How to set category for PayPal Smart Buttons? - paypal

When I view the transaction details in Paypal sandbox as buyer, it says "Category: flights".
Is it possible to change that - or is this automatically determined by Paypal? (The documentation only knows about item category physical/digital, but setting this value doesn't change anything.)
My code:
actions.order.create({
purchase_units: [{
"items":[
{"name":"ARGENTINISCHES H\u00dcFTSTEAK","unit_amount":{"currency_code":"EUR","value":"12.50"},"quantity":1,"sku":"FG_001"},
{"name":"Beilagensalat","unit_amount":{"currency_code":"EUR","value":"3.50"},"quantity":1,"sku":"FG_008"}
],
"amount":{
"currency_code":"EUR",
"value":"16.00",
"breakdown":{"item_total":{"currency_code":"EUR","value":"16.00"}}
}
}],
application_context: {
payment_method: {payee_preferred: "IMMEDIATE_PAYMENT_REQUIRED"},
shipping_preference: "NO_SHIPPING"
}
});

This is an account setting, not an integration issue.
You can try editing the category of the sandbox Business account you are receiving the payment with, via https://www.sandbox.paypal.com/businessmanage/account/aboutBusiness -> Update
But since it's sandbox, you can also just not worry about it. The setting in sandbox will not have any relation to any live account this integration ever processes payment with.

Related

Are PayPal Smart Checkout Buttons vulnerable?

I am making an Ecommerce website which should allow Paypal payments, using Smart Checkout Buttons.
My worry is that everyone can Curl my website, getting the raw HTML+js page and edit the purchase unit values. Once they've done that they could run the webpage, the js code will be executed, the button gets rendered with fake values, and they could fake the payment (with less money).
Is that true? And are there any solutions still using the Smart Button (Without the REST API)?
I cannot create manually the buttons since there will be many articles which are sold by different users.
paypal.Buttons({
// Set up the transaction
createOrder: function(data, actions) {
var o = actions.order.create({
purchase_units: [{
amount: {
value: '30.99' //Can users change this ?
},
payee: {
email_address: 'sb-qloys3515897#business.example.com'//email of the sellers
}
}]
})
return o;
},
// Finalize the transaction
onApprove: function(data, actions) {
console.log(details);
return actions.order.capture().then(function(details) {
// Show a success message to the buyer
//alert('Transaction completed by ' + details.payer.name.given_name + '!');
alert(details);
});
}
}).render('#paypal-button-container');
If you use client-side code only then yes, anyone can edit that client side code right in their browser and pay you any amount they wish, from $0.01 to tens of thousands of dollars.
If this scenario concerns you, then a client-side only integration is obviously too simple for you, and you should instead implement one with your server that does the validation you desire.
Create two routes on your server, one for 'Set Up Transaction' and one for 'Capture Transaction', documented here.
Then have your PayPal button call those two routes; here is the best demo code: https://developer.paypal.com/demo/checkout/#/pattern/server

