Ebay Marketplace Account Deletion Notifications Handler

June 17, 2022 . 5 MIN READ

  1. <?php
  2.  
  3. ##########################################################
  4. ### Marketplace Account Deletion Notifications Handler ###
  5. ### By Swappart 2021 ###
  6. ##########################################################
  7.  
  8. ### Sign into eBay Developers Program and find your Client ID and Client Secret under 
  9. ### application access keys.
  10. ### Your endpoint and verificationToken are values you specify when subscribing to 
  11. ### Marketplace Account Deletion Notifications in your developer account.
  12. ### The endpoint URL must not contain the word eBay.
  13. ### The verification token has to be between 32 and 80 characters, and allowed 
  14. ### characters include alphanumeric characters, underscore (_), and hyphen (-).
  15. ### No other characters are allowed. Example: 654321abcdef654321abcefd123456fe;
  16.  
  17. $client_id = “Your client ID goes here”; //Also known as App ID.
  18. $client_secret = “Your client secret goes here”; //Also known as Cert ID.
  19. $verificationToken = “Your verification token goes here”;
  20. $endpoint = “YourEndpointURL”;
  21.  
  22. // Sets base file location to one level above webroot. You can
  23. // change this if you want to use a specific location.
  24. $fileStorageLocation = realpath(dirname(__FILE__) . ‘/..’);
  25.  
  26.  
  28. #####################################
  29. ### This part validates endpoint. ###
  30. #####################################
  31. if(isset($_GET[‘challenge_code’])){
  32. $challengeCode = $_GET[‘challenge_code’];
  33. header(‘Content-Type: application/json’); 
  34. $d=$challengeCode.$verificationToken.$endpoint; 
  35. $hd=array(“challengeResponse”=>hash(“sha256”, $d));
  37. echo(json_encode($hd));
  38. }
  39.  
  41. $json = file_get_contents(‘php://input’);
  42. $message = json_decode($json, true);
  43.  
  44. ####################################################
  45. ### Creates file to help with debugging script ###
  46. ### Find file debug.txt in the directory above ###
  47. ### webroot. May contain sensitive info, so do ###
  48. ### not post the contents if you have a problem. ###
  49. ####################################################
  50. $config[‘Decoded JSON Message’] = $message;
  51. $config[‘Server’] = $_SERVER;
  52. $data = parseArray($config);
  53. $debug = $fileStorageLocation . ‘/debug.txt’;
  54. write_to_file($debug, $data);
  55.  
  56.  
  57.  
  58.  
  59. #######################################
  60. ### This part handles notfications. ###
  61. #######################################
  62. if(isset($_SERVER[‘HTTP_X_EBAY_SIGNATURE’])){
  64. if (!$message) {
  65. throw new Exception(‘Invalid message’);
  66. }
  68. if (empty($_SERVER[‘HTTP_X_EBAY_SIGNATURE’])) {
  69. throw new Exception(‘No signature passed’);
  70. }
  72. $signature = json_decode(base64_decode($_SERVER[‘HTTP_X_EBAY_SIGNATURE’]), true) ?: [];
  73. if (empty($signature[‘kid’])) {
  74. throw new Exception(‘Signature not decoded’);
  75. }
  77.  
  79. $token = retrieveToken($client_id, $client_secret, $fileStorageLocation);
  81. $ch = curl_init();
  82. $fp = fopen($fileStorageLocation . ‘/curlLog.txt’, ‘w’) or die(‘Unable to open file!’);
  83. curl_setopt($ch, CURLOPT_URL, “https://api.ebay.com/commerce/notification/v1/public_key/” . $signature[‘kid’]);
  84. curl_setopt($ch, CURLOPT_HTTPHEADER, array(‘Content-Type = application/json’,‘Accept: application/json’, ‘Authorization:bearer ‘ . $token));
  85. curl_setopt($ch, CURLOPT_FILE, $fp);
  86. curl_setopt($ch, CURLOPT_HEADER, 0);
  87. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  91. $response = curl_exec($ch);
  95. $curl_errno = curl_errno($ch);
  96. $curl_error = curl_error($ch);
  98. if ($curl_errno > 0) {
  100. fwrite($fp, “cURL Error ($curl_errno): $curl_error\n”);
  101. } else {
  102. fwrite($fp, “Data received: $response\n”);
