i need to verify if certain email is already assigned to paypal account, i know the https://www.paypal.com/us/verified/pal= is not restricted only to partnered accounts so this option won't work for me.
It might be a simple work around, just to check if the provided email is an existing paypal account
I can't see why Paypal would give out that information.
It could allow fraudsters to send email posing as Paypal to Paypal customers with intention to commit fraud, knowing for sure that they are registered users.
It would seem allowing 'user enumeration' is that way would benefit the fraudsters and would cost them nothing, because besides some query logs perhaps, their initial searches would leave no trace and inconvenience nobody.
It'd be better that if someone wants to verify an address isn't already used, he tries to sign up with it. Doing that would expose at least the IP address he's using to sign up and the data he's using to sign up posing as a bona fide customer (i.e., to all intents and purposes, impersonating one). Then if the one signing up wasn't a bona fide customer, surely after a few attempts to guess others' email addresses he'll start to leave a trail, which could allow Paypal to spot him and stop him.
There's no lawful reason to try and guess the Paypal status of email addresses that belong to perfect strangers. And if they're not strangers to you and you got good reason, you could contact them and ask them, whether they've got a Paypal account.
So what is going on here?
Related
I want to verify that whether user has entered valid Paypal id or not. If not than user can't do registration. I've also visited this [1]: How can I verify a PayPal ID? question but it doesn't help me :(
You can't find a direct answer because "valid PayPal ID" doesn't have a single fixed meaning. You will need to be more specific as to what you are trying to discover. Then there may or may not be a way to accomplish what you want, since PayPal protects some aspects of their customers' account and identity information for their protection (and for business reasons).
A bit of background that may help you clarify your question, if not necessarily answer it:
Any email (or phone number) can be configured to receive PayPal payments, in many cases even if the email was not attached to a PayPal account at the time the payment was sent. However, not all PayPal products can function in this way (e.g. you cannot make API calls as an account that has not been set up and has not generated API credentials). Are you asking about receiving money, and if so with which product(s)?
Most people can pay through PayPal if sent to a PayPal page, whether they are accountholders or not (depending upon the PayPal product being used). In addition to guest payments and/or direct credit card payments through PayPal, people can set up PayPal accounts when they arrive and immediately pay with them. So collecting email first and refusing to go forward if there is no PayPal account attached to that email would loose you potential customers. It would also "let through" many customers who could not pay, such as people who know an email address but don't own the attached PayPal account. PayPal also intentionally declines to easily answer questions about whether an email has an associated PayPal account in order to make it harder for bad actors to accumulate lists of PayPal accounts (often with associated personal information) for spear phishing campaigns. There are some APIs that allow you to get limited information about a PayPal account but there are limits associated with these APIs; see e.g. GetVerifiedStatus documentation at:
https://developer.paypal.com/docs/classic/api/adaptive-accounts/GetVerifiedStatus_API_Operation/
Note also that Verified has a particular technical meaning in PayPal, and is NOT AT ALL THE SAME as "able to pay you."
If you want to know if someone can log into their PayPal account, and then use that PayPal account to get information about the user (as well as potentially pay you), that's easy: use Login with PayPal. That's what it's for. Naturally this requires the user to login and assent to your use of their information.
If you want to know if someone can take a particular action (e.g. make a payment), at this moment, the only way to be certain is to actionally request that action. You have options short of actually requesting money; if you want to ensure the user has funds and reserve them for you to collect shortly you can request an authorization rather than a sale. If you want to make sure the user can log in, has payment mechanisms and generally looks ready to pay you (but WITHOUT reserving and guaranteeing funds) you can request an Order.
Hopefully one of these things is what you are asking for?
If you have a PayPal AccountID (a PayPal-generated ID rather than an externally-generated identifier like email or phone number) you can pass it to certain APIs (such as the GetVerifiedStatus), so many of the same options above apply.
I have been playing with the reference transactions facility on paypal and I have run into a bit of an issue.
Everything works fine right up until I try to retrieve the latest billing address from the customers account.
If I don't do this, everything works as it should and payment is taken.
Based on https://developer.paypal.com/docs/classic/express-checkout/integration-guide/ECReferenceTxns/ I have made the call to retrieve the billing address but it comes back with all the fields as null. The name is correct but the address is empty.
Any ideas on this. I can't integrate this into our site if I can't retrieve the billing address.
As with most things related to PayPal and their APIs, they simply hadn't bothered to document the fact that you have to liase with them and contact them for various parts of the system to be enabled.
Initially when using reference transactions I tried to setup a "Billing Agreement" and the API response alerted me to the fact that reference transactions needed to be enabled on sandbox and live accounts in order to function and that they had to do this themselves, not the owner of the sandbox / live account.
Brilliant, undocumented issue no1.
Once that was working, I moved onto testing the use of a "Billing Agreement" to take payment and as part of that you make a request to PayPal for the details of the agreement so as to ensure its still active and to get the customers delivery address.
