siftscience / sift-php Goto Github PK

curlUlr = https://api.siftscience.com/v204/score/1?api_key=abc&abuse_types=payment_abuse%2Cpromotion_abuse+%2Caccount_abuse%2Ccontent_abuse
will get error.

but:
only support : https://api.siftscience.com/v204/score/1?api_key=abc&abuse_types=payment_abuse,promotion_abuse,account_abuse,content_abuse

I'm having a hard time today with the pear-pear/services_JSON package, Composer keeps saying:

The requested package pear-pear/services_json could not be found in any version, there may be a typo in the package name.

It also slows down my builds a bunch because it seems like it has to load the entire PEAR directory first. It would be great if this package could be loaded in a different manner that didn't require the PEAR repository (zip file, perhaps?)

There has been some off and on discussion between our company and Sift in regards to the Device Fingerprinting API. As we heavily use the Sift PHP library, and have found the need to implement device fingerprinting into our answers to payment disputes, it would be convenient to be able to get access to the Device Fingerprinting API via this library.

Primarily, we would want to be able to query for the device's fingerprint with a session ID similar to the example shown in the JS example here, except with a method in the PHP library. This would enable us to catalog that fingerprint with the corresponding order so that if the payment for the order is disputed, we can send along that fingerprint as part of the Visa CE3.0 evidence package.

We have had conversation elsewhere about this becoming available (as well as comments here about it being possible), but we haven't adequately followed up on those conversations.

If this is a feature that could get added, we'd greatly appreciate it.

The class_exists() calls that wrap the PEAR functionality are not setting the autoload argument to false and thus will cause errors in applications that rely on autoloaders for their namespaces/classes. lib/Services_JSON-1.0.3/JSON.php class_exists() should both include the second parameter set to false.

We are interested in using this library but all API calls swallow and hide Exceptions which prevents us from knowing what error occurred.

Example: https://github.com/SiftScience/sift-php/blob/master/lib/SiftClient.php#L105-L114:

public function track($event, $properties, $opts = array()) {
    // ...
        try {
            $request = new SiftRequest(
                $path, SiftRequest::POST, $opts['timeout'], $opts['version'], array(
                    'body' => $properties,
                    'params' => $params
                ));
            return $request->send();
        } catch (Exception $e) {
            return null;
        }
}

In other words, can the try/catch within each API method be removed? Example:

public function track($event, $properties, $opts = array()) {
    $this->mergeArguments($opts, array(
        'return_score' => false,
        'return_action' => false,
        'return_workflow_status' => false,
        'abuse_types' => array(),
        'path' => NULL,
        'timeout' => $this->timeout,
        'version' => $this->version
    ));
    $this->validateArgument($event, 'event', 'string');
    $this->validateArgument($properties, 'properties', 'array');

    $path = $opts['path'];
    if (!$path) {
        $path = self::restApiUrl($opts['version']);
    }

    $properties['$api_key'] = $this->api_key;
    $properties['$type'] = $event;

    $params = array();
    if ($opts['return_score']) $params['return_score'] = 'true';
    if ($opts['return_action']) $params['return_action'] = 'true';
    if ($opts['return_workflow_status']) $params['return_workflow_status'] = 'true';
    if ($opts['abuse_types']) $params['abuse_types'] = implode(',', $opts['abuse_types']);

    $request = new SiftRequest(
        $path, SiftRequest::POST, $opts['timeout'], $opts['version'], array(
            'body' => $properties,
            'params' => $params
        ));

        return $request->send();
}

If so, then library adopters can be in charge of handling exceptions as per their unique requirements:

// User code
try {
    $client->track($event, $properties);
} catch (\Exception $e) {
    // Adopter handles here ...
}

Unfortunately, we must know when and why exceptions occur so cannot use this library for that simple reason.

Your current "stable" release of the library has an issue with the usage of undefined constants in lib/SiftClient.php

This has since been fixed in master. Can you make a new release with this fix.

Sometimes we got this error when tracking any event:

array_key_exists() expects parameter 2 to be array, null given (vendors/sift-php/lib/SiftResponse.php:32)

It's hard to replicate, but we experienced this only on Sandbox account so far (we haven't switched to Production yet). It's totally random and after refreshing, it works.

Seems like the server response fails sometimes and causes this error.

