I'm adding very simple membership renewal functionality to a web site using PayPal Payments Standard buttons. We only have 300 or so members, so a simple e-comm solution like this should work fine.
I'd like to capture some sort of confirmation that I can then capture on my end so that I can insert it into the database. I've seen the IPN listener method, but it seems more complex than I really need - all I really need is to pass the confirmation code via a URL variable in the return URL, i.e. http://www.example.com/landing?transactionid=abc123. Is this possible? Also, is there a way to pass my own dynamic variable (for instance, a membership ID) into the form and have that be a part of the return string?
Thanks
An alternative is to use express checkout which is a two step process requiring pre-authorization and then charging a customer. If you are accepting echecks you will eventually need to use IPN to update the original transaction. You can pass a dynamic variable using the custom field in Paypal.
Either way one of the two methods is required to process a transaction securely - what is stopping someone from typing the URL you are suggesting?
Related
We are trying to integrate Paypal subscriptions with .Net web application done in Blazor.
We have created a button that allows the customer to enrol to a subscription defined in paypal business.
The customer can do the "payment" or "enrolment" successfully and it returns back to our web application with the specific URL that we defined.
This return URL contains just one parameter, called "token".
The problem is that we want to be syncronize paypal payments with our own control of payments implemented by us in the application, so we need to receive some other information in this URL like the transactionID or some identifier that we can use later to link with one customer.
We have configured paypal to support PDT.
When the customer finishes the enrolment to the subscription, the token returned to the URL i passed to our backend and with this, we try to get the some extra information.
We do a post to the url "https://www.sandbox.paypal.com/cgi-bin/webscr" passing as parameter the token that we received back from the transaction and our token as merchant in paypal.
Theorically, when doing this call, we should receive a response that contains "SUCCESS" and then, we should be able to extract some parameters configured in the PDT of paypal.
But, unfortunately, we always receive "FAIL"
Do you have any idea why does it happens?
Thank you very much in advance.
PDT returns are not reliable, as a payment can complete and the client return never happen for any number of reasons -- so PDT should never be used for anything important, and thus there is no reason for a well designed integration to bother attempting to verify them. Contents of a PDT is suitable for information purposes (display summary of success) to a customer only -- if you are doing anything else with PDT data, rethink your integration..
If you must continue such a very old checkout method that uses PDT as part of its process, a service such as IPN or Webhooks should be added on to receive a somewhat more reliable, direct post from PayPal with the payment information.
The best solution however, is to do neither of those things -- since adding on asynchronous notifications to an existing very old integration has its own disadvantages. Instead, discard your current integration completely as it's already about 4 generations old / 20 years old, and implement a new, current PayPal Checkout integration from scratch:
Follow the PayPal Checkout integration guide and make 2 routes (url paths) on your server, one for 'Create Order' and one for 'Capture Order'. Both of these routes should return only JSON data (no HTML or text). Inside the 2nd route, when the capture API is successful you should verify the amount was correct and store its resulting payment details in your database (particularly purchase_units[0].payments.captures[0].id, which is the PayPal transaction ID) and perform any necessary business logic (such as sending confirmation emails or reserving product) immediately before forwarding your return JSON to the frontend caller. In the event of an error forward the JSON details of it as well, since the frontend must handle such cases.
Pair those 2 routes with this frontend approval flow: https://developer.paypal.com/demo/checkout/#/pattern/server . (If you need to send any additional data from the client to the server, such as an items array or selected options, add a body parameter to the fetch with a value that is a JSON string or object)
I'm using ASP.Net Membership Provider for logging into the premium content of this web site. The content isn't downloads, it's web pages of information and discounts, etc. That part is done. We want them to also have a PayPal Subscription annual payment to see the premium content. I would like ASP Membership and PayPal Subscription to work together as much as possible, but for the minimum I am thinking they will have to create a MemberId before they pay. Then I will send that MemberId to PayPal to associate the two.
I think I can do that like this:
Set "Auto Return" on in the interface so that it will redirect to return URL when payment is made.
Set "return URL" query string to MemberId. This requires not using the precompiled "Saved" buttons. I'll have to set it in Code Behind with Name Value Pairs, "NVP" to PayPal. I was hoping to just paste the stupid button.
But then, there were those "Advanced Variables" in the Button maker. Problem was they are compiled into the Saved button, so I can't change them for each person. But maybe that one parameter could be separate from the compiled parameters? Is this better than hacking the return URL? Are "Advanced Variables" good for anything?
All the details about the transaction will be POSTed to the return URL if I put in the right code, which might be rm=2. (Right?) Then I can record it.
This process is said to be unreliable, though, and PayPal recommends using a secondary system that they have, "IPN". PayPal sends the transaction details to me. I send them back http 200 code. Then I send it back to them in the same order I got it. Then they send me http 200. Then we all know it's good. This sounds like a few hours research to me, but if you've already done it once, it sounds like copy and paste. I hate reinventing the wheel. Is there a .Net sample of this IPN handshake/dance?
Also, if I do the IPN thing, maybe I don't need Auto Return. Maybe I add MemberId to "notify" URL instead of "return" URL. Then PayPal can handle the confirmation page, email, etc. Is that better?
