Cannot capture sandbox PayPal payment - paypal

I am currently trying the Orders API of PayPal using Postman, but cannot capture any payment.
For now, I could get the access token, set it to a collection variable, then created orders using (note the access token is set in the Authorization tab):
POST https://api-m.sandbox.paypal.com/v2/checkout/orders
Body:
{
"intent": "CAPTURE",
"purchase_units": [
{
"amount": {
"currency_code": "USD",
"value": "10.00"
}
}
]
}
The request was successful with response body:
{
"id": "<random-id>",
"status": "CREATED",
"links": [
{
"href": "https://api.sandbox.paypal.com/v2/checkout/orders/<random-id>",
"rel": "self",
"method": "GET"
},
{
"href": "https://www.sandbox.paypal.com/checkoutnow?token=<random-id>",
"rel": "approve",
"method": "GET"
},
{
"href": "https://api.sandbox.paypal.com/v2/checkout/orders/<random-id>",
"rel": "update",
"method": "PATCH"
},
{
"href": "https://api.sandbox.paypal.com/v2/checkout/orders/<random-id>/capture",
"rel": "capture",
"method": "POST"
}
]
}
Then I proceeded to rel:approve's link using a browser https://www.sandbox.paypal.com/checkoutnow?token=<random-id> and signed in with my sandbox account. It shows me the usual payment window but when I pressed the "Continue" button, it tried to redirect to the return page but instead, refreshed the page itself.
When I tryed to check the order using rel:self's link: GET https://api.sandbox.paypal.com/v2/checkout/orders/<random-id>. It correctly showed the sandbox account's shipping details (name and address), but the status remained CREATED (not APPROVED or COMPLETED):
{
"id": "<random-id>",
"intent": "CAPTURE",
"status": "CREATED",
"purchase_units": [
{
"reference_id": "default",
"amount": {
"currency_code": "USD",
"value": "10.00"
},
"payee": {
"email_address": "<payee-email>",
"merchant_id": "<payee-id>"
},
"shipping": {
"name": {
"full_name": "<payer-name>"
},
"address": {
"address_line_1": "<payer-address-1>",
"address_line_2": "<payer-address-2>",
"admin_area_2": "<payer-address-3>",
"admin_area_1": "<payer-address-4>",
"postal_code": "<payer-address-5>",
"country_code": "<payer-address-6>"
}
}
}
],
"create_time": "<time-of-post-request>",
"links": [
{
"href": "https://api.sandbox.paypal.com/v2/checkout/orders/<random-id>",
"rel": "self",
"method": "GET"
},
{
"href": "https://www.sandbox.paypal.com/checkoutnow?token=<random-id>",
"rel": "approve",
"method": "GET"
},
{
"href": "https://api.sandbox.paypal.com/v2/checkout/orders/<random-id>",
"rel": "update",
"method": "PATCH"
},
{
"href": "https://api.sandbox.paypal.com/v2/checkout/orders/<random-id>/capture",
"rel": "capture",
"method": "POST"
}
]
}
When I tried to capture the payment using rel:caputure's link: POST https://api.sandbox.paypal.com/v2/checkout/orders/<random-id>/capture with header Content Type: application/json and empty body, it said "payer has not approved the Order for payment", despite I getting the shipping details from the GET request before:
{
"name": "UNPROCESSABLE_ENTITY",
"details": [
{
"issue": "ORDER_NOT_APPROVED",
"description": "Payer has not yet approved the Order for payment. Please redirect the payer to the 'rel':'approve' url returned as part of the HATEOAS links within the Create Order call or provide a valid payment_source in the request."
}
],
"message": "The requested action could not be performed, semantically incorrect, or failed business validation.",
"debug_id": "6a10ea489ffce",
"links": [
{
"href": "https://developer.paypal.com/docs/api/orders/v2/#error-ORDER_NOT_APPROVED",
"rel": "information_link",
"method": "GET"
}
]
}
I have three questions:
Was I using the Orders API correctly? Did I miss some HTTP requests and/or some crucial steps?
I had the return URL set for my sandbox application, why did the payment page not redirect me but instead refreshed itself? Did I miss some setup beforehand?
Why did I fail to capture the payment like above?
P.S. After some digging I think I might be missing the authorize payment step but I have no idea how to do it. (Client-side request? Server-side request?)

