{"id":21302312,"url":"https://github.com/pfpayments/java-sdk","last_synced_at":"2026-02-03T12:19:35.229Z","repository":{"id":41952556,"uuid":"251532172","full_name":"pfpayments/java-sdk","owner":"pfpayments","description":"The PostFinance Checkout Java SDK allows an easy integration into Java applications.","archived":false,"fork":false,"pushed_at":"2025-12-11T10:25:06.000Z","size":5265,"stargazers_count":3,"open_issues_count":3,"forks_count":1,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-12-12T10:50:34.625Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pfpayments.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-03-31T07:35:39.000Z","updated_at":"2025-12-11T10:25:09.000Z","dependencies_parsed_at":"2025-12-11T15:16:49.424Z","dependency_job_id":null,"html_url":"https://github.com/pfpayments/java-sdk","commit_stats":null,"previous_names":[],"tags_count":67,"template":false,"template_full_name":null,"purl":"pkg:github/pfpayments/java-sdk","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pfpayments%2Fjava-sdk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pfpayments%2Fjava-sdk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pfpayments%2Fjava-sdk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pfpayments%2Fjava-sdk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pfpayments","download_url":"https://codeload.github.com/pfpayments/java-sdk/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pfpayments%2Fjava-sdk/sbom","scorecard":{"id":729877,"data":{"date":"2025-08-11","repo":{"name":"github.com/pfpayments/java-sdk","commit":"66687db21a7a224cc7e2aaea91711a66fc492394"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/maven-publish.yml:10","Warn: topLevel 'packages' permission set to 'write': .github/workflows/maven-publish.yml:11","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven-publish.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/pfpayments/java-sdk/maven-publish.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven-publish.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/pfpayments/java-sdk/maven-publish.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/maven-publish.yml:14"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":4,"reason":"6 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-h46c-h94j-95f3","Warn: Project is vulnerable to: GHSA-4h8f-2wvx-gg5w","Warn: Project is vulnerable to: GHSA-67mf-3cr5-8w23","Warn: Project is vulnerable to: GHSA-8xfc-gm6g-vgpv","Warn: Project is vulnerable to: GHSA-m44j-cfrm-g8qc","Warn: Project is vulnerable to: GHSA-v435-xc8x-wvr9"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T14:07:03.847Z","repository_id":41952556,"created_at":"2025-08-22T14:07:03.847Z","updated_at":"2025-08-22T14:07:03.847Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29045645,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T10:09:22.136Z","status":"ssl_error","status_checked_at":"2026-02-03T10:09:16.814Z","response_time":96,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-21T15:55:43.580Z","updated_at":"2026-02-03T12:19:35.184Z","avatar_url":"https://github.com/pfpayments.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PostFinance Checkout Java Library\n\nThe PostFinance Checkout Java library wraps around the PostFinance Checkout API. This library facilitates your interaction with various services such as transactions, accounts, and subscriptions.\n\n\n## Documentation\n\n[PostFinance Checkout Web Service API](https://checkout.postfinance.ch/doc/api/web-service)\n\n## Requirements\n\n- Java 1.8+\n\n## Installation\n\n### Maven users\n\nAdd this dependency to your project's POM:\n\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003ech.postfinance\u003c/groupId\u003e\n    \u003cartifactId\u003epostfinancecheckout-java-sdk\u003c/artifactId\u003e\n    \u003cversion\u003e8.7.0\u003c/version\u003e\n    \u003cscope\u003ecompile\u003c/scope\u003e\n\u003c/dependency\u003e\n```\n\n### Gradle users\n\nAdd this dependency to your project's build file:\n\n```groovy\ncompile \"ch.postfinance:postfinancecheckout-java-sdk:8.7.0\"\n```\n\n### Others\n\nAt first generate the JAR by executing:\n\n```shell\nmvn clean package\n```\n\nThen manually install the following JARs:\n\n* `target/postfinancecheckout-java-sdk-8.7.0.jar`\n* `target/lib/*.jar`\n\n## Usage\nThe library needs to be configured with your account's space id, user id, and secret key which are available in your [PostFinance Checkout\naccount dashboard](https://checkout.postfinance.ch/account/select). Set `space_id`, `user_id`, and `api_secret` to their values.