*** Feel free to Move this Mods, I believe it's in the wrong place -- Sorry! ***
Hey Folks -
We are currently undergoing a new technique for our callback transactions, and we seem to be finding a potential bug with Blockchain and how they post callback URLs using their API. We haven't gotten very far with their general support, so we are hoping someone here can articulate what we are doing wrong or get the attention of the right guys at Blockchain to respond to our threads.
Without getting into specifics, we generate a unique callback key for each user that registers on our site by encrypting a series of data tied to that user. Before generating a call to Blockchain, we also urlencode() the secret key as it contains specials characters that won't play well in the browser. Below would be an example call to Blockchain
https://blockchain.info/api/receive?method=create&address=<OUR ADDRESS>&shared=false&callback=<DOMAIN>/callback.php?key=Qy5Z5sCNkYCoCmv2ppn1nw4qU3UsrS4TA%2Fx0nPQOsNBaTMAjl6HceHOBQsCeiKal2w0NEXbvJKF9x%2BIvTrgfoA%3D%3D
Once we get the response from hitting the URL above, everything looks great - they replay the callback URL exactly as we put it in, and we get a unique receiving address as well.
So far, so good - now is when things get weird.Once we send BTC to the new bitcoin receiving address returned above, the following full callback URL is triggered from Blockchain.
<DOMAIN>/callback.php?anonymous=false&shared=false&destination_address=<OUR ADDRESS>&confirmations=0&address=<OUR ADDRESS>&value=600000&input_address=<SENDERS ADDRESS>&input_transaction_hash=<HASH>&key=
Qy5Z5sCNkYCoCmv2ppn1nw4qU3UsrS4TA%2Fx0nPQOsNBaTMAjl6HceHOBQsCeiKal2w0NEXbvJKF9x+IvTrgfoA&transaction_hash=e1fd6dadc0...&
You'll notice the 'key' parameter is actually stripped of the last two "%3D"'s rending our decryption routine obsolete?
Now - If someone can tell me why this is happening, I will gladly fork over a donation! I'm really hoping it's somewhere on our side, but after looking at this all weekend, I don't think it is.