So what do you use the secret key for ?
I'm developing using WordPress/Php and got a bit annoyed at the various Paypal plugins not doing exacly what I wanted them to, so I wrote my own plugin which works perfectly. I can get any interaction I want within my applications.
I'm using Paypal checkout, but my implementation only uses the public key. Most PayPal plugins I've seen you have to provide both the public and private keys. It just dawned on me that I'm not using the private key.
My question is what do I do with the private key ?
Do I need to use it. I've been through the paypal documentation and although there is lots of documentation about the private key, there is nothing that says you have to use it. Should I be bothered about not using it.
If you are referring to the REST API clientid and secret, the secret is used for server-side API communication with PayPal.
If your integration is not doing any server-side API communication with PayPal, then you won't be using it for anything.
Server-side integrations are more robust, and require a developer with the knowledge and ability to implement them. Here is a front-end UI pattern that would communicate with 2 server-side routes: https://developer.paypal.com/demo/checkout/#/pattern/server
Those routes would need to be created on the server, and implement the appropriate business logic as well as do API calls to PayPal, using the clientid and secret, to 'Set Up Transaction' and 'Capture Transaction', respectively. Here is information on that: https://developer.paypal.com/docs/checkout/reference/server-integration/
Related
I have this question regarding 2 npm PayPal packages, what is the difference between
paypal-rest-sdk and #paypal/checkout-server-sdk ? And can you implement webhooks using #paypal/checkout-server-sdk or there is no need for webhooks for this package ?
paypal-rest-sdk
checkout-server-sdk
var paypal = require('paypal-rest-sdk');
const paypal = require('#paypal/checkout-server-sdk');
All PayPal-*-SDK for every language have been deprecated for a long time and should not be used for anything. This includes the one for node that's in npm as #paypal/paypal-rest-sdk.
The Checkout-*-SDK for every language, in npm for node as #paypal/checkout-server-sdk, implements the v2/checkout/orders API (and only that API). It can still be used if desired, although I've heard it will be deprecated soon as well. Currently all developer.paypal.com documentation only references doing direct HTTPS REST API integrations, using a client id and secret to first obtain an access_token. For node in particular, there is a full stack example in the PayPal Checkout integration guide that serves as a useful starting point, although I recommend the client side onApprove function in this approval flow since that sample includes client-side error handling of the capture response (restarting or showing an error as appropriate)
As for webhooks, they are a separate matter. There is no current SDK for them. The server-side capture API response is already sufficient for normal orders API payments so you may not need webhooks for what you're doing, but if there are specific events you're interested in listening for (such as refunds or disputes that occur on PayPal.com ) you'll need to subscribe to the event(s) you want -- either in the REST app or using webhook API calls.
I am trying to use PayPal Express Checkout with the Braintree SDK and unfortunately the documentation is seriously inadequate in some places. I need to generate a client code on the server (with Java), for which I need to use the following code to generate the gateway object according to the docs:
BraintreeGateway gateway = new BraintreeGateway(useYourAccessToken);
Unfortunately it doesn't explain what access token it is referring to. I seem to be able to generate an access token with 'Generate Sandbox Access Token' under 'My Apps & Credentials' in the PayPal dashboard, and this works. But it has an unusably short expiry date, expiring at the end of today, which obviously makes testing problematic if I have to change the code every day.
There seems to be another constructor for BraintreeGateway, allowing me to pass in an environment specifier (e.g. sandbox), merchant ID, public key and private key. I believe that the public key and private key parameters might be what is visible to me as client ID and secret, in 'SANDBOX API CREDENTIALS', but I'm not sure what merchant ID is.
Any help would be most appreciated.
Idiocy on my part. I wasn't looking closely enough at the expiry date. It's not today, it's 10 years from today! Duh.
I am using Braintree payment in my app. It works perfectly fine using nonce method using server, this method.
But now our requirements changed and we are not allow to use any sever to verify nonce.
In Braintree we can use tokenization key authorizes clients to tokenize payment information. But there is not any descriptive information about it, this method. Only one line of code is provided in doc and there is no other resources I found useful for tokenization key method.
let apiClient = BTAPIClient(authorization: tokenizationKey)
How to use it with DropInUI ?
apiClient is always return nil.
Also I checked Briantreeios demo, but its very confusing. In some example I don't know how payment method work and on which end points used to verify details and deduct amount.
Thanks in advance.
Full disclosure, I work at Braintree. If you have any further questions, I recommend contacting Support.
You are not able to perform transactions directly from the client. Braintree is a full stack solution that requires a server integration with one of Braintree's available SDKs or by using the GraphQL API. In either case, you cannot make payments directly from the client using a tokenization key.
I need to add PayPal button on client's website. It is first time I am doing this and I asked for credentials he gave me API signature, API username and API password. I was checking lots of tutorials how to add PayPal button, they use sandbox/live Client ID and Secret. Can I use this API credentials instead?
I searched a lot but couldn't find an answer.
I am coding in CodeIgniter 3.
Thanks
Username, Password, and Signature are related to Classic API integration.
Client ID and Secret are related to the REST API integration.
Which one do you want to work with?
Or, the easiest option is to use PayPal Standard Payment Buttons, but that will also be the most limiting.
We actually have a PayPal CodeIgniter Library that you might be interested in. It was built for the Classic API.
The general PayPal PHP SDK that it's based on is now available with Composer, so I would recommend installing it that way.
We'll be releasing an update to that library before the end of the year that adds all of the REST APIs. It's available in the dev branch on GitHub already.
In case one is asked to enter their PayPal API keys (API user, API password, API signature), what can the receiving end actually do with those?
The receiving end wants to use the keys for Express Checkout and that's fine, but I'm not sure whether giving such information would actually enable the other party to make use of other functionality (such as having a look at the balance of the account).
Generally speaking, you can have a look at PayPal's REST API documentation to see what can be done with an API key. I'm not aware of any way to grant subsets of permissions to an API key (but I don't know for sure that it's impossible, either).
There's also the SOAP API. I haven't used it, so I'm not entirely sure if it uses the same API keys or some separate authorization mechanism. It does contain a GetBalance API, though.
It should perhaps be noted that I don't think it should be considered impossible that PayPal extends the API-accessible functionality at any time, though.