Braintree payment integration : Using Client AuthorizationTokenization Keys - swift

I am using Braintree payment in my app. It works perfectly fine using nonce method using server, this method.
But now our requirements changed and we are not allow to use any sever to verify nonce.
In Braintree we can use tokenization key authorizes clients to tokenize payment information. But there is not any descriptive information about it, this method. Only one line of code is provided in doc and there is no other resources I found useful for tokenization key method.
let apiClient = BTAPIClient(authorization: tokenizationKey)
How to use it with DropInUI ?
apiClient is always return nil.
Also I checked Briantreeios demo, but its very confusing. In some example I don't know how payment method work and on which end points used to verify details and deduct amount.
Thanks in advance.

Full disclosure, I work at Braintree. If you have any further questions, I recommend contacting Support.
You are not able to perform transactions directly from the client. Braintree is a full stack solution that requires a server integration with one of Braintree's available SDKs or by using the GraphQL API. In either case, you cannot make payments directly from the client using a tokenization key.

Related

PayPal Node SDKs: difference between paypal-rest-sdk and #paypal/checkout-server-sdk for webhooks?

I have this question regarding 2 npm PayPal packages, what is the difference between
paypal-rest-sdk and #paypal/checkout-server-sdk ? And can you implement webhooks using #paypal/checkout-server-sdk or there is no need for webhooks for this package ?
paypal-rest-sdk
checkout-server-sdk
var paypal = require('paypal-rest-sdk');
const paypal = require('#paypal/checkout-server-sdk');
All PayPal-*-SDK for every language have been deprecated for a long time and should not be used for anything. This includes the one for node that's in npm as #paypal/paypal-rest-sdk.
The Checkout-*-SDK for every language, in npm for node as #paypal/checkout-server-sdk, implements the v2/checkout/orders API (and only that API). It can still be used if desired, although I've heard it will be deprecated soon as well. Currently all developer.paypal.com documentation only references doing direct HTTPS REST API integrations, using a client id and secret to first obtain an access_token. For node in particular, there is a full stack example in the PayPal Checkout integration guide that serves as a useful starting point, although I recommend the client side onApprove function in this approval flow since that sample includes client-side error handling of the capture response (restarting or showing an error as appropriate)
As for webhooks, they are a separate matter. There is no current SDK for them. The server-side capture API response is already sufficient for normal orders API payments so you may not need webhooks for what you're doing, but if there are specific events you're interested in listening for (such as refunds or disputes that occur on PayPal.com ) you'll need to subscribe to the event(s) you want -- either in the REST app or using webhook API calls.

How to use PayPal API credentials?

I need to add PayPal button on client's website. It is first time I am doing this and I asked for credentials he gave me API signature, API username and API password. I was checking lots of tutorials how to add PayPal button, they use sandbox/live Client ID and Secret. Can I use this API credentials instead?
I searched a lot but couldn't find an answer.
I am coding in CodeIgniter 3.
Thanks
Username, Password, and Signature are related to Classic API integration.
Client ID and Secret are related to the REST API integration.
Which one do you want to work with?
Or, the easiest option is to use PayPal Standard Payment Buttons, but that will also be the most limiting.
We actually have a PayPal CodeIgniter Library that you might be interested in. It was built for the Classic API.
The general PayPal PHP SDK that it's based on is now available with Composer, so I would recommend installing it that way.
We'll be releasing an update to that library before the end of the year that adds all of the REST APIs. It's available in the dev branch on GitHub already.

PayPal for Play2 / Scala

I am looking for a decent implementation of Paypal's IPN for reuse in a play application.
I found https://github.com/liftmodules/paypal but have no idea if this can easily be reused or ported or if better implementations exist for play-framework. I havent found any other that look either stable / maintained or so simple that I can understand them myself...
Here's my technical question:
(how) Can I "use" (that) lift-modules inside play-framework ?
Consider the usage PayPal API like in this example or directly use PayPal's core sdk. You must specify next parameters (some of them are optional, for more details see PayPal's specificaion):
clientID
clientSecret
tokenCredential
accessToken
amountDetails
transaction
redirectUrl

Correct API for accepting credit cards directly on my site using PayPal?

We need to accept credit cards (from anywhere in the world) directly on our website. We'd like to use PayPal, but NOT require a PayPal account. The user should be able to simply type in the credit card, date and cvv directly on our site and go. I'm having a hard time figuring out what PayPal API I need to use for this, to integrate with our Java-based server. Turns out PayPal has an overwhelming number of APIs and documentation.
It looks like this link is what I'm looking for... sort of. But can I post this directly from JavaScript? It includes account name and password, which would be in the clear for anyone to see, so I'm thinking this must be server-side code. So the idea is to use a REST API to do this? So the client must pass the credit card information to my server, which then calls PayPal's server?
I'm a little lost, when looking at all the APIs at the Rest API page. Which ones exactly do I need to use?
There is also this link but I'm not familiar with "curl" -- looking for Java. Maybe the distinction is minor and easy to convert from one to the other?
Vern, if you look at the top of this page, you'll see Java (click Java) as one of the languages supported by the PayPal REST Payment API:
https://developer.paypal.com/webapps/developer/docs/api/
You will see related sample requests that use the Java SDK:
https://github.com/paypal/rest-api-sdk-java

Would implementing openssl prevent users from changing the button values?

Would implementing openssl prevent users from changing the button values?
I've researched into encrypting buttons, from hosted to using openssl.
Using hosted buttons would provide security at the cost of flexibility although there are variables that you can override, but still you cant override the important ones.
would using and implementing openssl on my webserver prevent users from changing a non-hosted paypal button ?
or would it just be better to fall back to a hosted button and use/validate using IPN?
My answer is non–PayPal specific (applies to any kind of HTTP form input), but the short answer is no. Even SSL cannot prevent the browser from modifying the form values that it receives.
A user could use a bookmarklet to execute a JavaScript program of her choice on your page after it has loaded, which has the ability to change form values. Because SSL only protects the transport between the browser and the server, not after the page has been processed by the browser, it makes no difference at all whether you use it.
This could be automated with Greasemonkey, which is the same idea, except makes it even easier for users to install other people’s JavaScript programs to run on your web page. As above, using SSL does not affect this at all, because it is all execute client side, which you, as the server, have no control over.
As you alluded to, using encrypted PayPal buttons would solve the problem, as any modification of the button parameters would invalidate the checksum, and PayPal would not accept the item.
The best solution would be using Express Checkout. This allows you a great deal more flexibility than standard buttons can ever offer you.
If you're thinking if doing IPN, you're probably capable enough to integrate Express Checkout. All it really is, is 1 API call, followed by a redirect to PayPal, and a minimum of 1 more API call to finalize the payment.
A typical flow would look as follows:
Call the SetExpressCheckout API. If you're new to this, it's made dead-easy with PayPal's NVP API interface. You can just send the data as a GET NVP string to https://api-3t.paypal.com/nvp and get a response back in the same format.
Take the token from the response, and redirect to https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=XXXXXXX (https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=XXXXXXX for Sandbox testing)
As soon as the buyer is returned, PayPal will append a PAYERID to your RETURNURL. If you can't find it, call the GetExpressCheckoutDetails API and supply your token to retrieve it.
With the PAYERID and TOKEN, call DoExpressCheckoutPayment to finalize the payment.
To get started with this, I'd suggest taking a looking at the PHP NVP SDK they offer at https://www.x.com/community/ppx/sdks#NVP