Hack-a-thon! Break or Make using the MPowerPayments API

[Dev Congress]

Hey guys,

I've been quiet for a while. Yeah I know. If you're following developments on Github then it's not a long time ago right? :)

I have good, no wait, great news!!!

So we have our next activity in the pipeline: HACKATHON powered by SMSGH and MPowerPayments! Come learn, use, and win with the MPowerPayments API, the most friendly and extensive API for dealing with electronic payments in Ghana.

Revive that idea that you had but couldn't go on because of payment reasons. Dust 'em shelved ideas you had a year ago. Come, let's build apps that uses mobile and electronic payment. Let's build wrappers around the raw APIs for languages that do not have official libraries yet. Become a guru and wield the API with unprecedented dexterity. Under the watchful eyes of the developers behind the API themselves! Show your skill right in front of the manager of ....

Simply put, it'd be bigger and "funner" than the conference.

When and where? We're thinking around Saturday, October 5 2013 @ iSpace, Osu. It'd be a FUN-packed daylong activity.

But, but, we need rules for the game. Go ahead, suggest a rule or two that'd make the hackathon both fun and challenging.
What do you think about the time and venue?

You know your opinions make DevCongress DevCongress. Share them with us here.

Thank You.

We're super excited and we know you're too so #LETSDOTHIS!!!

[Alfred Rowe]

Nice,

Don't forget its also powered by Encodev Labs :). Once the date has been cast in stone lets not forget to push it to EgoTickets http://egotickets.com.

Important

-------------

We are pushing our raw http API online this weekend.

Regards,

Alfred Rowe

--
You received this message because you are subscribed to the Google Groups "DevCongress" group.
To unsubscribe from this group and stop receiving emails from it, send an email to devcongress...@googlegroups.com.
To post to this group, send email to devco...@googlegroups.com.
Visit this group at http://groups.google.com/group/devcongress.
To view this discussion on the web visit https://groups.google.com/d/msgid/devcongress/b157d557-8ec1-469a-ac68-1452ba0ad2c4%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Francis Addai]

When is the https version going to be available?

Francis Addai
- http://faddai.com
- http://gh.linkedin.com/in/faddai
- http://twitter.com/faddai

- http://www.facebook.com/amoeba.inc


Mob : +221 78 150 93 40
Mob : 0244966408

To view this discussion on the web visit https://groups.google.com/d/msgid/devcongress/281A3E5B-69BD-4011-9CE5-16D48EB0B8AC%40gmail.com.

[Alfred Rowe]

I am not following :( come again.

--
Sent from Gmail Mobile

[Francis Addai]

Important

-------------

We are pushing our raw http API online this weekend.

I assume you  are referring to the non-secure version of HTTP and I am asking when are you likely to strictly make all HTTP communications secure (HTTPS) on the API. 

Going through the documentation, I see you are making use of the key pair (private/public key) encryption approach for all requests so even if there is a man-in-the-middle monitoring HTTP traffic, it would be gibberish because data travelling on the wire is encrypted with a private key. 

I am only curiously finding out if you have plans on deploying the API on a secure HTTP connection.

Francis Addai
- http://faddai.com
- http://gh.linkedin.com/in/faddai
- http://twitter.com/faddai

- http://www.facebook.com/amoeba.inc


Mob : +221 78 150 93 40
Mob : 0244966408

[Alfred Rowe]

Massa! what are you talking about? Are you saying the API is not on https or what? Did you dig into our current client libs to see the URL endpoints to back your claims?

What's all this long talk about man in the middle and public private keys, that has no link to what we talking about in this thread. Stop spreading fear and wild issues you clearly have not validated yourself.

Just pick any of our client libraries and put wireshark or a similar sniffer on the network and sniff the data from the client lib to the API service then come back.

Besides the point, I understand where the confusion came from, when I said we will publish the raw http API documentation I was referring to the "universal term" it has not like to if the actual URL is on HTTP or HTTPS.

Cheers!

[Francis Addai]

@Alfred, why are you being defensive?

I only responded to what you said ('We are pushing our raw http API online this weekend') on this thread. So, we are in this because of the ambiguity in the sentence above. How was I supposed to know that you were referring to the "universal term" when actually, raw http means something in relation to the protocol?

I have not had time to dig into the API itself, I just went over to the website and took a look at the API docs when @Yaw shared the link. Just a quick look. Also, note that I am not in anyway saying that the API is vulnerable to attacks. Even if it is on http://blabla.com, communications and data transfer is secured because of the authentication/encryption scheme implemented in the API.

I have not seen any of the endpoints of the API. I believe the simple answer you could have given me would have been that "The API is already deployed using https://blabla.com for all communications. You can refer to the sandbox."

Note: So far, I haven't made any claims concerning the API.

