API Payment Deletion Question

For QuickFile developers:

Isn’t it currently possible to delete any Payment ID (even not the one associated with our qf account) through payment delete API call? In the wrong hands that can be quite a bad bug trouble…

Also, after deleting the API is sending back PaymentDetailsDeleted xml field which has always value 1. I believe it would be more sensible to provide us with some error messages like (Payment with this ID is not existent, Payment was already deleted) as it is in other API calls.

Thank you,
Patrik

No you can’t delete any payment using the API, that would be insane :smile:

When you send your request you are validating the account in the Authorisation header which will then only allow actions to be performed against that account.

I agree on the second point, if it’s already deleted then it should return zero. That’s one for our API engineer.

Ou, OK. Thanks for your quick response.

On the first point: Well it most certainly would be insane :grinning: I was confused/scared because I just tried random payment ID and it actually showed in the account system events that some payment was deleted (with real amount), just no associated account name.

Yes I did replicate that issue. Nothing was actually deleted but it does make an erroneous entry in the event log. We will be looking at this today. The Payment_Delete function was only introduced a few weeks back so we’re keeping a close eye on it for now.

Great work anyway. Not sure how I would go with implementation of our system without payment_delete function :smile:

We fixed this today but with it being the busiest day of the month we have not deployed the revised code. We’ll possibly be doing this at around 6ish if we can find a window. This tends to be when things ease off.

We found a window :smile:

Great news :smile: Thank you for quick resolution and updates!

1 Like