 400 = Your payload is wrong ( JSON serialised) “payment_ID” : “xxxxxxx”, “vendor_ID” : “etn-it-yyyyyyyyy”