Good day @DanMakeway

We have fixed the issue with URL parameters with ??.

Please test it and let us know if we can be of any further assistance.

Good day @DanMakeway

Yes, we have identified an issue with URL parameters with ??. We are working on it and will be addressed as soon as possible. I will update this post once it is fixed.

Hi, any updates? thank you

DanMakeway

We are reviewing your case and get back to you shortly. For now, we don't need SF Temp Code. If needed we will request you.

Thank you for your patience.

Updating with new code

---

Temporary Code
ZBKKQJY4QH

---

Expires
25/01/2022 7:12 AM

Hi this is very helpful. I've figured out the issue. the Error and declined pages are throwing an error, because they are also expecting the ID?=XXX paramater. is there a way to have those passed back from the form? Currently I've updated the links to be :
<input type="hidden" name="OnSuccessUrl" id="OnSuccessUrl" value="https://makewaygifts.secure.force.com/donate/thanks?id={!dq.id}" />
<input type="hidden" name="OnDeclineUrl" id="OnDeclineUrl" value="https://makewaygifts.secure.force.com/donate/declined?id={!dq.id}" />
<input type="hidden" name="OnErrorUrl" id="OnErrorUrl" value="https://makewaygifts.secure.force.com/donate/error?id={!dq.id}" />

but on an error, it gets overwritten to:
/error?id=a3061000000lXOaAAM?err=Cardnumber%20is%20 invalid&hashresponse=ZGEzOWEzZWU1ZTZiNGJkMzI1NWJmZ WY5NTYwMTg5MGFmZDg3OQ==&RefID=web

The error is having two ? in the parameters.

this is the same issue as this post: Error Redirect fails when an existing ID in the redirect url - ClickandPledge.com Support Forum

I've given you access to my login again:
Username
[email protected]

---

Temporary Code
IIYAGIGD01

---

Expires
21/01/2022 9:08 PM

Good day DanMakeway

Your are using the FaaS API platform inside Salesforce. In FaaS we have 3 URL's that are part of the required nodes:

Please see: https://manual.clickandpledge.com/Fo...rvice_Response

• Authorization URL
• Decline URL
• Error URL

The above URL's need to be visible to the Site Guest User in Salesforce. In other words, the public visiting the page has to have the right to see all these pages.

It appears that you have put URL's in these parameters that are not visible to the outside user. Please NOTE that these URL's are NOT part of Click & Pledge's system or in any way or form in our control. These are pages you have defined in Salesforce and since the Site Guest User does not have view access then they see Authorization Required- this is what Salesforce is telling the visitor .. simply they do not have permission to see the page.

Please review the links you have put for those pages

Looking at your page's HTML source I see the following:



If you are seeing an issue when a card declines you need to change the permission for the page you are assigning to the OnDeclineUrl

Hope that helps. As I stated this is outside our control but make sure Site Guest User has view permission to these pages.

On a separate NOTE: Please keep in mind that your page does not have reCAPTCHA, at least I do not see it, and your page will be, in a matter of time, target of credit card validation attacks. This is given and we see this over and over again. By using the API you are accepting responsibility for the page, the code, and the attacks if you are not incorporating safety measures. CONNECT forms have a lot of safety features built that are server side and is protected against fraud, whereas your page as it is a custom form is not protected. Just keep this in mind - the probability of attack is quite high on this page.

Here is the new code
Temporary Code
92BBRZP3AJ

---

Expires
20/01/2022 6:34 AM

Good day @DanMakeway

The code is expired. Would you please share the new code so we can continue the investigation?

the code is DIBHBLF5DV

DanMakeway

You can share it here as it can be used only by those you have granted access to your instance. Otherwise, you can also open a support ticket and reference this forum thread with subject Attn: Forum

How do I securely share the code?

Good day @DanMakeway

In order to login to your Salesforce instance, you will need to generate a temporary code for us so that we can login and review: https://help.salesforce.com/s/articl...ate.htm&type=5