A library for working with the Yandex.Money API and a demo Android application
Good afternoon, the community.
I want to share my development - an Android library for working with the Yandex.Money API.
Not later than April 15, Yandex opened an API for working with Money. Like all previously open APIs for working with Yandex services, it is based on authorization through OAuth. In the current implementation, the API allows you to request information about your account, request a list of transactions on the account and make payments using templates. Details - in the documentation , questions can be asked in the developer club .
')
As a result, a library and a demo application for Android, working with the wallet through the API, was downloaded.
Actually, the basis of the library regarding the Android application is the OAuthActivity class, from which you should inherit your Activity, which will perform the initial OAuth authorization of the application. The result of the application authorization is the access token with which the YandexMoneyService class is initialized which, using this token, can perform the following actions (for now)
When called without arguments, the second method returns all operations (both enrollment and write-off). Paging is not yet supported. As an argument, it is possible to pass an object of the YandexMoneyOperationTypes class to specify a specific operation.
There is also a storage of tokens. To avoid requesting authorization each time the token can be saved. To do this, use the heirs of the AccessTokenStorage class, namely, SharedPreferencesStorage and EncryptedSharedPreferencesStorage . The second implementation differs in that it stores the token in the form encrypted using the 3DES algorithm.
To use OAuth authorization, an application must define a descendant class of OAuthActivity by implementing the following methods in it:
Success or authorization failure is reported by starting the Activity by sending Action == “ru.elifantiev.yandex.oauth.AUTH_RESULT” (see OAuthActivity.ACTION_AUTH_RESULT). Intent is placed a sign of success (.AUTH_RESULT_EXTRA) equal AUTH_RESULT_OK or AUTH_RESULT_ERROR. The error is placed in Extra .EXTRA_AUTH_RESULT_ERROR.
Another important point. For successful return processing from application authorization (and it, according to Yandex requirements, is performed in the OS built-in browser), processing by the OAuthActivity Intent heir described by the following filter is required:
In fact, this is processing browser redirection to the URL oauth: // appId (where appId is the application identifier, the same as in the getAppId method, I have it stored in the application resources).
About the demo app ...
Consists of 3 Activity - AppLoginActivity , AuthActivity and MainActivity .
AppLoginActivity at the first start of the application offers to undergo an application authorization procedure (it launches AuthActivity, which in turn is the heir of OAuthActivity). If the application has already been authorized successfully - the PIN request dialog is displayed.
Before undergoing the authorization procedure, AuthActivity requests the user a new PIN code, which will then be used to store the encrypted token, after which it starts the authorization.
The result of the authorization comes back to AppLoginActivity where it is processed (an error message is displayed or the state is saved - authorization is passed). In case of success, MainAcitivty is launched, which starts the call to services.
What is the result ... I want to get criticism regarding the implementation, to collect complaints and suggestions, etc. Those who want to drank it together - welcome.
PS The author has nothing to do with Yandex and Yandex. Money has not.
EDIT with the key lying in sortsah, the application will not start. Register your application with an alternate redirect address and get your ID.
I want to share my development - an Android library for working with the Yandex.Money API.
Not later than April 15, Yandex opened an API for working with Money. Like all previously open APIs for working with Yandex services, it is based on authorization through OAuth. In the current implementation, the API allows you to request information about your account, request a list of transactions on the account and make payments using templates. Details - in the documentation , questions can be asked in the developer club .
')
As a result, a library and a demo application for Android, working with the wallet through the API, was downloaded.
Actually, the basis of the library regarding the Android application is the OAuthActivity class, from which you should inherit your Activity, which will perform the initial OAuth authorization of the application. The result of the application authorization is the access token with which the YandexMoneyService class is initialized which, using this token, can perform the following actions (for now)
- getAccountInfo: Request account information - API method account-info
- getOperationHistory: Queries operation history - operation-history API method
When called without arguments, the second method returns all operations (both enrollment and write-off). Paging is not yet supported. As an argument, it is possible to pass an object of the YandexMoneyOperationTypes class to specify a specific operation.
There is also a storage of tokens. To avoid requesting authorization each time the token can be saved. To do this, use the heirs of the AccessTokenStorage class, namely, SharedPreferencesStorage and EncryptedSharedPreferencesStorage . The second implementation differs in that it stores the token in the form encrypted using the 3DES algorithm.
To use OAuth authorization, an application must define a descendant class of OAuthActivity by implementing the following methods in it:
- getRequiredPermissions is a method that returns the set of rights required by the application. For Yandex.Money, we use YandexMoneyPermissions container
- getClientId is the client identifier in the Yandex.Money system. It will be issued at the application registration stage .
- getAppId - application identifier. Used to compose the redirect_uri address, it actually identifies the application when processing the authorization response, it is better to set it = the application package name
- getServer is the server from which to request authorization
- getTokenStorage - returns tokens storage used to save the received authorization token
Success or authorization failure is reported by starting the Activity by sending Action == “ru.elifantiev.yandex.oauth.AUTH_RESULT” (see OAuthActivity.ACTION_AUTH_RESULT). Intent is placed a sign of success (.AUTH_RESULT_EXTRA) equal AUTH_RESULT_OK or AUTH_RESULT_ERROR. The error is placed in Extra .EXTRA_AUTH_RESULT_ERROR.
Another important point. For successful return processing from application authorization (and it, according to Yandex requirements, is performed in the OS built-in browser), processing by the OAuthActivity Intent heir described by the following filter is required:
<intent-filter> <action android:name="android.intent.action.VIEW"/> <category android:name="android.intent.category.DEFAULT"/> <category android:name="android.intent.category.BROWSABLE"/> <data android:scheme="oauth" android:host="@string/app_id"/> </intent-filter> In fact, this is processing browser redirection to the URL oauth: // appId (where appId is the application identifier, the same as in the getAppId method, I have it stored in the application resources).
About the demo app ...
Consists of 3 Activity - AppLoginActivity , AuthActivity and MainActivity .
AppLoginActivity at the first start of the application offers to undergo an application authorization procedure (it launches AuthActivity, which in turn is the heir of OAuthActivity). If the application has already been authorized successfully - the PIN request dialog is displayed.
Before undergoing the authorization procedure, AuthActivity requests the user a new PIN code, which will then be used to store the encrypted token, after which it starts the authorization.
The result of the authorization comes back to AppLoginActivity where it is processed (an error message is displayed or the state is saved - authorization is passed). In case of success, MainAcitivty is launched, which starts the call to services.
What is the result ... I want to get criticism regarding the implementation, to collect complaints and suggestions, etc. Those who want to drank it together - welcome.
PS The author has nothing to do with Yandex and Yandex. Money has not.
EDIT with the key lying in sortsah, the application will not start. Register your application with an alternate redirect address and get your ID.
Source: https://habr.com/ru/post/117739/
All Articles