Skip to content

Commit

Permalink
Merge pull request #2328 from mercadopago/feature/central-partners
Browse files Browse the repository at this point in the history 
Add/central-partners
  • Loading branch information
@hgaldino
hgaldino authored Mar 22, 2024
2 parents 526c0d1 + f7dd745 commit 9ad7ef6
Show file tree
Hide file tree
Showing 10 changed files with 712 additions and 20 deletions.
15 changes: 8 additions & 7 deletions guides/additional-content/reports/marketplace-sales/generate.es.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,13 +130,14 @@ curl --location --request POST 'https://api.mercadopago.com/v1/reports/marketpla
}
```

| Campo | Descripción |
|-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `display_timezone` (opcional) | Este campo determina la fecha y la hora que se visualiza en los reportes. Si no configuras este campo con una zona horaria, el sistema tomará por defecto el valor GMT-04. Si eliges una zona horaria que utiliza horario de verano, es necesario que hagas el ajuste manual cuando cambie la hora. |
| `columns` (obligatorio) | Campo con el detalle de columnas a incluir en tu reporte. Encuentra todos los posibles valores en la sección [Glosario](/developers/es/docs/checkout-pro/additional-content/reports/marketplace-sales-report/report-fields). |
| `name` (obligatorio) | Campo para asignar nombre a la estructura. |
| `file_format.prefix` (obligatorio) | Prefijo que compone el nombre del reporte una vez generado. |
| `file_column_separator` (obligatorio) | Caracter que puedes usar en el archivo .csv cuando no quieras que el separador sea un punto y coma. |
| Campo | Descripción |
|----------------------------|----------------------------------------------------------------------------------------------------|
| `display_timezone` (opcional) | Este campo determina la fecha y la hora que se visualiza en los reportes. Si no configuras este campo con una zona horaria, el sistema tomará por defecto el valor GMT-04. Si eliges una zona horaria que utiliza horario de verano, es necesario que hagas el ajuste manual cuando cambie la hora. |
| `columns` (obligatorio) | Campo con el detalle de columnas a incluir en tu reporte. Encuentra todos los posibles valores en la sección [Glosario](/developers/es/docs/checkout-pro/additional-content/reports/marketplace-sales-report/report-fields).|
| `name` (obligatorio)| Campo para asignar nombre a la estructura. |
| `file_format.prefix` (obligatorio) | Prefijo que compone el nombre del reporte una vez generado. |
| `file_column_separator` (obligatorio) | Caracter que puedes usar en el archivo .csv cuando no quieras que el separador sea un punto y coma. |

### Vías de notificación

Después de establecer la estructura del reporte, determine cómo desea recibir las notificaciones, ya sea por email o SFTP. Configure un _notifier_ como se muestra a continuación y preste atención a las características de cada campo descritas en la tabla siguiente.
Expand Down
3 changes: 3 additions & 0 deletions guides/additional-content/resources/legal/partners-privacy-mla.es.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# Declaración de Privacidad de Mercado Libre para Central de Partners

_Última actualización de 22/03/2024_

En Mercado Libre consideramos que la protección de los datos personales es una oportunidad para generar valor para nuestros aliados comerciales. Con el fin de llevar adelante la Central de Partners y brindarle soluciones a tu negocio, vamos a tratar algunos de tus datos personales.

La Central de Partners es un espacio en donde Mercado Libre, Mercado Shops y Mercado Pago, permiten que los vendedores puedan dar a conocer a los Partners con los cuales trabajan y de tal forma, que éstos últimos estén disponibles para su contratación por otros vendedores.
Expand All @@ -16,6 +18,7 @@ Los datos personales se registran en una base de datos de la que Mercado Libre e

Los datos personales que recolectamos para los propósitos que se explican en esta Declaración son:

* Foto de perfil
* Nombre comercial
* Mail de contacto comercial
* Teléfono de contacto comercial
Expand Down
