We have an app where we want to onboard Merchants to connect their Paypal account and then they can accept money from the customers directly through our webapp. I read through the docs and am a little lost on how to start.
What I understood is :
Using this document Paypal Doc we first need to generate authorization code then generate refresh and access token. But this document is for Paypal Here.
Also on the Customer Side should I use Smart Buttons Doc where I can generate the order Id and execute the capture step on the Server side using the access token generated for the Merchants in the first part.
Am I heading in the right direction?
If you also need to do things like manage refunds via the API, have the merchants generate a REST client ID and secret via https://www.paypal.com/signin?intent=developer&returnUri=https%3A%2F%2Fdeveloper.paypal.com%2Fdeveloper%2Fapplications and copy this information into your configuration interface
If you don't need to do that, you can integrate PayPal Checkout with your own API credentials, and set a 'payee' object, https://developer.paypal.com/docs/checkout/integration-features/custom-payee/
Related
Is it possible to add or link PayPal to an account (get from paypal user access token or something like this ) to allow payments without authorization ( without log in and confirmation like with card if we have card number and cvc ) ?
And second question, I am using paypal sandbox and I cannot refresh the token when trying to execute the query
I get this answer
{
"error": "invalid_refresh_token",
"error_description": "No consent were granted"
}
Its possible they disabled this options on sandbox ?
Regards
Credit card company rules do not permit a cvc to be stored under any circumstances, so you would never "have" this information. It can only be transmitted when a card is first processed and then must be immediately discarded. As for storing card numbers themselves, there are many rules about that (PCI SAQ-D is a place to start, if you need to research it)
To your PayPal question, to be able to bill a PayPal account without the payer signing in (though they will always have to sign in for initial agreement/set up), the receiving PayPal account must have a feature called "reference transactions". The account owner can contact PayPal's general business support (not technical support) to explain the business need and inquire about being approved for enabling this feature. Once enabled, PayPal can guide you on which API to implement -- be it the older billing agreements API or a newer v2 or v3 vault one.
Refresh tokens are used by a Log in with PayPal integration to obtain a new access token when the old one (originally obtained from an authorization_code) is expired. If you are not integrating Log in with PayPal, refresh tokens are not applicable to what you are actually trying to do, and so the request in your screenshot won't be useful to you.
Refresh tokens are not used to obtain a regular REST API access token for authentication, which uses grant_type=client_credentials . If that's what you're actually trying to do, the documentation is here. The public PayPal Postman API collection sample takes care of this step for you, in the collection-level pre-execution script.
I have got a Paypal order, with a order id (O-123213XXXX) from Paypal. I am trying to Authorize it via Hybris Storefront. Hybris will pass the payload to third party when user clicks on place order button, that third party will authorize the payment by communicating to PayPalExpress processor.
My payment is reaching till the processor and I am getting the response like [cart] 10002 Security Header not valid. I searched online and came to know that its something related to invalid API Credentials. They are suggesting not to get confused with live Paypal credentials with sandbox credentials.
I have cross-checked everything,
1) I have a Paypal button at my Hybris Storefront which user click when they wish to pay using Paypal. This will create the order.
2) After which, I am logging in using my sandbox test user account of type personal to approve the order via Paypal popup window.
3) Next, I execute that order. Before that, I need the bearer access-token using my online store's "Sandbox" Client ID and Secret Key combination in another REST call. (Just to mention... this online store/app is associate with a sandbox account of type "Business")
Once I get the token, I execute the order via another REST call using that access-token.
4) Now I get the Order Id from Paypal so that once the order is placed in Hybris, it will be Authorized and then Captured at a later stage. (Thats the plan...)
I have noticed in the Paypal developer account that the Business account associated with my online store/app has some credentials such as Username, Password and Signature.. But I am not using them anywhere in my flow.
(Those are for SOAP/NVP Calls that what they say in docs..)
and now I am getting 10002 Security header invalid response from processor.
As per my understanding I am not using any live credentials anywhere but the sandbox.
or am I missing something related to those mentioned credentials I am not using anywhere??
I'm trying to integrate with Braintree using the javascript SDK and the dropin plugin, but there is something I find hard to understand.
It seems that the user gives a free permission with his "payment_method_nonce" to charge his credit without him knowing how much he is being charged for. let me explain:
Looking at the flow overview:
1. Client request an authorization token from my server.
the server then creates a new token using his unique "Braintree SDK and credantials",
the sever send the token back to the client.
The User enters his credit card number and submits -> client sends a request to Braintree server.
Braintree server returns an "payment_method_nonce" to the client.
The Client send the "payment_method_nonce" to my server.
Using the "payment_method_nonce" my server create a transaction, set a price to charge and send a request to Braintree server. The user doesn't knows how much he was charged since the request was sent from the server.
When I worked with Paypal directly (without Braintree SDK) the user was redirected to the "paypal domain" to complete the transaction.
there he was presented with all the details about the transaction, price and all, but with "Braintree" this step is missing.
what am i missing here?
Full disclosure: I work at Braintree. If you have any further questions, feel free to contact support.
The Drop-In is a pre-made UI for accepting cards and PayPal. It should not be used as the sole part of your checkout.
You are responsible for incorporating the Drop-In UI into an existing checkout workflow within your store, which should include confirmations of meaningful transaction information such as address, amount, etc. By contrast- PayPal, who has security concerns for their account holders, includes some checkout steps to their UI as a means of providing trust and security to their customers.
I have a website where I want to offer 2 ways to checkout. One with a plain credit card using Stripe (Stripe Checkout) and the other with Paypal.
The way Stripe Checkout works is that when the user clicks a button on my web page, I trigger the checkout request which pops a modal and lets the user enter his credentials. Then it sends the data over to their servers to validate the card and returns a unique token which can is used to identify the card. I send the token via an AJAX request to my server and charge that token using my secret key. So the basic flow is:
Generate a token in the client side
Send that token to the server
Charge the token
I was looking for a similar workflow with Paypal Express Checkout but it seems like the only options are:
Generate a token and execute the payment in the Client side
Generate a token and execute the payment in the Server side
There seems to be no combination of both of them. I want to charge my client from my server as there are several things that take place when I charge the client.
Is it possible, with Paypal Express Checkout, to generate a token in the client and charge it on the server?
Yes, you can create on the client and execute on the server. Take a look at this doc, hopefully it'll help: https://github.com/paypal/paypal-checkout/blob/master/docs/hybrid.md
I have a Java application that has just been updated with e-commerce features that use the Paypal REST API (https://developer.paypal.com/docs/api/).
I have multiple customers who run this application, each of them can log in to their own admin panel and manage their store and other features.
The Java client for Paypal REST API is working, I have tested it in the Sandbox of my own Paypal account and also in the live environment.
Question: Will each customer have to go into their Paypal account and activate the REST API to generate their key/secret for use in the Java app or is their a way for me to pay multiple PP acounts from the App/key/secret that is already active for my own PP account?
The only thing the Java app is doing with the PP API is creating and executing a payment.
If each customer has to create their own key/secret is there a quick way for them to do this from their PP admin panel? Currently the only way I know is to go into the developer.paypal.com section of the site, which doesn't seem very intuitive for a non techy.
At this time the PayPal REST API does not support third party payments in that way. The customer would need to use developer.paypal.com as you suggested to get their own PayPal REST credentials.
You can collect money and send it out using your own REST credentials but this would make you the liable receiver for the purchase.
PayPal has solutions outside of the REST API that might work for you here: https://developer.paypal.com/docs/marketplace-split-payments/
The Classic API does have a subject option, the subject is the third party. You do need permissions for some of the API calls; however, the permissions API can ease that process.