Referencing the answer here: PHP verify Paypal webhook signature
Is this still the working solution for today (Jan '22)? Curious why it says on github.com/paypal/PayPal-PHP-SDK that this package is deprecated? (and archived)?
That SDK is deprecated and not maintained. There is no support for it.
There are two supported ways to verify a webhook, either post it back to an API endpoint, or verifying the cryptographic message signature yourself.
Verifying a message signature
Posting back to PayPal
Neither document is specific to PHP, but has the information necessary to adapt into your own implementation in any language.
Related
I have this question regarding 2 npm PayPal packages, what is the difference between
paypal-rest-sdk and #paypal/checkout-server-sdk ? And can you implement webhooks using #paypal/checkout-server-sdk or there is no need for webhooks for this package ?
paypal-rest-sdk
checkout-server-sdk
var paypal = require('paypal-rest-sdk');
const paypal = require('#paypal/checkout-server-sdk');
All PayPal-*-SDK for every language have been deprecated for a long time and should not be used for anything. This includes the one for node that's in npm as #paypal/paypal-rest-sdk.
The Checkout-*-SDK for every language, in npm for node as #paypal/checkout-server-sdk, implements the v2/checkout/orders API (and only that API). It can still be used if desired, although I've heard it will be deprecated soon as well. Currently all developer.paypal.com documentation only references doing direct HTTPS REST API integrations, using a client id and secret to first obtain an access_token. For node in particular, there is a full stack example in the PayPal Checkout integration guide that serves as a useful starting point, although I recommend the client side onApprove function in this approval flow since that sample includes client-side error handling of the capture response (restarting or showing an error as appropriate)
As for webhooks, they are a separate matter. There is no current SDK for them. The server-side capture API response is already sufficient for normal orders API payments so you may not need webhooks for what you're doing, but if there are specific events you're interested in listening for (such as refunds or disputes that occur on PayPal.com ) you'll need to subscribe to the event(s) you want -- either in the REST app or using webhook API calls.
I am using Braintree payment in my app. It works perfectly fine using nonce method using server, this method.
But now our requirements changed and we are not allow to use any sever to verify nonce.
In Braintree we can use tokenization key authorizes clients to tokenize payment information. But there is not any descriptive information about it, this method. Only one line of code is provided in doc and there is no other resources I found useful for tokenization key method.
let apiClient = BTAPIClient(authorization: tokenizationKey)
How to use it with DropInUI ?
apiClient is always return nil.
Also I checked Briantreeios demo, but its very confusing. In some example I don't know how payment method work and on which end points used to verify details and deduct amount.
Thanks in advance.
Full disclosure, I work at Braintree. If you have any further questions, I recommend contacting Support.
You are not able to perform transactions directly from the client. Braintree is a full stack solution that requires a server integration with one of Braintree's available SDKs or by using the GraphQL API. In either case, you cannot make payments directly from the client using a tokenization key.
I need to add PayPal button on client's website. It is first time I am doing this and I asked for credentials he gave me API signature, API username and API password. I was checking lots of tutorials how to add PayPal button, they use sandbox/live Client ID and Secret. Can I use this API credentials instead?
I searched a lot but couldn't find an answer.
I am coding in CodeIgniter 3.
Thanks
Username, Password, and Signature are related to Classic API integration.
Client ID and Secret are related to the REST API integration.
Which one do you want to work with?
Or, the easiest option is to use PayPal Standard Payment Buttons, but that will also be the most limiting.
We actually have a PayPal CodeIgniter Library that you might be interested in. It was built for the Classic API.
The general PayPal PHP SDK that it's based on is now available with Composer, so I would recommend installing it that way.
We'll be releasing an update to that library before the end of the year that adds all of the REST APIs. It's available in the dev branch on GitHub already.
We implemented PayPal express checkout through the Braintree SDK (js v3) because this allows us to use our own HTML button whereas we would have to use the provided PayPal buttons if we were using the REST API.
Everything was working fine within our live setup until yesterday. Code was changed neither on the client nor on the server.
However, I did delete two REST API apps within the PayPal developer dashboard which were no longer needed since we had decided to go down the Braintree JS SDK path.
After that, express checkouts started throwing AuthenticationErrors.
Generating client tokens on our server still works. Performing the actual checkout fails on tokenization.
I receive the following exception:
{
"paymentResource": {
"errorName": "invalid_client",
"errorMessage": "Client Authentication failed",
"errorDetails": null,
"debugId": "84b227241374e",
"paypalHttpStatus": 401
}
}
The whole setup works using the test access_token btw :/
My current assumption is that the Braintree SDK access_token is somehow coupled to the default REST API App (email-facilitator#domain.tld). I deleted this default REST API App.
I found the following FAQ article which I believe proves the assumption might be correct: https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1938&expand=true&locale=en_US
We now switched to a different PayPal account as we could not figure out what was going wrong. Without changing any code except for the new access_token, everything started working again.
Has anyone experienced this or something similar before?
Does anyone know how I can either
Delete the Braintree Account or regenerate it (which will hopefully restore the link to my new REST API App)? or
Restore the link between my Braintree SDK access_token and my REST API app?
If something was unclear or if I can provide more context somewhere please let me know!
As Brian K correctly noted, the solution was to contact the PayPal technical support at paypal-techsupport.com/app/ask and ask for the deleted REST API app to be reinstated.
Everything is back to normal now.
I'm trying to integrate PayPal Payflow Advanced into my site, and I'm so confused... I've enabled secure tokens in the management interface, but I'm not clear on whether that's generated from their side or mine?
I've never done this before and really, the developer guides and sdks and even the forum posts feel extremely elusive... I'm just not sure about the process...
It seems as though I can embed an iframe and then they handle the rest, but one of the parameters is SECURETOKEN and SECURETOKENID. I don't know where I get those values from? I don't see it anywhere in any of the paypal settings for my account, so I think it might be something I need to generate? But, if it is, then I don't know exactly what kind of token I should send? Just any old random string?
Sorry... But, I'm really unclear on this, despite having googled and gone through the paypal documentation... Plus, I think my PMDD is acting up, so I'm hoping to get a solution before I take this computer and huff it out the window...
This is an old post now, but the answer is that you have to perform a token request using server-side code. There is an PHP example of a secure token request in this post:
https://go.developer.ebay.com/developers/community/blogs/ppintegrationsnate/new-payflow-gateway-tutorial
This was for a PayFlow Pro integration. Also see chapter 2 of https://www.paypalobjects.com/webstatic/en_US/developer/docs/pdf/payflowgateway_guide.pdf for the syntax of the request. You may need to look into the specifics of what is required in the token request for your product.
If you haven't already, try looking here under the section “PayPal Payments Advanced and PayPal Payments Pro (Payflow Pro/Link)”
https://www.x.com/developers/community/blogs/ppintegrationsnate/nates-blog-home-page
and
https://www.x.com/developers/community/blogs/pp_integrations_preston/testing-paypal-payflow-gateway
Thanks