Francis Addai
- http://faddai.com
- http://gh.linkedin.com/in/faddai
- http://twitter.com/faddai

- http://www.facebook.com/amoeba.inc


Mob : +221 78 150 93 40
Mob : 0244966408

[Alfred Rowe]

My bad. I didn't know "raw http API" was ambiguous, next time I will say "raw https api  documentation" (don't know where I've heard of it before though), but hey guess it's the latest pun. Lol

[Francis Addai]

I didn't know either. You just made me realise that when you said;

Besides the point, I understand where the confusion came from, when I said we will publish the raw http API documentation I was referring to the "universal term" it has not like to if the actual URL is on HTTP or HTTPS.

HTTPS is only a security improvement layered on top of the HTTP protocol. So, when somebody I assume knows what HTTPS is says "raw HTTP", forgive me, that it doesn't hit me to think that you are contextually referring to the "universal term".

If a fellow developer told you that I write raw or vanilla Javascript, what would you think? Would jQuery and all the other fancy JS frameworks/libraries come into your head? 

You can do us the honours by defining what exactly you mean by "raw HTTP API", at least, we would have ended this day, learning from the mighty Alfred Rowe.

Note:

After reading Alfred's last email, I have discovered where I got confused and why I asked him the question in the first place.

My bad. I didn't know "raw http API" was ambiguous, next time I will say "raw https api  documentation" (don't know where I've heard of it before though), but hey guess it's the latest pun. Lol

"raw https api documentation" is completely  different from "raw http API". All along, I had no idea that he was even talking about the API documentation. Who did? That wasn't what he communicated. And NO, I am not saying you should even use the word "raw" at all. If you are referring to the protocol itself, HTTP is fine, no need for any adjective. If you are making references to the secure (SSL/TLS) version HTTPS is fine too. 

PS:

This thread is longing as a result of a clear miscommunication. Alfred has grossly miscommunicated and when that miscommunication led me to ask him a question, he took to being defensive. I admire Alfred for the fact that he's a rubyist. I have nothing against him and I am not a pedant, neither am I trying to prove that I am any smart than him.

Francis Addai
- http://faddai.com
- http://gh.linkedin.com/in/faddai
- http://twitter.com/faddai

- http://www.facebook.com/amoeba.inc


Mob : +221 78 150 93 40
Mob : 0244966408

[Sami Amegavi]

the back and forth has been an interesting discussion on security....although i cant help but wonder how funny all this may have seemed to the guys who happened to be on duty at the NSA ;)

--
You received this message because you are subscribed to the Google Groups "DevCongress" group.
To unsubscribe from this group and stop receiving emails from it, send an email to devcongress...@googlegroups.com.
To post to this group, send email to devco...@googlegroups.com.
Visit this group at http://groups.google.com/group/devcongress.

To view this discussion on the web visit https://groups.google.com/d/msgid/devcongress/CA%2BKvEmoyct5Ft2FGM%3DO4_O2JDuM6Vvm%3D%2Bk2tHjkrbp%3D2cEBqAQ%40mail.gmail.com.

[Yaw Boakye]

@Francis @Alfred Wow! Exemplary of how to resolve conflicts and (disturbing) misunderstanding. You guys handled this well.

Btw this doesn't prevent us from playing with the API right? That's all we want!

@Francis Are you back already or when are you coming?

Yaw

2013/9/13 Sami Amegavi <same...@gmail.com>

To view this discussion on the web visit https://groups.google.com/d/msgid/devcongress/CAKY4Rn%2Ba_GK%2B31jRvqiyZpcUBm2JbXkTngbfAztyPVjN8bw6bQ%40mail.gmail.com.

[Yaw Boakye]

---------- Forwarded message ----------
From: Selom Dzotsi <mr.d...@gmail.com>
Date: 2013/9/13
Subject: Re: [DevCongress:29] Hack-a-thon! Break or Make using the MPowerPayments API
To: Yaw Boakye <wher...@gmail.com>

Guys i have been trying my hands on the API and i would really like to meet the developers of the mpower API cos i have tons of questions for them but its quite unfortunate am not available on that date. wish the date cud be changed to an earlier one. just putting my thoughts out there :-)

To view this discussion on the web visit https://groups.google.com/d/msgid/devcongress/CAPJoGXtbuhb4QPodA_ain%3Dg7iwP-q--tF8av9HzSazgr6eL_cw%40mail.gmail.com.

[Alfred Rowe]

We can still address any questions you have via the MPower Forum https://groups.google.com/forum/?fromgroups#!forum/mpowerpayments

Cheers!

To view this discussion on the web visit https://groups.google.com/d/msgid/devcongress/CAPJoGXv0y%3Dk2GT%2BEzNcAc98%2B_hBitDMGcWGWZ0VcStM0d3kR_w%40mail.gmail.com.