Hi,

We are seeing this PHP Deprecation warning:

PHP Deprecated:  Using ${var} in strings is deprecated, use {$var} instead in /app/vendor/siftscience/sift-php/lib/SiftClient.php on line 1047

Can you please use {$var} instead of ${var} ?

Hi,

We are getting the error Array and string offset access syntax with curly braces is deprecated when updating our application to PHP 7.4.

The curly braces syntax has been deprecated and only brackets [] are allowed from PHP 7.4

Is there any way to have the fix in latest and apply the patch for some older versions? Maybe replacing the JSON.php class with the builtin json from PHP is a better approach like merging the changes from #74

array_key_exists emits E_WARNING if returned body is invalid JSON

This has been fixed in pull request #36

1. support return_action
2. ensure return_score works

There are a number of documented endpoints that are not able to be queried through the sift-php classes presently, due to not having methods to use them.

Such as the Webhooks API, for example: https://sift.com/developers/docs/curl/webhooks-api/overview

Rather than trying to push through methods for everything to handle every endpoint and maintain them as new ones are introduced, it would be useful if there was a generic method available in the SiftClient class to do so, something like --

public function queryEndpoint( $version, $endpoint, $method, $query_args = array() ) {
    $api_url = self::urlPrefix( $version ) . '/' . str_replace( '{accountId}', $this->account_id, $endpoint );
    $endpoint = ltrim( $endpoint, '/' );
    $query_args['auth'] = $this->api_key . ':';

    try {
        $request = new SiftRequest(
            $api_url,
            $method,
            $this->timeout,
            $this->version,
            $query_args
        );
        return $request->send();
    } catch (Exception $e) {
        $this->logError($e->getMessage());
        return null;
    }
}

or something -- I could be off on a couple usages or paradigms, but that feels like it mirrors most of the existing patterns from a quick glance.

I'm unsure if there's other tokens that may need to be able to get str_replaced into the api url for other varied endpoints -- or if it's better to use accessor functions to pull those out of the SiftClient instance and add them in manually prior to invoking.

Once introduced, it could be used something like

$sift = new SiftClient([ 'api_key' => 'my_api_key', 'account_id' => 'my_account_id' ]);
$response = $sift->queryEndpoint( 3, 'accounts/{accountId}/webhooks', 'POST', $data_array );
print_r( $response->body ); 

In short, the big reason for this request is to enable the library to be used for all requests sent to the Sift API, rather than needing to maintain a secondary code path for unsupported endpoints -- at which point it would be easier when building client integrations to ignore this official client library and consolidate around a custom one, which sort of defeats the purpose and benefits of using and supporting an official client, in my opinion.

Please comment when and how should customers use $returnScore with their API calls. Thank you.

Hi, I'm using this library and found a bug.

unlabel() function referred a non-existing variable.
https://github.com/SiftScience/sift-php/blob/master/lib/SiftClient.php#L216

$timeout and $version variables should be $opts['timeout'] and $opts['version'].
Thanks.

The getDecisions method allows for optional parameters for filtering, but those are never passed on to the actual request.
The code in library version 4.0.0 is the following:

$request = new SiftRequest($url, SiftRequest::GET, $opts['timeout'],
                self::API3_VERSION,
                array('auth' => $this->api_key . ':'));

but it should probably look like this:

$request = new SiftRequest($url, SiftRequest::GET, $opts['timeout'],
                self::API3_VERSION,
                array('auth' => $this->api_key . ':', 'params' => $opts));

I'm using the library under PHP 7.0, and i'm seeing this error message: Methods with the same name as their class will not be constructors in a future version of PHP (See list of deprecated features)

In using this with composer on Ubuntu with PHP 7.1, I get this error:
PHP Fatal error: Uncaught Error: Undefined class constant 'VERSION' in /var/www/.../html/vendor/siftscience/sift-php/lib/SiftRequest.php:73
In removing the constant from that line, it works. Not sure if it is a compatibility issue or I'm not doing something properly.

It would be valuable to be able to inject a specific PSR-7 HTTP Client, for example, guzzlehttp, instead of relying on the custom curl implementation that currently underlies all the API calls. This would allow users to reliably inject any customized HTTP client (because of the standardized interface) that meets their specific requirements while still being able to take advantage of the API calls provided by this library.

It's not an issue, it's a suggestion ... I can do it, but I prefere to ask you before ... and what do you think about it.