Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Google Checkout - API Callback URL [semi-solved]
 
etho201
Sr. Member
 
Total Posts:  85
Joined:  2008-04-03
Summerville, SC
 

Maybe I am not doing this correctly, but I can’t seem to get this to work. I looked at the wiki for Google Checkout and followed it exactly. I have SSL enabled on my site… and I entered the API Callback URL as: https://secure.omnivariety.com/googlecheckout/api

Then when I look at my integration console in google checkout I keep getting the following error.

We encountered an error trying to access your server at https://secure.omnivariety.com/googlecheckout/api/—the error we got is: Sending failed with HTTP response code: 401. Response body was: Failed to Get Basic Authentication Headers

Any ideas on how to fix that? :?

---- I am duplicating this thread and putting it into the coding part of the forums… If I could simply move it over there I would, sorry for duplicate threads. -----

 
Magento Community Magento Community
Magento Community
Magento Community
 
jbeall
Member
 
Total Posts:  33
Joined:  2008-02-18
West Virginia
 

It sounds like you have HTTP Basic authentication turned on—but I don’t think Google Checkout supports basic authentication.  You’ll need to turn it off for at least the API endpoint URI.

 
Magento Community Magento Community
Magento Community
Magento Community
 
etho201
Sr. Member
 
Total Posts:  85
Joined:  2008-04-03
Summerville, SC
 

I’ll have to see about disabling it… but after reading your post I thought of searching for some stuff and found this: http://checkout.google.com/support/sell/bin/answer.py?hl=en&answer;=63438

The HTTP 401 unauthorized error you’ve received means you haven’t properly set up HTTP basic authentication on your server.

Google prefaces callbacks and notifications with HTTP basic authentication, using your Merchant ID as a username and your Merchant Key as a password. If your server doesn’t recognize the credentials on the messages sent from Google Checkout, you’ll receive an error message.

Please ensure you’ve configured the correct Merchant ID and Merchant Key as your basic authentication username and password. If you need help configuring HTTP basic authentication in your environment, please contact your hosting provider.

So maybe I will check with my hosting provider for some assistance, unless I can do that myself in Cpanel?

 
Magento Community Magento Community
Magento Community
Magento Community
 
etho201
Sr. Member
 
Total Posts:  85
Joined:  2008-04-03
Summerville, SC
 

I finally got this to work!!! I don’t know how serious a security threat this presents, but here is what I did.

Open:
/public_html/app/code/core/Mage/GoogleCheckout/Model/Api/Xml/Callback.php

Delete lines 47 - 51:

$status $this->getGResponse()->HttpAuthentication();

        if (!
$status || empty($data[$root])) {
            
exit;
        
}

Open:
/public_html/lib/googlecheckout/googleresponse.php

Delete lines 73 - 119:

/**
     * Verifies that the authentication sent by Google Checkout matches the
     * merchant id and key
     *
     * @param string $headers the headers from the request
     */
    function HttpAuthentication($headers=null$die=true{
      
if(!is_null($headers)) {
        $_SERVER 
$headers;
      
}
      
// moshe's fix for CGI
      
if (empty($_SERVER['HTTP_AUTHORIZATION'])) {
          
foreach ($_SERVER as $k=>$v{
              
if (substr($k, -18)==='HTTP_AUTHORIZATION' && !empty($v)) {
                  $_SERVER[
'HTTP_AUTHORIZATION'$v;
                  break;
              
}
          }
      }

      
if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
        $compare_mer_id 
$_SERVER['PHP_AUTH_USER'];
        
$compare_mer_key $_SERVER['PHP_AUTH_PW'];
      
}

  
//  IIS Note::  For HTTP Authentication to work with IIS,
  // the PHP directive cgi.rfc2616_headers must be set to 0 (the default value).
      
else if(isset($_SERVER['HTTP_AUTHORIZATION'])){
        
list($compare_mer_id$compare_mer_key) = explode(':',
            
base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'],
            
strpos($_SERVER['HTTP_AUTHORIZATION']" ") + 1)));
      
else if(isset($_SERVER['Authorization'])) {
        
list($compare_mer_id$compare_mer_key) = explode(':',
            
base64_decode(substr($_SERVER['Authorization'],
            
strpos($_SERVER['Authorization']" ") + 1)));
      
else {
        $this
->SendFailAuthenticationStatus(
              
"Failed to Get Basic Authentication Headers",$die);
        return 
false;
      
}
      
if($compare_mer_id != $this->merchant_id
         
|| $compare_mer_key != $this->merchant_key{
        $this
->SendFailAuthenticationStatus("Invalid Merchant Id/Key Pair",$die);
        return 
false;
      
}
      
return true;
    
}
 
Magento Community Magento Community
Magento Community
Magento Community
 
nikkstocks
Member
 
Total Posts:  47
Joined:  2008-06-08
 

hey, just found this thread and though this is a month old i would strongly recommend you find an alternative solution for this problem (though i cant actually help you with that one im afraid)

to cut to the chase and leaving out a substantial chunk of technical mumbo, by removing the second chunk of code (verifying the authentication sent by google checkout matches… etc), youve deleted a MASSIVE chunk of the security checks made on the google API. now if someone managed to find out your google merchant key it would make it theoretically possible for them to simulate a response from google confirming payment for an order. whilst in a small company you would probably notice the lack of money appearing in your account, if it became quite a big business payments could quite easily become lost. Of course this is all dependant on the additional checks magento may or may not make on the contents of the returned information.