I do that and everything comes back as expected apart from the delivery address...
After much head scratching I contact their technical support who informs me that again, this needs to be enabled on the sandbox / merchant account before it will return the address.
Seriously, I know that PayPals documentation is quite poor but this just takes the biscuit. So if anyone has any issues with reference transactions, just contact them and ask them to enable EVERYTHING related to it and explain what they have done.
In testing my Chained-Payments application in the paypal sandbox account, I encountered an error
The login information you entered belongs to the recipient of this transaction. Please change your login information and try again.
Now, to me, this restriction on multi-recipient payments is silly. The account I tried to test with receives a commission fee on the transaction. So yes, that accounts $.50 commission would effectively be a discount on the purchase because it would leave the account and return.
Is there any way around this? I was wondering if a user was to use two different email addresses attached to the same account, would this be possible?
User#gmail can pay to bob#company & refer#company.
refer#company cannot pay to bob#company & refer#company
Can refer-alias#company pay to bob#company & refer#company if refer-alias and refer are both attached to the same account.
I'm several days from going live so can't test this myself yet, otherwise I would, and will, if I don't get a response, but it would be extraordinarily useful to know in advance.
Update: I did move to the Live environment last week and found out that no, there's no way to send money from an account that is also one of the receivers. Different email addresses don't enable this either.
While there's no reason I can think of that a user would want to do this when they're the sole receiver, there are reasons that you'd want to make a purchase through a system even if you are of the recipients.
Obviously, there's usually code work-arounds, but it's still a nuisance. What I did was put all my email-addresses in an array, and I run a search on the array
if (ArrayFind(RecipsArray,senderEmail)) {
disperse special way, excluding the conflicting address.
} else {
disperse normal way
}
My client having single paypal merchant account. IPN Notify Url sets to one website. But we are using same account for two websites. The problem is after payment process completed, paypal redirects to IPN Notify Url. But, I want to redirect to My website. Means Paypal redirects to their respected websites without considering the IPN. Is it possible? If Yes please suggest me.
thanks in advance
I am in the middle of getting the exact same thing setup currently. PayPal calls this a "Parent/Child Account". Basically what happens is the following:
You setup 1 main account on PayPal which has your bank information stored
You setup a secondary account (with no bank account, however both are business accounts)
Call PayPal and inform them you want the secondary account linked to the main PayPal account so that they both share the same financial information (Parent/Child Accounts). They will make the change in their system so that both of the PayPal accounts look like 100% separate businesses with no information leaking from one to the other, it's as if neither of the two checkout pages know each other.
On the back-end, what happens is you get paid on the 2nd account and the money is transferred to the main account at the end of the day, which you can then transfer to your bank account.
I believe this is a U.S. only feature, however feel free to call them and ask for help in getting it setup. If they give you the run-around, telling you that this is impossible, tell them you need to speak to someone else. I was on the phone with 7, yes SEVEN, different people in one call, and I had to call back and went through 4, yes FOUR, for a total of ELEVEN people, before I finally got to the one person who set it up like I wanted it setup. It is possible. Be persistent and don't let them tell you it isn't (unless their reasoning is you not being in the US).
Good luck!
I'm writing a basic ecommerce website and the only payment mean is Paypal.
Users don't have to register however, they will be mailed their product.
As far as I know you to be registered to use Paypal, and therefore Paypal stores your personnal informations (Address, names, etc..)
So my question is do I need to ask to users to enter their personnal informations while it is available on Paypal, and I guess, hope, there is an API to retrieve them.
Thank you
You have to ask for their e-mail addresses where they want the product delivered, as it do not neccesarily matches the one they used on PayPal. You will get an invoice in e-mail form PayPal for accounting purposes that sould do.
If you need customer details, you should look into the Instant Payment Notification feature of PayPal, you basically give a URL on your site, then PayPal POST-s all the details to that script. This way you can be sure that the customer actually payed for the services.
There is an extra setep involved, to verify the details you got in your IPN script as anyone who knows its URL can post anything to your script. Also a good idea to put your it into a random directory like dsf6dfsjj345432f8dsfj5j243826d and publish no liks to it, to minimze the possibility of someone trying to play around with your script.
If I understand your question correctly, you do not need to store a client's details on your end. Paypal just requires pricing, product and an invoice reference. They manage storing and securing customer CC details (for example). You might consider storing some client details (such as email, name, address and so on.... but not CC details).
Paypal will often post back order details, which do include client details (i.e. email, contact, shipping details and so on). I, however, am not entirely sure that they supply an API where this information can queried retrospectively.... maybe someone else can help on this on.
HTH and good luck
Look into their Express Checkout approach. That is designed for "preparing" a transaction which you later on finalize from your end, after you have received the customers shipping address. What you decide to do with that is up to you.