  104. }
  106. $publicKey = json_decode($response, true);
  108. curl_close($ch);
  109. fclose($fp);
  111. if (empty($publicKey[‘key’])) {
  112. throw new Exception(
  113. ‘getPublicKey response: ‘ . json_encode($publicKey) . ‘ for signature ‘ . $signature[‘kid’]
  114. );
  115. }
  117. if ($publicKey[‘algorithm’] !== ‘ECDSA’ || $publicKey[‘digest’] !== ‘SHA1’) {
  118. throw new Exception(‘Unsupported encryption algorithm/digest’);
  119. }
  121. if (preg_match(‘/^—–BEGIN PUBLIC KEY—–(.+)—–END PUBLIC KEY—–$/’, $publicKey[‘key’], $matches)) {
  122. $key = “—–BEGIN PUBLIC KEY—–\n”
  123. . implode(“\n”, str_split($matches[1], 64))
  124. . “\n—–END PUBLIC KEY—–“;
  125. } else {
  126. throw new Exception(‘Invalid key’);
  127. }
  130. $verificationResult = openssl_verify(
  131. json_encode($message),
  132. base64_decode($signature[‘signature’]),
  133. $key,
  134. OPENSSL_ALGO_SHA1
  135. );
  139. if ($verificationResult === 1) {
  140. echo ‘OK’;
  142. // If you need to check to see if you have any data related to the deleted user
  143. // this is where you do it. You would pass the below username and/or userId 
  144. // variables to a script which could check your database, and then handle the
  145. // result accordingly.
  148. $username = $message[‘notification’][‘data’][‘username’];
  149. $userId = $message[‘notification’][‘data’][‘userId’];
  150. $eiasToken = $message[‘notification’][‘data’][‘eiasToken’];
  154. } else {
  155. $myfile = fopen($fileStorageLocation . ‘/verification-error.txt’, ‘w’) or die(‘Unable to open file!’);
  156. $txt = “Verification Failed!”;
  157. fwrite($myfile, $txt);
  158. fclose($myfile);
  159. throw new Exception(‘Verification failure’, 412);
  160. }
  161. }
  166. #############################################################
  167. ### This part returns stored OAuth token, or new token if ###
  168. ### stored one is expired. Tokens only valid for 2 hours. ###
  169. #############################################################
  170. function retrieveToken($client_id, $client_secret, $fileStorageLocation){
  171. $date = new DateTime();
  172. $date->getTimestamp();
  173. $auth = null;
  174. if(file_exists($fileStorageLocation . ‘/auth.ini’)){
  175. $auth = parse_ini_file($fileStorageLocation . ‘/auth.ini’, true); 
  176. if(!isset($auth[‘time’]) || !isset($auth[‘token’])){
  177. //ini file exists but doesn’t contain token. We’ll fetch one and update the file.
  178. $token = getNewToken($client_id, $client_secret, $fileStorageLocation);
  179. }else{
  180. $s = $auth[‘time’];
  181. $t= new DateTime(“@$s”);
  183. if($date->getTimestamp() > $t->add(new DateInterval(‘PT7170S’))->getTimestamp()){
  184. //Token expired. We’ll fetch a new one.
  185. $token = getNewToken($client_id, $client_secret, $fileStorageLocation);
  186. }else{
  187. //Stored token still good! Using it”
  188. $token = $auth[‘token’];
  190. }
  191. }
  193. }else{
  194. //ini file doesn’t exist yet. We’ll fetch a token and create the file.
  195. $token = getNewToken($client_id, $client_secret, $fileStorageLocation); 
  196. }
  198. return $token;
  200. }
  203. ####################################################
  204. ### This part fetches new OAuth token as needed. ###
  205. ####################################################
  206. function getNewToken($client_id, $client_secret, $fileStorageLocation) {
  208. $ch = curl_init();
  210. curl_setopt($ch, CURLOPT_URL, ‘https://api.ebay.com/identity/v1/oauth2/token’);
  211. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  212. curl_setopt($ch, CURLOPT_POST, 1);
  213. curl_setopt($ch, CURLOPT_POSTFIELDS, “grant_type=client_credentials&scope=https://api.ebay.com/oauth/api_scope”);
  215. $headers = array();
  216. $headers[] = ‘Content-Type: application/x-www-form-urlencoded’;
  217. $headers[] = ‘Authorization: Basic ‘ . base64_encode($client_id . ‘:’ . $client_secret);
  218. curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