\n\n### Configuring a Service\n\n```java\npackage ch.postfinance.sdk.example;\n\nimport ch.postfinance.sdk.ApiClient;\nimport ch.postfinance.sdk.service.TransactionService;\n\npublic class Example {\n\n    public static void main(String[] args) {\n\n        // Credentials\n        Long userId = 512L;\n        String secret = \"FKrO76r5VwJtBrqZawBspljbBNOxp5veKQQkOnZxucQ=\";\n        \n        // API Client\n        ApiClient apiClient = new ApiClient(userId, secret);\n\n        //Setup a custom connection timeout if needed. (Default value is: 25 seconds)\n        apiClient.setReadTimeOut(20);\n\n        // Create an API service instance:\n        TransactionService transactionService = apiClient.getTransactionService();\n\n        // ... use the transactionService to make API calls ...\n        \n    }\n}\n```\n\nTo get started with sending transactions, please review the example below:\n\n```java\npackage ch.postfinance.sdk.test;\n\nimport java.io.IOException;\nimport java.math.BigDecimal;\n\nimport ch.postfinance.sdk.ApiClient;\nimport ch.postfinance.sdk.model.*;\n\n/**\n * \n */\npublic class TransactionPaymentPageExample {\n\n\tpublic static void main(String[] args) throws IOException {\n\n\t    // Credentials\n        Long spaceId = 405L;\n        Long applicationUserId = 512L;\n        String authenticationKey = \"FKrO76r5VwJtBrqZawBspljbBNOxp5veKQQkOnZxucQ=\";\n\n\t    // API Client\n\t    ApiClient apiClient = new ApiClient(applicationUserId, authenticationKey);\n\n        // Line item\n        LineItemCreate lineItem = new LineItemCreate();\n        lineItem.name(\"Red T-Shirt\")\n                .uniqueId(\"5412\")\n                .type(LineItemType.PRODUCT)\n                .quantity(BigDecimal.valueOf(1))\n                .amountIncludingTax(BigDecimal.valueOf(29.95))\n                .sku(\"red-t-shirt-123\");\n\n        // Customer Billing Address\n        AddressCreate billingAddress = new AddressCreate();\n        billingAddress.city(\"Winterthur\")\n                .country(\"CH\")\n                .emailAddress(\"test@example.com\")\n                .familyName(\"Customer\")\n                .givenName(\"Good\")\n                .postcode(\"8400\")\n                .postalState(\"ZH\")\n                .organizationName(\"Test GmbH\")\n                .mobilePhoneNumber(\"+41791234567\")\n                .salutation(\"Ms\");\n\n\t    // Transaction Create Request\n\t    TransactionCreate request = new TransactionCreate();\n        request.autoConfirmationEnabled(true).currency(\"CHF\").language(\"en-US\");\n        request.setBillingAddress(billingAddress);\n        request.setShippingAddress(billingAddress);\n        request.addLineItemsItem(lineItem);\n        \n        // Create Transaction\n        Transaction transaction = apiClient.getTransactionService().create(spaceId, request);\n        \n        // Build the payment page URL to which the user should be redirected when the payment page should be used:\n        String paymentPageUrl = apiClient.getTransactionPaymentPageService().paymentPageUrl(spaceId, transaction.getId());\n        System.out.println(\"Payment Page URL: \" + paymentPageUrl);\n        \n        // The above statement should print something like:\n        //\n        //   Payment Page URL: https://app-wallee.com/s/405/payment/transaction/pay/[transaction ID]?securityToken=[some token]\n        //\n\t}\n\n}\n\n```\nConsider using the following overloaded ApiClient constructor and following code snippet to gain access to a resource behind a **proxy** server with a Basic Authentication scheme\n```java\n    // Create an instance of the ApiClient with the user's unique credentials and proxy information.\n    ApiClient apiClient = new ApiClient(userId, secret, String proxyHostname, int proxyPort);\n\n    Authenticator authenticator = new Authenticator() {\n        @Override\n        protected PasswordAuthentication getPasswordAuthentication() {\n            // Check if the authentication request is for a proxy\n            if (getRequestorType() == RequestorType.PROXY) {\n                // Check if the authentication scheme is Basic\n                if (\"Basic\".equalsIgnoreCase(getRequestingScheme())) {\n                    // Return the PasswordAuthentication instance with the proxy credentials\n                    return new PasswordAuthentication(proxyUsername, proxyPassword.toCharArray());\n                }\n            }\n\n            return null;\n          }\n    };\n\n    // Set the default Authenticator that will be used by the networking code when a proxy or an HTTP server asks for authentication.