server side code for payment gateway integration with flutter - flutter

I'm trying to integrate a payment gateway like razorpay or stripe in my flutter app, and for any payment provider we need to generate a token using their API in the backend , but none of these payment providers have mentioned the code for the server side to generate tokens and how/where to deploy that server side code. Essentially I'm creating an ecommerce app and to process payments I can't find resources to implement the server side code for each cart order. Can anyone tell how to implement the server side code or some resource which could be useful?
Docs I have read:
https://pub.dev/packages/razorpay_flutter
https://razorpay.com/docs/payments/payment-gateway/flutter-integration/standard/build-integration#16-create-an-order-in-server

but none of these payment providers have mentioned the code for the server side to generate tokens and how/where to deploy that server side code
This is by design. Payment providers help you lower your PCI compliance burden by not touching raw card details. If you use frontend SDKs (like Stripe's Stripe.js + Elements UI library), they are an iframe that collects your end customer card details directly to their servers meaning your integration does not touch card details and does not have to do tons of paperwork on your own PCI compliance.
https://stripe.com/docs/security/guide
https://stripe.com/guides/pci-compliance
So you absolutely need to use their frontend SDKs to directly create a token from your webpage.
I can't find resources to implement the server side code for each cart order.
Once you have your token, you then send that to your server to create an order and (in Stripe's case) create and confirm a PaymentIntent. Though Stripe's recommended flow is a bit different - you create the PaymentIntent first and "confirm" it on your frontend: https://stripe.com/docs/payments/accept-a-payment

For razorpay integration (atleast as a payment gateway) you will be in need of a client and a server. As you say you have the client with you. After the user initiates the payment and completes it in the flutter client - the client has to send out an api request to the api server that can actually capture the payment with the hash comparisons.

I don't not much idea about Razorpay integration but for Stripe you can use Payment Intent API.
You can divide the process in 3 steps:
Send card details from Front-end, if it's a Stripe Customer then you can even use their default card.
Create a payment Intent in Backend, this will return a payment intent object with client_secret. You also might wanna save the payment intent id in DB.
Send this client_secret to Frontend, where you can use this client secret in Stripe.confirmCardPayment(client_secret).
Listen to webhook events to check on the payment status/progress. It's basically an open endpoint where stripe will make REST calls and provide you with details about your payment progress.
Here's a link to the docs mentioning this process. There was an even better doc/github link that I can't seem to find, it had the entire end-to-end happy process.
If this seems a bit complicated then you go with checkout API of Stripe. I've also attached a few youtube videos that might help ya in getting started.
Checkout API YT link
Payment Intent YT link

Related

Paypal OAuth Implementation to onboard merchants on our site

We have an app where we want to onboard Merchants to connect their Paypal account and then they can accept money from the customers directly through our webapp. I read through the docs and am a little lost on how to start.
What I understood is :
Using this document Paypal Doc we first need to generate authorization code then generate refresh and access token. But this document is for Paypal Here.
Also on the Customer Side should I use Smart Buttons Doc where I can generate the order Id and execute the capture step on the Server side using the access token generated for the Merchants in the first part.
Am I heading in the right direction?
If you also need to do things like manage refunds via the API, have the merchants generate a REST client ID and secret via https://www.paypal.com/signin?intent=developer&returnUri=https%3A%2F%2Fdeveloper.paypal.com%2Fdeveloper%2Fapplications and copy this information into your configuration interface
If you don't need to do that, you can integrate PayPal Checkout with your own API credentials, and set a 'payee' object, https://developer.paypal.com/docs/checkout/integration-features/custom-payee/

Braintree - How does the user knows how much he is charge for?