  220. $result = curl_exec($ch);
  221. if (curl_errno($ch)) {
  222. echo ‘Error:’ . curl_error($ch);
  223. }
  224. curl_close($ch);
  225. $tk = json_decode($result, true);
  226. $date = new DateTime();
  227. $time = $date->getTimestamp();
  230. // Update values
  231. $config[‘time’] = $time;
  232. $config[‘token’] = $tk[‘access_token’];
  234. $data = parseArray($config);
  236.  
  237. // Write ini file values
  238. $inifile = fopen($fileStorageLocation . ‘/auth.ini’, ‘w’) or die(‘Unable to open file!’);
  239. write_to_file($fileStorageLocation . ‘/auth.ini’, $data);
  240. fclose($inifile);
  242. return $tk[‘access_token’]; 
  243. }
  247. #######################################################################
  248. ### This part parses arrays. ###
  249. #######################################################################
  250. function parseArray($array = []) {
  252. // check second argument is array
  253. if (!is_array($array)) {
  254. throw new \InvalidArgumentException(‘Function argument must be an array.’);
  255. }
  257. // process array
  258. $data = array();
  259. foreach ($array as $key1 => $val1) {
  260. if (is_array($val1)) {
  261. $data[] = “[$key1]”;
  264. foreach ($val1 as $key2 => $val2) {
  265. if (is_array($val2)) {
  267. foreach ($val2 as $key3 => $val3) {
  268. if (is_array($val3)) {
  269. foreach ($val3 as $key4 => $val4) {
  272. if (is_numeric($key3)) {
  273. $data[] = $key3.‘[] = ‘.(is_numeric($val4) ? $val4 : (ctype_upper($val4) ? $val4 : ‘”‘.$val4.‘”‘));
  274. } else {
  275. $data[] = $key2.‘[‘.$key3.‘] [‘.$key4.‘]= ‘.(is_numeric($val4) ? $val4 : (ctype_upper($val4) ? $val4 : ‘”‘.$val4.‘”‘));
  276. }
  278. }
  279. }else {
  280. $data[] = $key2.‘[‘.$key3.‘] = ‘.(is_numeric($val3) ? $val3 : (ctype_upper($val3) ? $val3 : ‘”‘.$val3.‘”‘));
  281. }
  282. }
  285. } else {
  286. $data[] = $key2.‘ = ‘.(is_numeric($val2) ? $val2 : (ctype_upper($val2) ? $val2 : ‘”‘.$val2.‘”‘));
  287. }
  288. }
  292. } else {
  293. $data[] = $key1.‘ = ‘.(is_numeric($val1) ? $val1 : (ctype_upper($val1) ? $val1 : ‘”‘.$val1.‘”‘));
  294. }
  296. $data[] = null;
  297. }
  299. return $data;
  300. }
  302. ###########################################################
  303. ### This part writes arrays to file. ### 
  304. ### Used for storing OAuth token for later use. ###
  305. ### Also used to create debug file. ###
  306. ###########################################################
  307. function write_to_file($file, $dataArray = []) {
  309. // check first argument is string
  310. if (!is_string($file)) {
  311. throw new \InvalidArgumentException(‘Function argument 1 must be a string.’);
  312. }
  314. // check second argument is array
  315. if (!is_array($dataArray)) {
  316. throw new \InvalidArgumentException(‘Function argument 2 must be an array.’);
  317. }
  318. // open file pointer, init flock options
  319. $fp = fopen($file, ‘w’);
  320. $retries = 0;
  321. $max_retries = 100;
  323. if (!$fp) {
  324. return false;
  325. }
  327. // loop until get lock, or reach max retries
  328. do {
  329. if ($retries > 0) {
  330. usleep(rand(1, 5000));
  331. }
  332. $retries += 1;
  333. } while (!flock($fp, LOCK_EX) && $retries <= $max_retries);
  335. // couldn’t get the lock
  336. if ($retries == $max_retries) {
  337. return false;
  338. }
  340. // got lock, write data
  341. fwrite($fp, implode(PHP_EOL, $dataArray).PHP_EOL);
  343. // release lock
  344. flock($fp, LOCK_UN);
  345. fclose($fp);
  347. return true;
  348. }
  349.  
  351. ?> 

    Reference:https://forums.developer.ebay.com/questions/43122/working-code-marketplace-account-deletion-notifica.html

    https://stackoverflow.com/questions/68569773/ebay-marketplace-account-deletion-closure-notifications

Leave a Reply

Your email address will not be published. Required fields are marked *

Anwar

Anwar

RECENT POSTS

TAGS

You Might Be Interested In

Tags

Navigation

Newsletter