Assuming we get the Subscription paid for and recorded with the MemberId, at least once per user session, after they log in, I have to check if they have paid their PayPal subscription and if it's up to date. "GetRecurringPaymentsProfileDetails" does this, but it is an API operation. That makes sense, but I was hoping to avoid learning their REST API. (Is there a "NVP" version?)
REST API OAUTH tokens expire every few minutes, but the only way it tells to get one is by using "Bash" to "cURL" some Linux commands. Again, this seems like the kind of thing that would only ever have to be written once. Does this already exist as a sample code somewhere?
(I don't want to use the API to do the Subscribe, because I don't want the Credit Card numbers to ever go to our site. Too much liability. That's why I wanted PayPal.)
Will this even work? I know PayPal has 18 ways to do everything and they all exclude each other, and I'm just getting the feeling that I'm creating a patchwork of unrelated ideas to fool myself into believing there's a light at the end of the tunnel. I've already been researching and experimenting for 10 hours or so. I really thought, going in, I'd just be pasting a stupid button.
If you want to just "copy the stupid button" then you'll have to stick to Payments Standard, and then you'll be limited with what you can do. For example, you won't be able to use GetRecurringPaymentsProfileDetails for a standard subscription.
Instead, you'll need to use Express Checkout and / or Payments Pro. There is indeed an NVP API available for these, and there is also a SOAP/XML version. Details on those can be found here: https://developer.paypal.com/docs/classic/api/
Specifically, for Express Checkout, you'll want SetExpressCheckout, GetExpressCheckoutDetails, DoExpressCheckoutPayment, and CreateRecurringPaymentsProfile. Some of those calls are optional depending on how exactly you're configuring things with the checkout flow.
For Payments Pro you'll use either DoDirectPayment / CreateRecurringPaymentsProfile or PayFlow depending on what version they put you on.
In any case, IPN is definitely the way to go for post-transaction processing.
.NET IPN Sample - https://github.com/paypal/ipn-code-samples/blob/master/paypal_ipn.asp
I have just created my first PayPal button and it is working correctly within sand box. I would like to know the best way (if possible) to issue a unique activation code on my return url ensuring that the user has definitely paid before they receive the code. I could manually email the code but wondered if the was any way of automating this using some sort of return value? Possibly returning to an aspx page which then reads from my database to get the next activation key and displays it?
Thanks
Garry
As you already know that PayPal doesn't provide such facility for delivering activation instantly but it does offer the Instant Payment Notification API (PayPal IPN) which can be used to build such a platform.
Here is a great article for that purpose only. https://www.codeproject.com/Articles/383207/Selling-software-using-PayPal-IPN-as-an-eCommerceenter link description here
The best way to handle that would be to use Instant Payment Notification (IPN).
Any time a transaction happens on your site (whether it's a payment, refund, cleared pending payment, dispute, etc.) the PayPal server will POST details about that transaction to a script you have sitting on your server.
This script can receive the data and process it accordingly allowing you to automate things like updating a database, generating email notifications, hitting 3rd party web services, delivering e-goods, etc.
If you want the activation code to be visible on the return URL you can look at Payment Data Transfer (PDT), which is just like IPN except that it's made for use with the return URL. It is not recommended to use this, though, for post-transaction processing because there is no guarantee the user will make it back to the return URL, for one, and also it wouldn't handle things like e-checks correctly.
As all we know there is a custom param that allow us to retrieve custom data when an ipn notification come from paypal.
But also, I am using a couple of params in the notify_url, and those params sometimes get lost, and when paypal send to me the ipn notification, it comes without one of those params. The strange thing is that one of the param come correctly.
So, first question is: Can I use custom params in the notify_url like:
notify_url = "www.mydomain.com/paypal/ipn/?param1=one¶m2=two"
I suppose that I can do it, because it fails 1 in 20 times on my application, so I do not know if it is because it is not supported by some browsers or something like that, or maybe it is a bad habit I should quit.
And sometimes paypal send the ipn notification to:
notify_url = "www.mydomain.com/paypal/ipn/?param1=one"
Without the second param...
And if I can do it, do you have any clue about what it is happening here...
Thanks!
I always avoid sending data to IPN as URL parameters. There are various reasons it may not come through, which means there's no guarantee it'll work correctly every single time.
Instead, use the CUSTOM parameter like you said. If you need to pass more than a single value you can send it as an NVP string just like you would on your URL. Then just parse those values back out of the CUSTOM value within your IPN script.
Alternatively, you could save all of the data you're going to need in your database and then send the record ID in the CUSTOM parameter over to PayPal. Or you could use the INVNUM parameter if that makes sense for you.
Then in your IPN script you pull that data back out of the database based on that record ID. This way you're always sure you'll have it available and won't have to worry about losing URL params along the way.
I'm trying to work out how I can generate a unique payment token that I can redirect users to so they can pay for a digital item.
I think the Button Manager SDK is what I need. However, I can not see how I can set the receiver email? For a particular item, there is a different receiver and I want to dynamically set this.
However, it seems I just have to set my credentials as the receiver. I want to use many receivers for different items rather than one sdk config file.
What I currently use is simply a HTML Paypal button but I'd rather dynamically create a unique URL to redirect a user to stop users tampering with things.
Have you considered the Express Checkout API? -- (perhaps with SOLUTIONTYPE=Sole to allow guest checkout?)
I believe it's a better tool for this job; token redirection is a core feature of EC.