EuPlatesc payment integration - plugins

EuPlatesc is a Romanian provider for online payments.
I want to integrate this in Sylius platform as a plugin. I've reached the phase where I'm handling the step after checkout that reaches CaptureAction.php.
However EuPlatesc works with a POST request made to a secure url, similar to this description PHP Redirect with POST data.
Is it possible to implement this kind of behavior in Sylius ?

You can use Payum\Core\Reply\HttpPostRedirect class, which makes a POST request and redirects user to payment processor page. The example of it usage you can find in Be2Bill gateway

Related

PayPal Node SDKs: difference between paypal-rest-sdk and #paypal/checkout-server-sdk for webhooks?

I have this question regarding 2 npm PayPal packages, what is the difference between
paypal-rest-sdk and #paypal/checkout-server-sdk ? And can you implement webhooks using #paypal/checkout-server-sdk or there is no need for webhooks for this package ?
paypal-rest-sdk
checkout-server-sdk
var paypal = require('paypal-rest-sdk');
const paypal = require('#paypal/checkout-server-sdk');
All PayPal-*-SDK for every language have been deprecated for a long time and should not be used for anything. This includes the one for node that's in npm as #paypal/paypal-rest-sdk.
The Checkout-*-SDK for every language, in npm for node as #paypal/checkout-server-sdk, implements the v2/checkout/orders API (and only that API). It can still be used if desired, although I've heard it will be deprecated soon as well. Currently all developer.paypal.com documentation only references doing direct HTTPS REST API integrations, using a client id and secret to first obtain an access_token. For node in particular, there is a full stack example in the PayPal Checkout integration guide that serves as a useful starting point, although I recommend the client side onApprove function in this approval flow since that sample includes client-side error handling of the capture response (restarting or showing an error as appropriate)
As for webhooks, they are a separate matter. There is no current SDK for them. The server-side capture API response is already sufficient for normal orders API payments so you may not need webhooks for what you're doing, but if there are specific events you're interested in listening for (such as refunds or disputes that occur on PayPal.com ) you'll need to subscribe to the event(s) you want -- either in the REST app or using webhook API calls.

Any code to integrate paypal in ASP.NET Core 6 MVC?

I am developing my first website e-commerce with Visual Studio 2022 and ASP.NET Core 6 MVC. Could someone share with me some code in order to integrate Paypal payments for this version of website?
PS: also, if there is any tutorial that you advise me in order to follow and develop my first e-commerce with ASP.NET Core 6 MVC.
Thanks
Could someone share with me some code in order to integrate Paypal payments for this version of website?
For Paypal integration you should attach it with your order in that
case you can Call the v2/checkout/orders API directly. Here are the URL.
Endpoints For v2 Orders API
Server-side create: https://developer.paypal.com/docs/api/orders/v2/#orders_create
Server-side capture: https://developer.paypal.com/docs/api/orders/v2/#orders_capture
Understand how it works
Here you could have a look how to implement implements on the order page. So that it will be easier for you to understand. You just need to call a few APIs.
Paypal Integration Guides
I would suggest to follow the PayPal Checkout integration guide and make 2 routes on your server, one for the 'Create Order' and one for 'Capture Order' (see the optional step 5 in 'Add and modify the code'). Both of these routes should return only JSON data (no HTML or text). Inside the 2nd route, when the capture API is successful you should store its resulting payment details in your database (particularly purchase_units[0].payments.captures[0].id, which is the PayPal transaction ID) and perform any necessary business logic (such as sending confirmation emails or reserving product) immediately
before forwarding your return JSON to the frontend caller.
Pair those 2 routes with this frontend approval flow: https://developer.paypal.com/demo/checkout/#/pattern/server
.Net server-side SDK
You can get the SDK sample here: https://github.com/paypal/Checkout-NET-SDK
(using this SDK is optional, direct HTTPS API calls first using a clientid+secret to obtain an access token are also possible. In any case, do not use the deprecated PayPal-NET-SDK which is for the old v1/payments API)
Note
While you would be working on implementation, if you encounter any specific issue feel free to post that. That will be more convenient to assist you on this. First, try to implement within your application.
PayPal website says to use Braintree. Here is the link to the tutorial for you: https://developer.paypal.com/braintree/docs/start/hello-server/dotnet

How to implement CyberSource REST 3D Secure

I'm trying to implement 3D Secure via CyberSource's REST API. I've got their REST SDK via : Github REST SDK and I've been using their Live Console examples as well: CyberSource Live Console
Now I know you meant to start by setting up Payer Auth via
On this link: Setup Payer API Ref
But want I'm looking for is a guide on how all the parts are put together, all their other older implementations seem to have PDF guides demonstrating the different flows of the API but I can't find anything for REST. I know at the end I should using the example of "Authorization with Payer Auth Validation" via this link Payer Auth API Ref but I need to be able to test everything, and know what properties I need to use on which API call or share between API calls.
For instance like this 3D Secure API guide: Sage Pay API Guide . On this guide they detail the various request and response messages. Different flows, such as Frictionless authentication , Challenge Auth. I'm specifically interest in the Challenge Auth flow whereby you would redirect your customer to the acsUrl received. If anyone has any guides or assistance they can provide to make this process more clear it would be greatly appreciated. We've put in requests for more information from the intermediary party we are using between CyberSource but it's slow going. Thanx all
For anyone else arriving here, there is now a CyberSource 3D-Secure REST guide here.
At this time there is not a guide for the REST API that has the complete picture. Instead you have to use the SOAP API guide here SOAP Guide. See Chapter 2 within that guide. Where that guide references SOAP API calls replace them with the REST API calls. It's not ideal but that is all that is available.