PayPal Checkout Smart Payment Button use Custom Payee

Hi I have successfully Integrated PayPal Checkout Smart Payment Buttons, where i am using custom payee reference https://developer.paypal.com/docs/checkout/integration-features/custom-payee/
My point is if the custom payee email is invalid still the payment completes and the fund goes to the account of the API credentials owner. But I don't want that. IF custom payee email is wrong the payment should not be successful, it must throw a error with proper message so i can catch the error.
I didn't get any solution from paypal docs.
if the custom payee email is invalid still the payment completes and the fund goes to the account of the API credentials owner
What do you mean by 'invalid'? Please be specific about your meaning.
If the email is not associated with an existing PayPal account, the payment will be in a pending state. The owner has 30 days to create a PayPal account using that email (or add it to an already existing PayPal account) and accept the pending payment. If they do not do so within 30 days, the payment will be automatically refunded. In this scenario, it is not the case that "the fund goes to the account of the API credentials owner". That is not happening.
Now, if you are trying to pass a payee object at payment setup time with a blank / empty string email_address, then it will just be ignored, and the payment will go to the API credentials owner as per normal payment processing w/o a custom payee.
So, you need to do your own validation to ensure the payee field is non-blank. You could simply check that it is a non-empty string.
Or, do one better, and actually check that it is an email address in a valid format:
function isEmail(y) {
var re = /^(([^<>()\[\]\\.,;:\s#"]+(\.[^<>()\[\]\\.,;:\s#"]+)*)|(".+"))#((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
return re.test(String(y).toLowerCase());
}
If it is not valid, you should not allow the order creation to proceed using that non-valid custom payee, since it will obviously not create the transaction you wish. Instead, you should display an error that the checkout is not set up properly for this user/recipient/payee.
<script src="https://www.paypal.com/sdk/js?client-id=XXXXXXXXXX"></script>
paypal.Buttons({
createOrder: function(data, actions) {
return actions.order.create({
purchase_units: [{
amount: {
value: '1.00'
},
payee: {
email_address: 'someemail#somedomain.com'
}
}]
});
},
onApprove: function(data, actions) {
// This function captures the funds from the transaction.
return actions.order.capture().then(function(details) {
//success
},
onCancel: function (data) {
//cancel payment
}
}).render('#paypal-button-container');
Here the payee email is not exists and fund goes to api owner

Paypal Smart Payment Buttons and create subscriptions give me a RESOURCE_NOT_FOUND error

I'm using a Sandbox and I created a paypal plan with Paypal PHP SDK and activated it.
I'm following the integration guide to create a subscription to this plan (https://developer.paypal.com/docs/subscriptions/integrate/#4-create-a-subscription).
But when I clic on the yellow button I have a Javascript Error in the console :
Error: Create Subscription Api response error:
{
"name": "RESOURCE_NOT_FOUND",
"message": "The specified resource does not exist.",
"debug_id": "23912dc1195d",
"details": [
{
"issue": "INVALID_RESOURCE_ID",
"description": "Requested resource ID was not found."
}
],
"links": [
{
"href": "https://developer.paypal.com/webapps/developer/docs/api/#INVALID_RESOURCE_ID",
"rel": "information_link",
"method": "GET"
}
]
}
I checked if the plan exists and it's OK with the Paypal PHP SDK.
Here is the Javascript code used :
<script src="https://www.paypal.com/sdk/js?client-id=sandbox_paypal_client_id&vault=true"></script>
<div id="paypal-button-container"></div>
<script>
// paypal.Buttons().render('#paypal-button-container');
paypal.Buttons({
createSubscription: function(data, actions) {
return actions.subscription.create({
'plan_id': 'P-8N6112936N290211KKMN5MZI'
});
},
onApprove: function(data, actions) {
alert('You have successfully created subscription ' + data.subscriptionID);
}
}).render('#paypal-button-container');
</script>
In the paypal developer dashboard I see the API call for this action, but in orange...
Thanks in advance for your help.
I also ran into this problem. My confusion when following the Subscriptions Integration instructions was that I thought the SDK would work with Subscription Plans (API endpoint /billing/plans), but at the time of writing it doesn't (at least the PHP and .NET versions) - the SDK only works with the older Billing Plans (/payments/billing-plans) which are very similarly named (Plans for short).
As #giannisrig says, you have to call the Subscription Plans part of the API directly (/billing/plans). I hope they'll update the SDK soon - this seems like an important missing feature.
In addition to what Harvey Kadyanji said make sure that:
The Plan is in active state
That the plan was created through the Subscriptions API and Catalog Products API
If you are following the steps provided from paypal in this link:
https://developer.paypal.com/docs/subscriptions/integrate/ you will have to use the Subscriptions API to create the Plans and not the Billing Plans and Billing Agreements APIs.
Use the sandbox business account associated with the sandbox client ID you're using and make the paypal smart subscription or plan through there. The planId and clientId need to belong to the same sandbox account.
I had the same problem and the following solved my issues:
Make sure the sandbox_paypal_client_id provided is valid
Make sure the plan_id exists
Add the plan name in the request e.g.
{
'plan_id': 'P-8N6112936N290211KKMN5MZI',
'name': 'Monthly plan'
}
Probably you are loading the button script with "client-id=sb" or no client id specified. In order to work with plans you created via API you need to explicitly set "client-id" to the client-id of your REST SDK app when loading the script. Then the buttons will find your created plan.
I also answered to basically the same problem in the PayPal community forum

