Payment methods: API for payment gateway callbacks required authorization

[tatarincev]

https://github.com/VirtoCommerce/vc-module-KlarnaCheckout-Euro/blob/a638008aa371e91b82d366489a2598f83ad67389/Klarna.PaymentGatewayModule.Web/Managers/KlarnaCheckoutEuroPaymentMethod.cs#L329 the code is telling Klarna to return the results to http://www.our-store.com/admin/api/paymentcallback?sid=123&orderId=xxx&klarna_order_id=yyy path, which is this

vc-module-order/VirtoCommerce.OrderModule.Web/Controllers/Api/OrderModuleController.cs

Line 386 in 46d5048

public IHttpActionResult PostProcessPayment(webModel.PaymentCallbackParameters callback)

method, which needs authentication (Is on Admin) and obviously Klarna is not authenticated to access it. They get {"message":"Authorization has been denied for this request."}, 401 Unauthorized error.
What is the solution for this?

Other problem related to this method:
For instance, public IHttpActionResult PostProcessPayment(webModel.PaymentCallbackParameters callback) always receives callback as null.

[tatarincev]

I've to propose a few probable solutions of this problem:

1. Remove authorization check for this API method. (This is a much correct solution from my point of view. Just need to check all the security risks before that doing)
2. Include authorization key in callback link.
3. Define API for these types of callbacks in Clarna module.