I proceeded to rel:approve's link .. when I pressed the "Continue" button, it tried to redirect to the return page but instead, refreshed the page itself.
You did not specify a return_url , so there is nowhere to return to. Refreshing is all that can be done.
What you should do is not redirect to an approval URL, and integrate with no redirects. For this make two routes on your server, one for 'Create Order' and one for 'Capture Order', documented here. These routes should return only JSON data (no HTML or text). The latter one should (on success) store the payment details in your database before it does the return (particularly purchase_units[0].payments.captures[0].id, the PayPal transaction ID)
Pair those two routes with the following approval flow: https://developer.paypal.com/demo/checkout/#/pattern/server

I was also having trouble with this issue, I solved it by expanding the request body, much like #preston-phx said, with the return URL, and it looked something like this:
{
"intent": "CAPTURE",
"payer": {
"email_address": requestBody.payer_email
},
"purchase_units": [{
"amount": {
"currency_code": "USD",
"value": requestBody.amount
},
"payee": {
"email_address": requestBody.payee_email
},
"payment_instruction": {
"disbursement_mode": "INSTANT", // can be INSTANT or DELAYED
"platform_fees": [
{
"amount": {
"currency_code": "USD",
"value": calculateFeesFromAmount(requestBody.amount)
}
}
]
}
}],
"redirect_urls": {
"return_url": "https://example.com/paypalpay/order/approved",
"cancel_url": "https://example.com/paypalpay/order/cancelled"
},
"application_context": {
"brand_name": "Header for payment page",
"locale": "en-US",
"landing_page": "BILLING", // can be NO_PREFERENCE, LOGIN, BILLING
"shipping_preference": "NO_SHIPPING" // because I didn't want shipping info on the page,
"user_action": "PAY_NOW", // Button name, can be PAY_NOW or CONTINUE
"return_url": "https://example.com/paypalpay/order/approved",
"cancel_url": "https://example.com/paypalpay/order/cancelled"
}
}
This also helped me customise the payment page to an extent. I hope Paypal folks include these in the docs at the correct places, most of devs have to dig through a lot of documentation to create an extensive, usable request body.

Related

no webhook calls with subscription in paypal sandbox mode

With php and curl i create billing plans, subscriptions, get the paypal link and proceed to the payment. Everything works and i get the following webhook calls :
Billing plan created
Billing subscription created
Billing subscription activated
Paiement sale completed
So far so good. The problem is that i specified the subscription to a renewal of 1 DAY so i could check what happens when a new regular payment arrives... and nothing.
I don't know if the sandbox does not implement a real subscription with all the correct webhook callback of if i'm doing something wrong. I would be pretty pissed to be forece to develop that in production mode !
Any ideas ?
Any ideas how to test the recurring payment ?
Here is the data i get from paypal API when i call billing_subscription:
You can view it properly on https://jsoneditoronline.org/
{
"billing_cycles": [
{
"frequency": {
"Interval_count": 1,
"interval_unit": "DAY"
},
"pricing_scheme": {
"create_time": "2021-08-11T13:47:42Z",
"fixed_price": {
"currency_code": "EUR",
"value": "2.0"
},
"update_time": "2021-08-11T13:47:42Z",
"version": 1
},
"sequence": 1,
"tenure_type": "REGULAR",
"total_cycles": 120
}
],
"create_time": "2021-08-11T13:47:42Z",
"description": "offre Basic TEST avec un debit tous les jours",
"id": "P-8AF2870811319631YMEJ5J7Q",
"links": [
{
"encType": "application/json",
"href": "https://api.sandbox.paypal.com/v1/billing/plans/P-8AF2870811319631YMEJ5J7Q",
"method": "GET",
"rel": "self"
},
{
"encType": "application/json",
"href": "https://api.sandbox.paypal.com/v1/billing/plans/P-8AF2870811319631YMEJ5J7Q",
"method": "PATCH",
"rel": "edit"
},
{
"encType": "application/json",
"href": "https://api.sandbox.paypal.com/v1/billing/plans/P-8AF2870811319631YMEJ5J7Q/deactivate",
"method": "POST",
"rel": "self"
}
],
"name": "Offre Basic TEST JOUR PAR JOUR",
"payment_preferences": {
"auto_bill_outstanding": true,
"payment_failure_threshold": 3,
"service_type": "PREPAID",
"setup_fee": {
"currency_code": "EUR",
"value": "0.0"
},
"setup_fee_failure_action": "CONTINUE"
},
"product_id": "abonnement-test-basic",
"quantity_supported": false,
"status": "ACTIVE",
"taxes": {
"inclusive": false,
"percentage": "20.0"
},
"update_time": "2021-08-11T13:47:42Z",
"usage_type": "LICENSED"
}
Problem solved (sort-of...)
In production mode, when a recurring paiement is done on a subscription a webhook is called with the event : PAYMENT.SALE.COMPLETED
In sandbox mode, the event is either not sent, either randomly sent days later after when it's supposed to be.