How to use PayPal API credentials?

I need to add PayPal button on client's website. It is first time I am doing this and I asked for credentials he gave me API signature, API username and API password. I was checking lots of tutorials how to add PayPal button, they use sandbox/live Client ID and Secret. Can I use this API credentials instead?
I searched a lot but couldn't find an answer.
I am coding in CodeIgniter 3.
Thanks
Username, Password, and Signature are related to Classic API integration.
Client ID and Secret are related to the REST API integration.
Which one do you want to work with?
Or, the easiest option is to use PayPal Standard Payment Buttons, but that will also be the most limiting.
We actually have a PayPal CodeIgniter Library that you might be interested in. It was built for the Classic API.
The general PayPal PHP SDK that it's based on is now available with Composer, so I would recommend installing it that way.
We'll be releasing an update to that library before the end of the year that adds all of the REST APIs. It's available in the dev branch on GitHub already.

REST API: Providing redirect URIs to external services using client app domain

Background
I have a RESTful API accessed through the domain http://restapi.com
I have a client app using http://restapi.com. The client app has the domain http://myapp.com
The way I have my HATEOAS setup is that the API presents URIs without a domain. So instead of http://restapi.com/some/resource, it contains links to resources like so /some/resource. Example API json resource below:
{"_links":{"self":{"href":"/some/resource"}}}
The benefit this has is that the API doesn't need to know about the client app, and the client app has to do very little to get the correct resource from the API and doesn't have to reformat all the URIs in the resource. For example, in the client app, the following URI would be used by the browser http://myapp.com/some/resource. When the app gets the request, it then needs to call the API to get the resource and simply swaps the domain i.e. http://restapi.com/some/resource.
This has been successful so for, and allows a lot of flexibility to have different clients use the API with the only knowledge required being the initial end point (domain) of the API. It also completely decouples the API from the client apps.
The problem I have run into is that I have started using some external services (specifically PayPal adaptive payments) where I need to provide a redirect URL for cancelled payments and successful payments. For example, the browser navigates to http://myapp.com/payment. The resource returned by http://restapi.com/payment presents a link to PayPal. Without going into too much detail, the API has to ask PayPal for a payment ID, which can then be used to create a link to a PayPal payment e.g. http://paypal.com?PayId-123456. Part of the creation process requires that URLs are provided to redirect on payment cancellation or success. Again, don't want to go into details, but when requesting a PayId from PayPal, the redirect URLs are sent as variables to PayPal, and I guess PayPal stores them against the specific PayId created.
The browser navigates to the link returned in the resource - http://paypal.com?PayId-12345. Payment is made and PayPal then uses the redirect URLs as needed to redirect back to my app e.g. on successful completion of payment, PayPal should redirect to http://myapp.com/paymentcomplete. Note: I realise that this is not a restfully named URI, but it simplifies building up the description of my problem
Problem
The problem I have may now be obvious. I need to redirect back to http://myapp.com/paymentcomplete, BUT its the API that provides the redirect URL to PayPal. It has no knowledge of the client application. Since PayPal is an external service, the full URL must be provided. The best the API can do is send http://restapi.com/paymentcomplete as the redirect URL, but if PayPal redirects to this, the resulting response will be a JSON string (the output format of my API) not the nicely formatted page of the client app.
My question is, what is a good way to correctly provide the redirect URL to PayPal?
One thought I had was to make the client application handle creating the PayPal PayId, but I don't like this option as I would like to keep the creation of the PayPal payment ID on the API side. It would also require every client app to provide its own implementation, something I also don't want.
The other option I though of was to ask the client to provide its domain in the request. Currently the request the client makes to get the resource with the link to PayPal is GET http://restapi.com/payment, but I could use POST http://restapi.com/payment with the client providing its domain as a param. The API can then use this to construct the correct redirect URL. I don't really like this idea either as its seems a bit hackish and also requires the app to know that is must fill in this field i.e. a human user wouldn't fill the domain input in.
Additional solutions, or thoughts greatly welcomed.
As you had already mentioned, PayPal is an external api that requires this additional parameter and you do not have control over it. Looks like the client is the only party that can provide the Redirect URI Information.
Couple of ideas come to mind.
The client could send the redirect uri to restapi via header and thus
keeping your rest urls intact. This is a grey area and not a violation of restful api
in my opinion. (Then again, its just my opinion).
The restapi could return the response with a placeholder for the
client to fill in before rendering. This way the API need not know
about the redirect uri and the responsibility is left to the client
which has this information.
It would be nicer if you could implement option 2 with executing couple of lines on Javascript code on the browser to fill-in the placeholder. Which is easy. Ultimately, only 2 end points of this transaction would be aware of the redirect uri - browser & paypal.
This alleviates most of your concerns. The job of handling PayPal id will continue to remain with your API.
You should be able to use the Referer header to determine the client's full URI. It might be populated automatically for you. If not, you can add it yourself. The URI class has methods to pull out the client's host for you. When the API builds the PayPal URI to return to the client, it can include the client's host.
Note that referer is not always included and sometimes gets stripped by intermediaries, as detailed on the wiki page. Since you control both the client and the server in this case, you should be able to tell everybody to play nicely.
I would keep the GET http://restapi.com/payment and pass in a query param with the client domain
GET http://restapi.com/payment?domain=http://myapp.com (of course, the "http://myapp.com" needs to be encoded)