)One of the great difficulties in communication is speaking the same language and even the same dialect of a given language. One of the easiest communication languages to use is the ubiquitous HyperText Transfer Protocol (HTTP) originally intended for communicating between a web browser and a web server. At its heart, this is nothing more than a list of key-value pairs.
PAYMENT PROCESSING SYSTEM DESCRIPTION
Have you ever stopped to consider what happens when you’re shopping online? In between entering your credit card information and the money getting charged to your account is a very complex set of interactions. During this class, we will explore a simplified payment processing system that does exactly this. We’ll create a design for it and provide sample implementations for some of the components.
Let’s take a look at some of the details of a payment processing system.
FORMS OF PAYMENT
To keep this simple we’ll assume that we only accept credit cards for payment.
FRONTEND
The happy shopper needs some way to enter their payment details.
ONLINE STORE
The storefront needs an interface to the processing system where they can enter the shoppers’ details, get confirmation that they can charge the card, and collect the money afterwards.
CREDIT CARD PAYMENTS
Paying by credit card, whether online or in a physical shop, follows a two-step process.
When your card is first run, it performs an “authorization”. This authorization takes the credit card details and the amount requested and sends them to the credit card company. The company then looks up the card and verifies whether or not the payment will succeed. A status code (OK or some kind of error code) is returned, along with an authorization code if the status is OK.
Later on (e.g. once an hour, once a day) all of these authorizations are collected up into a single batch and sent as “payment requests” to the credit card company. A payment request contains the same information as the initial authorization along with the authorization code that was returned. The credit card company will respond with statuses for each payment request and all the money for those requests that succeeded is transferred into the store’s bank account.
PAYMENT PROCESSING SYSTEM
The system needs to implement credit card processing as described above.
CREDIT CARD COMPANY
We shall assume we use a single credit card processor and that processor provides us with an interface for performing authorizations in real time and batch payment requests.
ASSIGNMENT INSTRUCTIONS
IMPLEMENT COMMUNICATION VIA HTTP
For this assignment, you will write a short (1,000 – 2,000 words) paper on using HTTP to communicate between two servers and provide a small example by implementing a simple client and server in Python. Your example should demonstrate using HTTP to communicate between the client and the server using JSON. Your code can build off the example code you downloaded as part of the reading. The only thing you need to do is decide what data you want to transmit between the client and the server and how to encode it. There are lots of examples available. This can be as simple as creating a POST request where you send a JSON string to the server, and then have the server do something with the data and then respond with a JSON string in the body of the response. Python contains a json library to convert between a Python dict and a JSON string.
The description of the payment processing system is included above. One option for your communication would be to transmit an object that represents a payment request: credit card information, user information and payment amount.
For your paper you should do some research on different kinds of request / response bodies that are commonly used – we’ve already mentioned HTML form data and JSON but there are plenty more. You should provide an outline for what the client-server communication looks like and what HTTP headers are especially important.
Please keep focused on the goal of this assignment, which is to gain experience in communicating between two components of a system via a shared language understood by both components.
You must submit a zip file containing all of your source code (no executable code) and a 1,000-2,000 word write-up in PDF format that describes your design and implementation, clearly explains how to run it, and covers problems you encountered and their solutions. (Links to an external site.)
Assignment Focus
You can find some additional JSON resources here:
A very approachable JSON: tutorial https://developer.mozilla.org/en-US/docs/Learn/JavaScript/Objects/JSON
Further JSON examples: https://json.org/example.html
This assignment represents the creation of a “mock.” A mock is a mockup of a server with something simpler, which can stand in place of a real server. The advantages of a mock is that it is under the control of the application test team, and can provide known responses. Also, the actual interface have restrictions or invoke charges to the developer (think about an email server, for example).
Here are some specifics:
You may submit code in JavaScript/node, Java, or Python for this assignment
To align with the overall arc of the assignments, I suggest the following goal for your http exchange:
Implement the authorization exchange where the cardholder provides the credit card information (as specified in the use case, perhaps in a web form), and call the credit card service provider, which returns an authorization code (or failure).
You can elide the second step request to the cardholder’s credit card issuer, implementing the credit card provider in the processing of the request.
Implementing both a success and failure case would be ideal, perhaps using a credit limit as the criteria.
This assignment has a nice extension to use https, secure http, rather than unencrypted http. The extension and its credit is described below:
Wrap your http daemon in an TLS/SSL socket
Create a certificate (you may need openssl)
Start the SSL server
Use a browser to make the connection (and for now, allow the self-generated certificate to be trusted. Rescind later).
Use your “get” client to the SSL port to retrieve the JSON content
Convert the content to a dict and print it.
You may do the equivalent of (a) through (f) in Python, Java, or JavaScript
A Python sample of wrapping the http server socket with TLS protocol is found in (attached file)
The bonus for this addition is up to a 20 point bonus
Please DO NOT submit your credential file (*.pem). Even though it is temporary, it should be kept private.
This assignment has a nice extension to locate the official port number for http and for https.
