Variable

Question

Variable

mwendarapho opened this issue 6 years ago · 7 comments

what is some_secret_hash_key ?

Answer 1 · 2018-11-06T08:11:46.000Z

I had the same query but after digging deep into various tutorials this is what I think about some_secret_hash_key. In my response I am assuming you are working with Laravel, but it should be good enough as a workaround.

It is possible to intercept communication between your app and MPesa when transacting over the internet, to avoid this you are encouraged to generate a strong hash from the Safaricom Developer Portal, then use that hash to register your Callback URLs, when MPesa sends requests to your API endpoint after a transaction you should check/validate whether the hash sent to your endpoint matches what was generated initially from the Saf's developer portal. This way you are sure your application is communicating only with MPesa and not anything in between the communication channel. Obviously this hash can be stored in the .env file for security reasons.

In my case this what I did.

I registered my callback URL in the api.php because any routes registered in that file are not CSRF protected by default, therefore any requests sent there won't be rejected without the token, however be sure to verify the token you receive. Here's a screen shot.

That's my thinking open to opinions and corrections

Answer 2 · 2018-11-06T08:15:22.000Z

That's correct @henimmans it's just a security token that you use to authenticate that the request is actually from Safaricom and a man in the middle.

Answer 3 · 2018-11-06T15:07:38.000Z

Thank you for your help. When I run payment simulations I get these responses: STK Pay: "MerchantRequestID": "20256-3088419-1", "CheckoutRequestID": "ws_CO_DMZ_125050048_06112018173331342", "ResponseCode": "0", "ResponseDescription": "Success. Request accepted for processing", "CustomerMessage": "Success. Request accepted for processing" } C2B: used to work but now it shows this internal server error { "requestId": "2140-2163494-1", "errorCode": "500.003.1001", "errorMessage": "" } I don't get This message for the transactions that were successful: MXU6HK8FTG confirmed. You have received 1000 from John Doe 070000000 on 6/11/2018 at ... Without the confirmation message/response, I have nothing to save to the database. Thank you.

…

On Tue, 6 Nov 2018 at 11:11, henimmans ***@***.***> wrote: I had the same query but after digging deep into various tutorials this is what I think about some_secret_hash_key. In my response I am assuming you are working with Laravel, but it should be good enough as a workaround. It is possible to intercept communication between your app and MPesa when transacting over the internet, to avoid this you are encouraged to generate a strong hash from the Safaricom Developer Portal, then use that hash to register your Callback URLs, when MPesa sends requests to your API endpoint after a transaction you should check/validate whether the hash sent to your endpoint matches what was generated initially from the Saf's developer portal. This way you are sure your application is communicating only with MPesa and not anything in between the communication channel. Obviously this hash can be stored in the .env file for security reasons. In my case this what I did. I registered my callback URL in the api.php because any routes registered in that file are not CSRF protected by default, therefore any requests sent there won't be rejected without the token, however be sure to verify the token you receive. Here's a screen shot. [image: carbon-saf] <https://user-images.githubusercontent.com/8249407/48050840-4a32b480-e1b4-11e8-98b4-3deca5fcd253.png> That's my thinking open to opinions and corrections — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#31 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AH53alxp911nESD1a-KPf30T5mo_HvC3ks5usURDgaJpZM4XzcnL> .

-- *__________________________* *Kind RegardsRaphael Mwenda* *+254722768788 *

Answer 4 · 2018-11-06T15:54:17.000Z

The sandbox sometimes has issues. If the package simulation does not work, try using the developers portal simulation.

Answer 5 · 2020-05-18T19:24:54.000Z

same error on simulation API
{
"requestId":"16858-6141883-1",
"errorCode":"500.003.1001",
"errorMessage":"System internal error."
}
and also developer portal simulation Api

Answer 6 · 2020-08-01T11:23:06.000Z

i've been having the same error but the code used to work perfectly.
{
"requestId": "27370-15356447-1",
"errorCode": "500.003.1001",
"errorMessage": " System internal error"
}
Can anyone help please.

Answer 7 · 2021-07-18T10:56:25.000Z

i've been having the same error but the code used to work perfectly.
{
"requestId": "27370-15356447-1",
"errorCode": "500.003.1001",
"errorMessage": " System internal error"
}
Can anyone help please.

Use the current ShortCode from your account.