I'm trying to integrate with Braintree using the javascript SDK and the dropin plugin, but there is something I find hard to understand.
It seems that the user gives a free permission with his "payment_method_nonce" to charge his credit without him knowing how much he is being charged for. let me explain:
Looking at the flow overview:
1. Client request an authorization token from my server.
the server then creates a new token using his unique "Braintree SDK and credantials",
the sever send the token back to the client.
The User enters his credit card number and submits -> client sends a request to Braintree server.
Braintree server returns an "payment_method_nonce" to the client.
The Client send the "payment_method_nonce" to my server.
Using the "payment_method_nonce" my server create a transaction, set a price to charge and send a request to Braintree server. The user doesn't knows how much he was charged since the request was sent from the server.
When I worked with Paypal directly (without Braintree SDK) the user was redirected to the "paypal domain" to complete the transaction.
there he was presented with all the details about the transaction, price and all, but with "Braintree" this step is missing.
what am i missing here?
Full disclosure: I work at Braintree. If you have any further questions, feel free to contact support.
The Drop-In is a pre-made UI for accepting cards and PayPal. It should not be used as the sole part of your checkout.
You are responsible for incorporating the Drop-In UI into an existing checkout workflow within your store, which should include confirmations of meaningful transaction information such as address, amount, etc. By contrast- PayPal, who has security concerns for their account holders, includes some checkout steps to their UI as a means of providing trust and security to their customers.

Create a payment on Client and execute it on Server

I have a website where I want to offer 2 ways to checkout. One with a plain credit card using Stripe (Stripe Checkout) and the other with Paypal.
The way Stripe Checkout works is that when the user clicks a button on my web page, I trigger the checkout request which pops a modal and lets the user enter his credentials. Then it sends the data over to their servers to validate the card and returns a unique token which can is used to identify the card. I send the token via an AJAX request to my server and charge that token using my secret key. So the basic flow is:
Generate a token in the client side
Send that token to the server
Charge the token
I was looking for a similar workflow with Paypal Express Checkout but it seems like the only options are:
Generate a token and execute the payment in the Client side
Generate a token and execute the payment in the Server side
There seems to be no combination of both of them. I want to charge my client from my server as there are several things that take place when I charge the client.
Is it possible, with Paypal Express Checkout, to generate a token in the client and charge it on the server?
Yes, you can create on the client and execute on the server. Take a look at this doc, hopefully it'll help: https://github.com/paypal/paypal-checkout/blob/master/docs/hybrid.md

How can i implement payment through payment with two receivers?

Working on Android Application which provides platform for users to sell and buy their used products. Below is the scenario of payment screen when User(buy) want to bought an item.
How can i do this payment with paypal adaptive payment. I found something Parallel payment api but in this api doing parallel payment form owner's account need same thing with dynamic customer account.Every thing needed in PHP to develop web service will be used in android application.
Thanks.
Adaptive Payments, specifically the Pay API. That is how you would do the split payment as either parallel or chained.
From mobile apps I typically build the web services on a server, so you can still write everything in PHP and just pass data to and from PayPal back to the app through the PHP service. Then you make simple serice requests to your own PHP script and have it just return a basic JSON response or whatever you want to work with in the mobile app.
There may be more direct ways to get it done, but that's what I've always done and it works well. Allows you to use your web server for more detailed logging, too.

Sending information using paypal API without creating a complete payment

Is there a way to use the paypal API to send basic details of a payment without actually creating the payment itself? What I mean is, I'm working with a non profit organization that does not currently employ SSL. They want to use paypal to accept donations, but they want their own branded form on their page, they don't want to use the simple donate button. I had thought I might be able to send basic details, such as name and address along with the amount they wish to donate and a few other details using the paypal API, and then have the actual payment information processed on paypal's secure servers. All the examples I can find on how to use their API however are creating complete payments and sending them to Paypal, something I'm not able to do for obvious reasons. Short of employing SSL, something that we should probably do anyways, and capturing a complete payment, is there a way of sending just select information over the API and handling the rest on paypal's end?
If you want to control the form itself you don't have any choice but to go SSL. Any other route would require sending the user to PayPal, where you would no longer have that control.