Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
Have a bit of a sticky situation, working on upgrading an existing codebase to use the v2 REST API from PayPal for an ecommerce checkout and would like to replace billing/shipping info with the (verified) address data from the response after authorizing the requested payment total. However, I would need to recalculate real-time shipping costs and taxes based on the address returned from PayPal if it does not match the address supplied in our checkout flow. Is there a way I can modify the requested amount with new costs after the initial authorization without voiding the original? The documentation isn't the most clear, and seems to randomly jump between v1 and v2 API docs.
Yes. Submit the modified amount(s) in your v2/orders capture call.
All I needed to do was run a GET request to /v2/checkout/orders/(paypal order token) after returning from PayPal in order to pull in the address they supplied prior to the authorization request to compare against the original address and recalculate/update the order as needed, and run a PATCH to the order endpoint to set the new value before completing the authorization request.
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 2 years ago.
Improve this question
Moving from sandbox to live
I have Password, Username and Signature and my sandbox implementation working fine.
but when i change it to live i did not find any Password, Username and Signature here I have Client ID, Secret and Paypal account.
Am I missing something here?
Are they same ?
Password => Client ID;
Username => Paypal account;
Signature => Secret;
https://api-3t.sandbox.paypal.com/nvp
They are not the same, Client/Secret is for the new REST APIs.
To obtain your live Username/Password/Signature for older Classic APIs, go to http://www.paypal.com/api -> Classic NVP/SOAP Credentials
And of course, when using live credentials, remove "sandbox." from the domain of all endpoints you are connecting/redirecting to.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
We have developed a website that allows users to subscribe to a service using their Facebook credentials.
How do we create test Facebook accounts that can be used to execute end-user test cases for this feature?
You can create test users via the Graph API. You shouldn't refer to them as "fake" users because that has some negative connotations; Facebook actively peruses and shut's down fake accounts. I believe what you are talking about though is accounts to test Facebook applications...
The documentation details how to create test users via the api -
https://graph.facebook.com/APP_ID/accounts/test-users?
installed=true
&name=FULL_NAME
&locale=en_US
&permissions=read_stream
&method=post
&access_token=APP_ACCESS_TOKEN
You'll need to substitute all your own data in the request and the response you'll get back should look something like this -
{
"id": "1234...",
"access_token":"1234567..." ,
"login_url":"https://www.facebook.com/platform/test_account..."
"email": "example...#tfbnw.net",
"password": "1234..."
}
You can then use that users credentials to test your applications authentication process and functionality.
In addition to creating test accounts via the api, you can also use the interface within the application's dashboard under the "Roles" section - https://developers.facebook.com/apps/APP_ID/roles
Had the test accounts set up with no problem. Finally found the parameter I was missing to get the accounts to interact with the website properly.
Cheers.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
This is a problem because when I do email campaign, There is a link on the email, that link to my company homepage, I would like to differentiate between the visitor come from another way (e.g. search on google) or the visitor come from the email I have sent.
Notice that they should come form a email instead of a website,
Is it able to check such kind of information ? And is it possible to differentiate between campaign 1 and campagin 2 with same link? Thankyou
You cannot differentiate between an email vs web campaign link unless that link is tagged for campaign tracking. Campaign link tracking requires that you append additional data to the query params of a link according to specific conventions required by GA in order to differentiate between different campaigns.
Other wise, Google Analytics would not be able to differentiate between the same links from email vs banner links on a very granular level.
http://support.google.com/googleanalytics/bin/answer.py?hl=en&answer=55540
Google Analytics is the easiest way to do this. get an account, copy and paste the code they give you and they keep track of all of this for you in the traffic sources tab under the referrals traffic and even give you the exact url of the site your visitors are coming from. including emails and yes I believe you can differentiate between campaigns.
here is the url
http://www.google.com/analytics/
Google Analytic is perfect, just what you need.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 5 years ago.
Improve this question
In my country apple does not support subscription, I can't make an app that can purchase monthly or period of time subscription, any alternatives?
Contact Apple and ask if this is a temporary or constant condition. If it's temporary, wait it out.
Otherwise, you can implement login screens and authentication mechanisms as you would have them in a WebApp. The latest Developer Agreements allow for this (as opposed to the previous agreements where you had to offer inAppPurchase as well). The caveat is that according to the agreement, you may not link to your 3rd party payment/signup site from within the app.
Set up payment processing with the provider of your choice (e.g. PayPal) and manage your own database of registered users. Then, when a user starts the app, ask them to log-in by supplying a username and password. Send those to your server (e.g. using a regular POST request), verify them and deliver the contents to the user if he is authenticated.
Make sure to keep the user logged in after that to avoid annoyance.
The main challenge with this approach will be to let users find out about your service in the first place as you are not allowed to openly send them over in the first place. Then again, if Apple doesn't offer the functionality in your country, you may be able to get through review with it.
In either case, contact Apple, then act accordingly.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
Is it simply an artifact of the old fear (still around in some places) of cookies?
I also would like to know if it is bad practice to simply pass in user names from an outbound email.
Nothing is stopping the web app from always remembering the user for as long as they want on particular computer without asking explicit permission from the user. However, doing so has security and privacy implications on shared computers.
Imagine you go to a cyber-cafe or a library, sit on a shared computer and login to your bank website (which you shouldn't do from such places anyway :-)). The bank website tries to be "smart" and persists a cookie with a ticket based on your credentials. When you're done, you close the browser without logging off. Next person sits down, opens the browser, looks at the history and goes to the bank site. And now they have magically access to all your money.
That would probably be the last time you use that bank for anything.
Update: To answer the second part of the question (and the comment below)
If you are afraid of URL injection, you should probably not specify the username in the email URL itself. Instead, generate a one-time token (you could use a one-way hash of the user name and a website secret for example), which wouldn't mean anything to an external site, but would allow you to extract the user identity and prepopulate the field on the page.
Keep in mind that you should not include in the URL in the email enough information, so that clicking on that link would authenticate the user to your site. You still want the user to prove their identity.