We are developing a marketplace webapp which charges customers on behalf of sellers.
After reading through PayPal's API documentation, the only solution seems to be the Permissions service.
According to the documentation. After retrieving the access token and token secrete of a seller through the RequestPermissions call, we generated X-PAYPAL-AUTHORIZATION header to initiate an express checkout payment id. However, the payment id generated is associated with our PayPal account instead of the seller's, which is not the anticipated behavior.
Adding seller's email address in the SUBJECT field as noted in PayPal Name-Value Pair API Basics does work, but as we tested it, it has nothing to do with the access token and token secrete.
The problem with the SUBJECT field is that we cannot make sure the seller's email address with us is the one PayPal have on file.
The GetBasicPersonalData permission seems to be able to get a valid email address, but that needs to be pre-approved by PayPal. In fact, I have come across many websites that does not require this permission but able to initiate payment on behalf of other users. Is there a way to just get sellers' email or PayPal Id without GetBasicPersonalData permission? We don't actually need any other personal data except email or PayPal Id.
Related
It is required to write a script in Python, with the help of which it will be possible to transfer funds from one PayPal account to another PayPal account.
input parameters:
Sender's e-mail
E-mail of the recipient
transfer amount.
For PayPal Checkout payments, the sender's email is determined by what they sign into or pay as a guest with. That payer email is not an input parameter prior to their reaching the PayPal Checkout, although one can be pre-filled by your system if already known--but cookies from previous logins might take precedence. (If you need to send money from a specific account without a payer signing into their sender account, that account's owner could request access to PayPal Payouts, which may or may not be granted depending on the business need and use case.)
For such PayPal Checkout payments to be sent to a specified recipient email, set a payee object in the purchase_units when creating the order (which happens on button click).
A server integration to create and capture the order via API with a backend is not required, but certainly recommended for a robust integration that acts on the API capture response. The Checkout-Python-SDK can be used to implement two routes on your server (one for create order, and one for capturing a given order ID. The client-side approval flow to pair with those two server routes is https://developer.paypal.com/demo/checkout/#/pattern/server.
Since Paypal officially sends people here for support, I hope StackOverflow members will not burn me at the stake.
After the product is sold, I need in the paypal confirmation email
Temporary password sent so user can login to site with their Email and that password.
We will obviously need that email/password via api to authenticate user.
You cannot modify Paypal's confirmation email, given Paypal's API restrictions. However, you can send emails via your application, to your users upon successful payment.
PayPal will send you application a response code for each transaction (payment successful/unsuccessful), which you can use to handle your behavior.
I am working on a website in which a facility pays us for membership. Their membership payment is the only money we receive. This payment is done via Paypal Website Payments Pro using the DoDirectPayment API.
These members then rent out their facility to customers by listing available blocks of time on our website. The customer would pay for this time block via credit card, also via DoDirectPayment, but this time the payment goes directly to the member's Paypal account.
I have found a lack of clear direction on what needs to be done to enable this. I know I could require all members to have a Paypal Payments Pro account ($30 per month) and store their API credentials (including passwords and signatures) in our system and those payments could be handled directly. But I am vaguely aware of the Third-Party app authorization option... I just can't find info on how it should be set up.
Is it possible to only store the member's Paypal email address and just ask them to authorize our app in their profile?
Also, I saw someone suggest the thrid-party payment recipient wouldn't even need a Pro account. If that is the case, what do I need to change about the API call (I'm using the NVP method) so that our Pro account is leveraged but payment is given to the member?
First, your members will need their own Pro account. The only way to try and get around that would be to have all of the funds come into your account and then disperse them accordingly. This is frowned upon by PayPal and will result in a suspended account.
You could indeed have users enter their API credentials into your application and store them with your customer's profile so that you can include them in API calls for that particular member. You'll want to make sure to encrypt these values if you end up doing that.
The proper way to handle it (since you're a hosted solution) would be using Permissions. You would use your own API credentials, but then pass an additional parameter to flag what account you're making that call on behalf of. This is where the Permissions come into play. Your members will need to Grant API Permission for your app to make the DoDirectPayment call on their behalf.
This can be done manually from within the PayPal account under API Access, or programatically via the Permissions API.
OK, I discovered the answer. I am sharing the detail here for others looking for this very elusive information:
My account (hosted solution) must be a Pro account.
Members who will be selling to customers on my site must also have Pro accounts. I tested the same code with a regular business account and the error said "This transaction cannot be processed due to an invalid merchant configuration."
Members do not have to give me all their API credentials.
The DoDirectPayment call is the same as if I were doing my own payment (almost). I use my own username, password, and signature. The way to send the money to another account is to include one more parameter called SUBJECT which should be the email address associated with the member's Paypal account (not their API username).
The member must grant my (third-party app) account permission. In my case I only needed the one Paypal labels "Process your customers credit or debit card payments." which should correspond to DIRECT_PAYMENT in API terminology.
Andrew's answer gave me some additional keywords to use in searches, and I appreciate the tip off to the Permission API. It did not directly answer the question, but that will be a nice feature to add to my app instead of making users go through their Paypal profile's to grant permission.
What does _xclick-merchant means in terms of PayPal? iTunes buttons use it, but if I try to substitute any other PayPal email in it'll just say that it doesn't even exist. Is there any documentation if I wanted to try to implement it myself?
_xclick-merchant means in paypal terms that which merchant id is registered with the api key provided by the paypal at the time of merchant account creation. Api key is unique for every merchant account and if you change with any other email it will not be found because paypal in his end checks for both api key and provided paypal email if matches payment screen appear other wise error which you are getting.you can get all your required information here
https://developer.paypal.com/
my ipn works perfectly its setup under our business PayPal account. our asp.net website is being used by multiple customers with their own members, unique by their login. as of now the cart writes to our database with the orders and sets a status code that gets changed to 'completed' via the ipn call/authentication from PayPal using our PayPal email. now, a couple want to use their own PayPal accounts, non-for profits, so in order for this to work as previously described what changes in the post variables?
ex of what i need: a member of our customer logs in to our website, adds items to their cart and chooses PayPal payment option. it writes to our database as an 'in-process' order. it opens our customer PayPal account to complete the payments then once complete it calls our ipn setup under our PayPal account and redirects back to the custom page.
again, everything is already working great just want to call their own PayPal account instead of ours w/o needing to have them setup the ipn settings under their account, but use the ipn setup under our PayPal account. members see their own customer PayPal account billing theme and the money is in their account not ours. is this possible?
do we send the ipn location url and our customer PayPal account info in the post variables?
thanks for any help
As far as processing the payment on their PayPal account, you can go about this 2 different ways. You can either use their API credentials and pass those over in the API call and the payment will be processed on their account. Second option would be to have them grant 3rd party API permissions to your API to be able to process transactions on their account. Then you would just pass over your API credentials in your API call and also pass over their email address of their PayPal account in the variable "SUBJECT". This will then process the payment on their account.
As for still haveing the IPN POST sent to your script, you will just need to pass over the IPN URL in the API call. When pass it over in the API call, it will override whatever is set in the account. For example, if you are using NVP the variable would be "NOTIFYURL".