3 changes: 2 additions & 1 deletion guides/additional-content/resources/legal/partners-privacy-mlb.pt.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Declaração de Privacidade para Central de Parceiros do Mercado Livre

_Última atualização em 17/07/2023_
_Última atualização em 22/03/2024_

No Mercado Livre consideramos a proteção de dados pessoais uma oportunidade para gerar valor aos nossos parceiros de negócios. Para realizar a Central de Parceiros e fornecer soluções para o seu negócio, processaremos alguns de seus dados pessoais.

Expand All @@ -18,6 +18,7 @@ Os dados pessoais são registrados em um banco de dados pelo qual o Mercado Livr

Os dados pessoais que coletamos para os fins explicados nesta Declaração são:

* Foto de perfil
* Nome comercial
* E-mail de contato comercial
* Telefone de contato comercial
Expand Down
3 changes: 3 additions & 0 deletions guides/additional-content/resources/legal/partners-privacy-mlm.es.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# Declaración de Privacidad de Mercado Libre para Central de Partners

_Última actualización de 22/03/2024_

En Mercado Libre consideramos que la protección de los datos personales es una oportunidad para generar valor para nuestros aliados comerciales. Con el fin de llevar adelante la Central de Partners y brindarle soluciones a tu negocio, vamos a tratar algunos de tus datos personales.

La Central de Partners es un espacio en donde Mercado Libre, Mercado Shops y Mercado Pago, permiten que los vendedores puedan dar a conocer a los Partners con los cuales trabajan y de tal forma, que éstos últimos estén disponibles para su contratación por otros vendedores.
Expand All @@ -16,6 +18,7 @@ Los datos personales se registran en una base de datos de la que Mercado Libre e

Los datos personales que recolectamos para los propósitos que se explican en esta Declaración son:

* Foto de perfil
* Nombre comercial
* Mail de contacto comercial
* Teléfono de contacto comercial
Expand Down
235 changes: 231 additions & 4 deletions guides/additional-content/your-integrations/webhooks.en.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Below, we will explain how to: specify the URLs that will be notified, configure

![webhooks](/images/dashboard/webhooks-es.png)

### Configure URLs and Events
### Configure URLs and Events

1. If you haven't done so already, create an application in the [Developer Dashboard](/developers/panel/app).
2. Once the application is created, navigate to the Webhooks section in the "Application details" page and configure the **production** and **test** URLs where notifications will be received.
Expand Down Expand Up @@ -56,7 +56,7 @@ At the moment the registered URL receives a notification, you can validate wheth
>
> `ts=1704908010,v1=618c85345248dd820d5fd456117c2ab2ef8eda45a0282ff693eac24131a5e839`
See below how to configure this validation.
See below the step-by-step to configure this validation and at the end, we provide some SDKs with a **complete code example** to make your configuration process easier.

1. Extract the timestamp (`ts`) and the signature from the `x-signature` header. To do this, split the content of the header by the `,` character, resulting in a list of elements. The value for the prefix `ts` is the timestamp (in milliseconds) of the notification, and `v1` is the encrypted signature. Example: `ts=1704908010` and `v1=618c85345248dd820d5fd456117c2ab2ef8eda45a0282ff693eac24131a5e839`.
2. Using the template below, replace the parameters with the data received in your notification.
Expand All @@ -68,7 +68,7 @@ id:[data.id_url];request-id:[x-request-id_header];ts:[ts_header];
In the template, values enclosed in `[]` should be replaced with the notification data, such as:

- Parameters with the `_url` suffix come from query params. For example, `[data.id_url]` will be replaced by the value corresponding to the event ID (`data.id`).
- `[timestamp]` will be the value of ts extracted from the x-signature header.
- `[ts_header]` will be the value of ts extracted from the x-signature header.

> If any of the values presented in the template above are not present in your notification, you should remove them from the template.
Expand Down Expand Up @@ -96,7 +96,234 @@ cyphedSignature = binascii.hexlify(hmac_sha256(secret.encode(), signedTemplate.e
```
]]]