PayPal Sandbox approval URL stuck in infinite loop

I've got a strange issue with PayPal's Sandbox / API V2.
After creating an order with the AUTHORIZE intent (pre-auth). I'm taking the user to the APPROVE URL, and after selecting the payment method PayPal says that it's redirecting me back to my redirect_url, but instead it just reloads the payment selection screen.
I don't know what's wrong.... This is what I'm passing directly to the API:
curl -v -X POST https://api.sandbox.paypal.com/v2/checkout/orders \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <my-access-token>" \
-d '{
"intent":"AUTHORIZE",
"description":"Description goes here",
"soft_descriptor":"Descriptor",
"purchase_units":[
{
"amount":{
"currency_code":"CAD",
"value":"351.75"
}
}
],
"order_application_context":{
"return_url":"redacted_for_privacy",
"cancel_url":"redacted_for_privacy"
}
}
That call is obviously working as PayPal is returning the CREATED response. I have looped through the returned HATEOAS links and redirected the user to the approve URL ... Then the problem starts...
API response is:
{
"id": "8KF74291SN313461D",
"intent": "AUTHORIZE",
"status": "CREATED",
"purchase_units": [
{
"reference_id": "default",
"amount": {
"currency_code": "CAD",
"value": "351.75"
},
"payee": {
"email_address": "sb-iuaiy3198427#business.example.com",
"merchant_id": "DXYXG2JAU3SQQ"
}
}
],
"create_time": "2020-09-15T05:13:59Z",
"links": [
{
"href": "https://api.sandbox.paypal.com/v2/checkout/orders/8KF74291SN313461D",
"rel": "self",
"method": "GET"
},
{
"href": "https://www.sandbox.paypal.com/checkoutnow?token=8KF74291SN313461D",
"rel": "approve",
"method": "GET"
},
{
"href": "https://api.sandbox.paypal.com/v2/checkout/orders/8KF74291SN313461D",
"rel": "update",
"method": "PATCH"
},
{
"href": "https://api.sandbox.paypal.com/v2/checkout/orders/8KF74291SN313461D/authorize",
"rel": "authorize",
"method": "POST"
}
]
}
Issue was their confusing API documentation.
order_application_context should be changed to: application_context in the API Call

How can I test flagged transaction response in test environment in Checkout.com

I am using Checkout.com for payment processing. I want to test flagged transaction response in a test environment.
How can I get this response in test mode?
Flagging a transaction is an action that is taken by a Risk Rule in Checkout.com
To be able to flag a transaction you simply need to set a risk rule in your Checkout.com Hub and trigger this risk rule in your payment request.
For example, you can set up a "threshold" risk rule that will flag a transaction if it exceeds (or it's bellow) a certain amount.
After setting up this, sending a payment request with a value that will trigger the risk rule, will result in a flagged response from the API.
You can also see some sample responses in the API Reference of Checkout.com
Here is a sample:
{
"id": "pay_jf7xoknmva3upbatzkiqcwvkea",
"action_id": "act_jf7xoknmva3upbatzkiqcwvkea",
"amount": 20000,
"currency": "USD",
"approved": true,
"status": "Authorized",
"auth_code": "290947",
"eci": "05",
"scheme_id": "638284745624527",
"response_code": "10000",
"response_summary": "Approved",
"risk": {
"flagged": true
},
"source": {
// dynamic based on your source
},
"customer": {
"id": "cus_vh2hq53yioouvg3etkuw2xdhcu",
"name": "Sarah Mitchell"
},
"processed_on": "2019-06-25T18:27:10Z",
"reference": "ORD-5023-4E89",
"processing": {
"acquirer_transaction_id": "8138182777",
"retrieval_reference_number": "000290947597"
},
"_links": {
"self": {
"href": "https://api.sandbox.checkout.com/payments/pay_jf7xoknmva3upbatzkiqcwvkea"
},
"actions": {
"href": "https://api.sandbox.checkout.com/payments/pay_jf7xoknmva3upbatzkiqcwvkea/actions"
},
"capture": {
"href": "https://api.sandbox.checkout.com/payments/pay_jf7xoknmva3upbatzkiqcwvkea/captures"
},
"void": {
"href": "https://api.sandbox.checkout.com/payments/pay_jf7xoknmva3upbatzkiqcwvkea/voids"
}
}
}
Notice the:
"risk": {
"flagged": true
},

PayPal Future Payment returns 'approval_url'

