Issue with REST API Access for PayPal Express Payment

  • Resolved albarosa

    (@albarosa)


    4 months, 3 weeks ago

    Dear Payment Plugins Team,

    I have a custom code that only allows REST API access for certain endpoints or user agents. This code works for all accesses, such as Stripe or product partners, but it does not work for PayPal Express Payment. Here’s the code, which also shows the various attempts I’ve made in hopes that PayPal (Express Payment) would go through.

    function restrict_wp_json_to_logged_in_users( $result ) {
        $allowed_endpoints = array(
            '/wp-json/wc-stripe/v1/webhook', 
            '/wp-json/wc/v3/orders', 
            '/wp-json/wc/v3', 
            '/wp-json/wc-ajax/', 
            '/wp-json/wc/v2', 
            '/wp-json/wc/store', 
            '/wp-json/wp/v2', 
            '/wp-json/wc-ppcp/v1/webhook/production', // PayPal Webhook v1
            '/wp-json/wc-ppcp/v2/webhook/production', // PayPal Webhook v2
            '/wp-json/wc-ppcp/v3/webhook/production', // PayPal Webhook v3
            '/wp-json/wc-ppcp/v1/', //PayPal v1
            '/wp-json/wc-ppcp/v2/', // PayPal v2
            '/wp-json/wc-ppcp/v3/', // Paypal v3
             '/wc-ajax/wc_ppcp_frontend_request', // PayPal AJAX/
        );

        $allowed_user_agents = array(
            'Stripe/1.0', 
            'axios/1.6.6', 
            'PayPal-IPN', 
        );

        $request_uri = $_SERVER['REQUEST_URI'];
        $user_agent = $_SERVER['HTTP_USER_AGENT'];
        $remote_ip = $_SERVER['REMOTE_ADDR'];

        foreach ( $allowed_endpoints as $endpoint ) {
            if ( strpos( $request_uri, $endpoint ) !== false ) {
                return $result;
            }
        }

        foreach ( $allowed_user_agents as $agent ) {
            if ( strpos( $user_agent, $agent ) !== false ) {
                return $result;
            }
        }

        if ( !is_user_logged_in() && !current_user_can( 'edit_posts' ) ) {
            return new WP_Error( 'rest_cannot_access', 'Only authenticated users have access to the REST API.', array( 'status' => 401 ) );
        }

        return $result;
    }
    add_filter( 'rest_authentication_errors', 'restrict_wp_json_to_logged_in_users' );

    Could you please let me know which user agent or other value I can enter to allow the PayPal Express payment method to go through? If I delete the entire code, it works, but then I lose the security of granting access only to selected addresses.

    Thank you for your help.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Payment Plugins

    (@mrclayton)

    Hi @albarosa

    The user agent request is pretty standard and can be viewed via the network tab of the chrome browser. Here is an example:

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

    Kind Regards

    Thread Starter albarosa

    (@albarosa)

    Hello @mrclayton,

    Thank you very much for the response; it actually works now with the standard user agent.

    It’s a bit too general, but still better than nothing at all.

    Thank you so much for your help!

    Best regards

    Plugin Author Payment Plugins

    (@mrclayton)

    Hi @albarosa

    Thanks for confirming you got it working.

    Kind Regards

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.