\n    // Authenticator.setDefault will set the java.net.Authenticator that processes all authentication requests.\n    Authenticator.setDefault(authenticator);\n```\n### Disable Basic authentication for HTTPS tunneling\n\n\u003eIn some environments, certain authentication schemes may be undesirable when proxying HTTPS. Accordingly, the Basic authentication scheme has been deactivated, by default, in the Oracle\n\u003eJava Runtime, by adding Basic to the jdk.http.auth.tunneling.disabledSchemes networking property. Now, proxies requiring Basic authentication when setting up a tunnel for HTTPS\n\u003ewill no longer succeed by default. If required, this authentication scheme can be reactivated by removing Basic from the jdk.http.auth.tunneling.disabledSchemes networking\n\u003eproperty, or by setting a system property of the same name to \"\" ( empty ) on the command line.\n\n```java\n    System.setProperty(\"jdk.http.auth.tunneling.disabledSchemes\", \"\");\n    System.setProperty(\"jdk.http.auth.proxying.disabledSchemes\", \"\");\n```\n### Integrating Webhook Payload Signing Mechanism into webhook callback handler\n\nThe HTTP request which is sent for a state change of an entity now includes an additional field `state`, which provides information about the update of the monitored entity's state. This enhancement is a result of the implementation of our webhook encryption mechanism.\n\nPayload field `state` provides direct information about the state update of the entity, making additional API calls to retrieve the entity state redundant.\n\n#### ⚠️ Warning: Generic Pseudocode\n\n\u003e **The provided pseudocode is intentionally generic and serves to illustrate the process of enhancing your API to leverage webhook payload signing. It is not a complete implementation.**\n\u003e\n\u003e Please ensure that you adapt and extend this code to meet the specific needs of your application, including appropriate security measures and error handling.\nFor a detailed webhook payload signing mechanism understanding we highly recommend referring to our comprehensive\n[Webhook Payload Signing Documentation](https://checkout.postfinance.ch/doc/webhooks#_webhook_payload_signing_mechanism).\n\n\n```java\n@RestController\n@RequestMapping(\"/webhook\")\npublic class WebhookController {\n\n    @PostMapping(\"/callback\")\n    public ResponseEntity\u003cObject\u003e handleWebhook(@RequestBody String requestPayload,\n                                                HttpServletRequest request) {\n\n      // ...\n\n      // Retrieve the 'x-signature' header from the request\n        String signature = request.getHeader(\"x-signature\");\n\n        // Check if the x-signature header is present\n        if (signature == null || signature.isEmpty()) {\n\n          // Make additional API call to retrieve the entity state.\n          // ...\n\n        } else {\n\n          // Authenticate webhook payload\n          if (apiClient.getWebhookEncryptionService().isContentValid(signature, requestPayload)) {\n            // parse the requestPayload to extract the 'state' value\n\n            // After parsing the 'state', process the entity's state change.\n             if (state != null) {\n                 processEntityStateChange(state);\n             }\n\n            // Process the received webhook data\n            // ...\n          }\n\n        }\n\n        // Process the received webhook data\n        // ...\n    }\n}\n```\n\n## Recommendation\n\nIt is recommended to create an instance of `ApiClient` per thread in a multithreaded environment to avoid any potential issues.\n\n## License\n\nPlease see the [license file](https://github.com/pfpayments/java-sdk/blob/master/LICENSE) for more information.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpfpayments%2Fjava-sdk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpfpayments%2Fjava-sdk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpfpayments%2Fjava-sdk/lists"}