Currently my flow is
User clicks PayPal Button
User gets redirected to PayPal approval URL
User gets redirected back to my website with a Token
I make a call to my server with the returned Token to execute the payment.
Now if user tries to refresh the page, token is passed again to my backend and subscription is processed again with same token.
Is there anyway to avoid this? Is the flow correct?
Related
I have a PayPal REST API implementation that has new users first log in via a "Log In via PayPal" button, and then immediately redirects to a Reference Transactions approval page. This works, but having it be 2 discrete steps results in an unusual user experience.
The login button goes to this page: https://www.paypal.com/connect?flowEntry=static&client_id... and the user logs in and grants permission to access their profile data via the Identity userinfo API; then redirected back to our site, we pull user info, see there isn't an existing payment token, and immediately redirect to a Reference Transaction approval page: https://www.paypal.com/agreements/approve?ba_token=BA-...
I'm approved for reference transactions but not to receive most of the payer fields (and I was told only large companies get approved for it), but we have approvals for those fields with the Identity userinfo API. I screen for things like requiring a verified Paypal account, so the info is needed.
Is it possible to make this into a single redirect that grants permission for account userinfo and approves the billing agreement in the same step? Like another permission I could ask for on the login page that would let me approve the billing agreement with a server-sided request?
I have a PayPal subscription set up on a Wordpress site. After the payment, the user is redirected back to domain.com/?token=ABCDABCDABCD
Can I use the token parameter in the URL to get the order/transaction info from the PayPal API? The documentation doesn't seem to help.
The only token that I can find in the docs is the authentication token, so I'm not sure what this one is supposed to be. I was under the impression that the return URL should have the subscription ID, but that looks like I-ABCDEFGH and it's not there even though the subscription is created successfully on PayPal.
I'm in the process of integrating PayPal into my mobile application, using PayPal's Mobile SDK v2.0.
Is it possible to have the end-user approve an immediate payment and pre-approve possible future payments together?
Here's the flow I am thinking about:
User logs in.
User wishes to make a payment using PayPal and checks a box for the application to not ask the user to re-enter PayPal credentials for future purchases.
User is taken to the PayPal native view and enters credentials.
User confirms the payment (and pre-approval of future payments) on the same view.
User comes back some time in the future and attempts to pay using PayPal again.
The application does not show the user the PayPal native view any-more.
Sure this is possible. Basically the idea with future payments is to have your app securely store a token and refresh token once a user has given their consent. So if a user has given consent in the past, when they come to the payment screen you would already have the tokens stored and not need them to log in. When they click pay you would simply use the refresh token to get a new token on your back end server and use the new token to pay without any user interaction.
If you don't have previously stored tokens for the user who wants to pay, you would then show them the PayPal view to log in and give consent, get the authorization code and then use that to get the token and refresh token. You then use the token you just got to pay immediately and store the two tokens for later use.
How can i detect that Express Checkout token has expired, if a user simple closes the paypal page, also he is not redirected back to my return(cancel) page.
Are ther sending some sort of IPN message ?
No IPN message is sent if the user does not complete che purchase.
Why check if the token is expired? Paypal already does it.
If you want to check if the transaction occurs rely on the IPN messages and/or on the result of the doExpressCheckout.
I'm using the express checkout API through the ActiveMerchant gem in a Ruby on Rails app. The whole authorize and capture flow works just fine when is done within 3 hours. But after that my token expires and I lose the transaction. Even if the authorize and capture documentation says that the authorization is valid for 3 days (at least according to https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/howto_admin_authcapture).
So, how can I capture the transaction after the token has expired?
You shouldn't have to be passing your token. You should be following the flow below.
Make your SetExpressCheckout API call and set payment action to authorization (A)
Get token back
Redirect buyer over to PayPal with to token to login and agree to payment
Buyer gets redirected back to your site with token and payer id returned
You can then execute your GetExpressCheckoutDetails API call using the token.(this step is optional)
Then you perform the DoExpressCheckoutPayment API where you pass over the token and set the payment action to authorization (A)
Then then completes the Express Checkout authorization.
Now you would go back a day or two later and perform your DoCapture API where you send over the transaction id that was returned from your DoExpressCheckoutPayment API earlier. You don't send over the token again here. Once you complete the DoCapture, the funds should then show in your account.