a friendly warning smile pm me if you’d like the technical mumbo

 
Magento Community Magento Community
Magento Community
Magento Community
 
etho201
Sr. Member
 
Total Posts:  85
Joined:  2008-04-03
Summerville, SC
 

A month old, but I always check my previous posts for updates wink. Thanks for the explanation, it has given me a better understanding and has made this more of a priority. There is someone with the Magento team who has been trying to assist with this problem but we have yet to get this fixed. That thread can be found here: http://www.magentocommerce.com/boards/viewthread/5960/

 
Magento Community Magento Community
Magento Community
Magento Community
 
ForgetHangovers
Sr. Member
 
Total Posts:  83
Joined:  2009-04-12
Maryland, USA
 

I have the same problem “Send failed with code: 401. Response body was: Failed to Get Basic Authentication Headers” & shipping isn’t calculated properly ($0.00 for each option).
Anyone have a valid solution?
I don’t feel comfortable snipping code that could open up security holes.

 
Magento Community Magento Community
Magento Community
Magento Community
 
ForgetHangovers
Sr. Member
 
Total Posts:  83
Joined:  2009-04-12
Maryland, USA
 

Supposedly Fixed in v1.3.2: http://www.magentocommerce.com/bug-tracking/issue?issue=6083
However, I just upgraded and I am still experiencing the same problem (All shipping options show $0.00) :(
Any idea’s?

This seems to be a more valid Bug Report: http://www.magentocommerce.com/bug-tracking/issue/?issue=5434
Reported on 3/1/09, still no fix :(

 
Magento Community Magento Community
Magento Community
Magento Community
 
r2rsquared
Jr. Member
 
Total Posts:  30
Joined:  2008-10-16
Lake Oswego, OR
 

Send failed with code: 401. Response body was: Failed to Get Basic Authentication Headers

I seem to be having problems with the “API Callback URL”.  So, I tried testing authentication using SSH.  After initiating a SSH login, I issued the following commands:

wget --post-data=blah https://fcpaparts.com/googlecheckout/api/
--server responded with: “401 Unauthorized Authorization failed.”

wget --post-data=blah https://fcpaparts.com/index.php/googlecheckout/api/
--server responded with: “401 Unauthorized Authorization failed.”

However, when I the following command at the base URL:
wget --post-data=blah https://fcpaparts.com
--server responded with: “200 OK”

I suspect the problem is the format or access to the path:
https://www.mydomain.com/googlecheckout/api
So, I checked the directory permissions for the “js” directory and all values are set to 775.

Additionally, I’ve “triple-checked” my settings for “Google merchant ID”, and “Google merchant key”.  Still, not working:(

I’ve put Magento on the side-burner for months, because of my frustration with the Google Checkout errors.  I feel that I’m very close to fixing this problem:  Anyone’s comments/suggestions would be appreciated.

Running Magento 1.3.2.4

 
Magento Community Magento Community
Magento Community
Magento Community
 
Anjanesh
Sr. Member
 
Avatar
Total Posts:  136
Joined:  2008-03-15
Mumbai, India
 

I suspect the problem is the format or access to the path:
https://www.mydomain.com/googlecheckout/api
So, I checked the directory permissions for the “js” directory and all values are set to 775.

r2rsuared - since you were getting a 401 and not a 404, isnt the path correct and its HTTP basic authentication thats not correct ?

 
Magento Community Magento Community
Magento Community
Magento Community
 
Andre N
Sr. Member
 
Avatar
Total Posts:  186
Joined:  2009-12-09
CA
 
r2rsquared - 04 January 2010 03:31 PM

Send failed with code: 401. Response body was: Failed to Get Basic Authentication Headers

I seem to be having problems with the “API Callback URL”.  So, I tried testing authentication using SSH.  After initiating a SSH login, I issued the following commands:

wget --post-data=blah https://fcpaparts.com/googlecheckout/api/
--server responded with: “401 Unauthorized Authorization failed.”

wget --post-data=blah https://fcpaparts.com/index.php/googlecheckout/api/
--server responded with: “401 Unauthorized Authorization failed.”

However, when I the following command at the base URL:
wget --post-data=blah https://fcpaparts.com
--server responded with: “200 OK”

I suspect the problem is the format or access to the path:
https://www.mydomain.com/googlecheckout/api
So, I checked the directory permissions for the “js” directory and all values are set to 775.

Additionally, I’ve “triple-checked” my settings for “Google merchant ID”, and “Google merchant key”.  Still, not working:(

I’ve put Magento on the side-burner for months, because of my frustration with the Google Checkout errors.  I feel that I’m very close to fixing this problem:  Anyone’s comments/suggestions would be appreciated.

Running Magento 1.3.2.4

I have this same problem with 1.4.1.1 rasberry

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top