Include a message/note field in a PayPal API payment

I am building a really simple payment form where the user can enter an amount and a thank you message. I have got it successfully working with just the amount but I cannot get add a message field and get it to come through!
Here is just the payment function of my JavaScript:
payment: function(data, actions) {
return actions.payment.create({
payment: {
transactions: [
{
amount: {
total: window.transactionAmount,
currency: 'GBP'
},
note_to_payee: document.getElementById('custom-message').value,
description: 'A gift to Martin.',
custom: 'This is a test custom field',
payee: {
"email": "martin#[hidden].com"
}
}
]
},
experience: {
input_fields: {
no_shipping: 1,
allow_note: true
}
}
});
},
I have tried setting custom and note_to_payee but neither seem to be recorded on either the notification email or the data that is logged in the recipient's account.
I have also tried turning on the ability for the payer to add a note by setting allow_note: true in the experience config but that does nothing!
Please help, just any way of passing through a little message with the payment is all I need.
It took PayPal Support team 4 days to come back with the answer that No, it cannot be done.
Here's their full response:
With regard to your request, I have to inform you that "note to seller" (allow_note:true) field is only available in the older PayPal payment experience, and is not available in the newer payment experience.
Unfortunately, there's nothing the caller can do at this time to force an old or new experience and we recommend to collect this information in your website where possible.
So it looks like they've dropped one of the nicest and most simple features of the PayPal checkout which was the ability to include a friendly little note.
Now, my only option is to build a whole back-end system with API end-points and extend my JavaScript just to record my payer's note. Meanwhile, every email notification I receive will continue to contain that annoying lie: "The buyer hasn't entered any instructions".
PayPal: Please, either implement a feature in your new process or remove/hide the feature! Don't do a half-way job. You take 10% of all my transactions, I expect better.
A workaround for this would be to use an "option variable" to create a textbox in your checkout flow. An example of an option variable would be "os0" and "on0".
Here is an example on our website on how you would implement this: https://www.paypal.com/us/cgi-bin/webscr?cmd=_pdn_xclick_options_help_outside
https://developer.paypal.com/sdk/js/reference/#onapprove
paypal.Buttons({
createOrder: function(data, actions) {
...
},
onApprove: function(data, actions) {
// This function captures the funds from the transaction.
return actions.order.capture().then(function(details) {
// This function shows a transaction success message to your buyer
alert('Transaction ' + transaction.status + transaction.id);
window.location.href = 'https://www.yoursite.com/page.php?trnsid='+ transaction.id;
});
}
}).render('#paypal-button-container');
You can do a redirect onApprove.
If the transaction was completed redirect the user to a page with a FORM THAT GET/capture the transactionID (associate the message with a transaction) and ADD a MESSAGE TEXTAREA so user can send some notes after payment.

PayPal Item(s) w/ Description on Review Page

Using the PayPal REST api, I'm passing in this to new payments:
transactions: [
{
amount: {
total: "10.00",
currency: "USD",
details: {
subtotal: "10.00"
}
},
description: "My item description."
}
],
Snippet of the actual request
On the PayPal approve page, though, only the subtotal is displayed - nowhere does the description show up, nor do individual item listings - only the subtotal in USD shows up.
How can I make individual items with descriptions in the REST API checkout? I'm using &useraction=commit by the way.
You would need to pass over the line items in the SetExpressCheckout API call that you are making. There is a list of variable that can be passed over in the developers guide. I have checked with our engineers, and this feature has not been pushed live yet. Line items will be supported, but the feature is not yet live with the New REST API's.

Categories