6. Finally, compare the generated key with the key extracted from the header, ensuring they have an exact match. Additionally, you can use the timestamp extracted from the header for comparison with a timestamp generated at the time of receiving the notification to establish a tolerance for message reception delays.
5. Finally, compare the generated key with the key extracted from the header, ensuring they have an exact match. Additionally, you can use the timestamp extracted from the header for comparison with a timestamp generated at the time of receiving the notification to establish a tolerance for message reception delays.

- Complete code example:

[[[
```php
<?php
// Obtain the x-signature value from the header
$xSignature = $_SERVER['HTTP_X_SIGNATURE'];
$xRequestId = $_SERVER['HTTP_X_REQUEST_ID'];

// Obtain Query params related to the request URL
$queryParams = $_GET;

// Extract the "data.id" from the query params
$dataID = isset($queryParams['data.id']) ? $queryParams['data.id'] : '';

// Separating the x-signature into parts
$parts = explode(',', $xSignature);

// Initializing variables to store ts and hash
$ts = null;
$hash = null;

// Iterate over the values to obtain ts and v1
foreach ($parts as $part) {
// Split each part into key and value
$keyValue = explode('=', $part, 2);
if (count($keyValue) == 2) {
$key = trim($keyValue[0]);
$value = trim($keyValue[1]);
if ($key === "ts") {
$ts = $value;
} elseif ($key === "v1") {
$hash = $value;
}
}
}

// Obtain the secret key for the user/application from Mercadopago developers site
$secret = "your_secret_key_here";

// Generate the manifest string
$manifest = "id:$dataID;request-id:$xRequestId;ts:$ts;";

// Create an HMAC signature defining the hash type and the key as a byte array
$sha = hash_hmac('sha256', $manifest, $secret);
if ($sha === $hash) {
// HMAC verification passed
echo "HMAC verification passed";
} else {
// HMAC verification failed
echo "HMAC verification failed";
}
?>
```
```java
// Obtain the x-signature value from the header
const xSignature = headers['x-signature']; // Assuming headers is an object containing request headers
const xRequestId = headers['x-request-id']; // Assuming headers is an object containing request headers

// Obtain Query params related to the request URL
const urlParams = new URLSearchParams(window.location.search);
const dataID = urlParams.get('data.id');

// Separating the x-signature into parts
const parts = xSignature.split(',');

// Initializing variables to store ts and hash
let ts;
let hash;

// Iterate over the values to obtain ts and v1
parts.forEach(part => {
// Split each part into key and value
const [key, value] = part.split('=');
if (key && value) {
const trimmedKey = key.trim();
const trimmedValue = value.trim();
if (trimmedKey === 'ts') {
ts = trimmedValue;
} else if (trimmedKey === 'v1') {
hash = trimmedValue;
}
}
});

// Obtain the secret key for the user/application from Mercadopago developers site
const secret = 'your_secret_key_here';

// Generate the manifest string
const manifest = `id:${dataID};request-id:${xRequestId};ts:${ts};`;

// Create an HMAC signature
const hmac = crypto.createHmac('sha256', secret);
hmac.update(manifest);

// Obtain the hash result as a hexadecimal string
const sha = hmac.digest('hex');

if (sha === hash) {
// HMAC verification passed
console.log("HMAC verification passed");
} else {
// HMAC verification failed
console.log("HMAC verification failed");
}
```
```python
import hashlib
import hmac
import urllib.parse

# Obtain the x-signature value from the header
xSignature = request.headers.get("x-signature")
xRequestId = request.headers.get("x-request-id")

# Obtain Query params related to the request URL
queryParams = urllib.parse.parse_qs(request.url.query)

# Extract the "data.id" from the query params
dataID = queryParams.get("data.id", [""])[0]

# Separating the x-signature into parts
parts = xSignature.split(",")

# Initializing variables to store ts and hash
ts = None
hash = None

# Iterate over the values to obtain ts and v1
for part in parts:
# Split each part into key and value
keyValue = part.split("=", 1)
if len(keyValue) == 2:
key = keyValue[0].strip()
value = keyValue[1].strip()
if key == "ts":
ts = value
elif key == "v1":
hash = value

# Obtain the secret key for the user/application from Mercadopago developers site
secret = "your_secret_key_here"

# Generate the manifest string
manifest = f"id:{dataID};request-id:{xRequestId};ts:{ts};"

# Create an HMAC signature defining the hash type and the key as a byte array
hmac_obj = hmac.new(secret.encode(), msg=manifest.encode(), digestmod=hashlib.sha256)

# Obtain the hash result as a hexadecimal string
sha = hmac_obj.hexdigest()
if sha == hash:
# HMAC verification passed
print("HMAC verification passed")
else:
# HMAC verification failed
print("HMAC verification failed")
```
```golang
import (
"crypto/hmac"
"crypto/sha256"
"encoding/hex"
"fmt"
"net/http"
"strings"
)

func main() {
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
// Obtain the x-signature value from the header
xSignature := r.Header.Get("x-signature")
xRequestId := r.Header.Get("x-request-id")

// Obtain Query params related to the request URL
queryParams := r.URL.Query()

// Extract the "data.id" from the query params
dataID := queryParams.Get("data.id")

// Separating the x-signature into parts
parts := strings.Split(xSignature, ",")

// Initializing variables to store ts and hash
var ts, hash string

// Iterate over the values to obtain ts and v1
for _, part := range parts {
// Split each part into key and value
keyValue := strings.SplitN(part, "=", 2)
if len(keyValue) == 2 {
key := strings.TrimSpace(keyValue[0])
value := strings.TrimSpace(keyValue[1])
if key == "ts" {
ts = value
} else if key == "v1" {
hash = value
}
}
}

// Get secret key/token for specific user/application from Mercadopago developers site
secret := "your_secret_key_here"

// Generate the manifest string
manifest := fmt.Sprintf("id:%v;request-id:%v;ts:%v;", dataID, xRequestId, ts)

// Create an HMAC signature defining the hash type and the key as a byte array
hmac := hmac.New(sha256.New, []byte(secret))
hmac.Write([]byte(manifest))

// Obtain the hash result as a hexadecimal string
sha := hex.EncodeToString(hmac.Sum(nil))

if sha == hash {
// HMAC verification passed
fmt.Println("HMAC verification passed")
} else {
// HMAC verification failed
fmt.Println("HMAC verification failed")
}

})
}
```
]]]

### Simulate notification receipt

Expand Down
Loading

0 comments on commit 9ad7ef6

Please sign in to comment.