I'm currently attempting to integrate my app with Future Payments and in the documentation, it mentions:
Unlike the standard REST API docs that demonstrate a one time payment,
a future payment doesn't require you to separately get payment
approval after getting initial user consent. The payment is
pre-approved by the user.
So looking at the example, I should get a response which contains:
"state": "authorized"
"links": [
{
"href": "https://api.paypal.com/v1/payments/authorization/4TD55050SV609544L",
"method": "GET",
"rel": "self"
},
{
"href": "https://api.paypal.com/v1/payments/authorization/4TD55050SV609544L/capture",
"method": "POST",
"rel": "capture"
},
{
"href": "https://api.paypal.com/v1/payments/authorization/4TD55050SV609544L/void",
"method": "POST",
"rel": "void"
},
{
"href": "https://api.paypal.com/v1/payments/authorization/4TD55050SV609544L/reauthorize",
"method": "POST",
"rel": "reauthorize"
},
{
"href": "https://api.paypal.com/v1/payments/payment/PAY-2C433581AX997613HKJFBVLI",
"method": "GET",
"rel": "parent_payment"
}
],
And from what I understand, the transaction, along with the Client Metadata ID and Access Token in the request header, should be automatically processed, without further approval, because the user has already given consent.
So if the transaction intent is 'sale', the success response 'state' would be 'completed' and if the intent is 'authorize', the state would be 'authorized'.
This makes sense, but when testing my app, I'm getting a response with an approval url that I need to redirect the user to and the state is 'created' not 'completed/authorized' ? -
"state": "created"
"create_time": "2016-03-20T00:42:25Z",
"links": [
{
"href": "https://api.sandbox.paypal.com/v1/payments/payment/PAY-3NA62949E72063722K3W7D4I",
"rel": "self",
"method": "GET"
},
{
"href": "https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-41A06151Y6402822R",
"rel": "approval_url",
"method": "REDIRECT"
},
{
"href": "https://api.sandbox.paypal.com/v1/payments/payment/PAY-3NA62949E72063722K3W7D4I/execute",
"rel": "execute",
"method": "POST"
}
]
I managed to resolve the issue by removing express_checkout from the scope. If this is enabled, it appears to override future payments so it no longer works and uses the express checkout pay flow instead.

Custom data from paypal JS button into webhook

The JavaScript PayPal button, http://paypal.github.io/JavaScriptButtons/ allows custom data to be sent in the data-custom field.
When using IPN, these data are clearly visible and usable.
However, I don't find any mention of custom data in the webhook documentation; I would expect the "Sale Completed" event to receive something about custom data.
So my question is twofold:
Has anyone managed to get the data and knows what field contains them?
Is there a way to simulate this, given the webhook simulator does not allow any field to be entered?
Webhooks do not support any custom data for simulator. Simulator provides a sample of payload for an event. It does not allow any other data field except URL/EventType. If you want to use the custom data you may use them and don't want to use a live account for testing, you can try it with a sandbox account and go through flow for the Webhook event type for which you want to send custom data.
Also sample for PAYMENT.SALE.COMPLETED for your reference:
{
"id": "WH-2WR32451HC0233532-67976317FL4543714",
"create_time": "2014-10-23T17:23:52Z",
"resource_type": "sale",
"event_type": "PAYMENT.SALE.COMPLETED",
"summary": "A successful sale payment was made for $ 0.48 USD",
"resource": {
"id": "80021663DE681814L",
"create_time": "2014-10-23T17:22:56Z",
"update_time": "2014-10-23T17:23:04Z",
"amount": {
"total": "0.48",
"currency": "USD"
},
"payment_mode": "ECHECK",
"state": "completed",
"protection_eligibility": "ELIGIBLE",
"protection_eligibility_type": "ITEM_NOT_RECEIVED_ELIGIBLE,UNAUTHORIZED_PAYMENT_ELIGIBLE",
"clearing_time": "2014-10-30T07:00:00Z",
"parent_payment": "PAY-1PA12106FU478450MKRETS4A",
"links": [
{
"href": "https://api.paypal.com/v1/payments/sale/80021663DE681814L",
"rel": "self",
"method": "GET"
},
{
"href": "https://api.paypal.com/v1/payments/sale/80021663DE681814L/refund",
"rel": "refund",
"method": "POST"
},
{
"href": "https://api.paypal.com/v1/payments/payment/PAY-1PA12106FU478450MKRETS4A",
"rel": "parent_payment",
"method": "GET"
}
]
},
"links": [
{
"href": "https://api.paypal.com/v1/notifications/webhooks-events/WH-2WR32451HC0233532-67976317FL4543714",
"rel": "self",
"method": "GET"
},
{
"href": "https://api.paypal.com/v1/notifications/webhooks-events/WH-2WR32451HC0233532-67976317FL4543714/resend",
"rel": "resend",
"method": "POST"
}
]
}
Has anyone managed to get the data and knows what field contains them?
Not Supported.
You may refer for the fields at https://github.com/paypal/JavaScriptButtons#editable-inputs
Is there a way to simulate this, given the webhook simulator does not allow any field to be entered? Not Supported