I am first time working with paypal.
After going through all the documentation I have found the following way(API Calls) to create a recurring subscription.
SetExpressCheckout->GetExpressCheckoutDetails->DoExpressCheckoutPayment->CreateRecurringPaymentsProfile.
I have worked in sandbox environment and I did the following thing.
SetExpressCheckout-> Redirected to Url with token
https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=xxxx
logged in using my sandbox paypal account.
click on agree and continue.
Took token from the above and Passed to CreateRecurringPaymentsProfile API.
The above process which I followed is working correctly and I am able to see the deduction of amount in one account and addition of amount in another account (amount is specified in API call).
So what If I did not called GetExpressCheckoutDetails and DoExpressCheckoutPayment.
Specially DoExpressCheckoutPayment(What if did not used).
That would be just fine, as you've seen by testing.
DoExpressCheckoutPayment is not required if you're using CreateRecurringPaymentsProfile to setup a profile. The CRPP call does not require the PayerID, which is what you would typically need to call GetExpressCheckoutDetails for, so if you don't need any other information from GECD then what you're doing will be just fine.
I typically like to call GECD anyway because then I can save more details about the customer and the order.
Related
I have setup PayPal Sandbox test accounts, a Personal (buyer) and a Business (merchant).
I'd like to test a PayPal 'DoCapture' API Operation. The problem I'm encountering is that I need an AuthorizationID and don't know how to obtain it. If i run the 'DoExpressCheckoutPayment' API call, I do not get an AuthorizationID returned, using the merchant API credentials, though I do get an 'ACK' of success. Do I need to be using the buyer credentials with the 'DoExpressCheckOutPayment' call? I don't see the API credentials in the PayPal Sandbox profile for the Personal account.
Express Checkout example with authorization and capturing you can find here.
Short answer - according with DoCapture documentation
AuthorizationID ... This is the transaction ID returned from DoExpressCheckoutPayment...
According with DoExpressCheckout documentation you need field from response, attention, PaymentInfo#TransactionId
... this value is your AuthorizationID for use with the Authorization & Capture APIs.
This is what you need to do to implement the capture API.
Create Payment: set intent as authorize in its request to get payment Id
Show Payment Details: to get approval_url. The customer will use this URL to pay for the order.
Execute approved PayPal payment: Use this API after customer successfully pays for the order. This API returns authorization-id along with capture link.
Use Capture API: use the URL obtained from step 3 to capture.
Use this link and check payments API.
https://developer.paypal.com/docs/api/payments/#payment_execute
Hope this helps to someone who stumbles upon here.
While playing in sandbox and setting up recurring payments via SetExpressCheckout (as suggested in docs) I can successfully create BillingAgreement and recieve a token. Now after user follows a link like https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=[token goes here] , agrees to all terms and conditions etc., he is automatically redirected to returnUrl provided in SetExpressCheckout method, and additionally this token value is appended to the returnUrl.
So far so good. Now the question is - can I rely on the fact that returnUrl will be called at all times? F. e., what happens when for some reason user's browser refuses or fails to be redirected to the specified url?
As far as I can understand from PayPal documentation, you cannot use IPN to notify you of new subscriptions, initiated by user, though clearly IPNs would be an ideal option. I have tried to provide notifyUrl when I compose SetExpressCheckout request, but it is not being hit. Same IPN works fine for "pay" method which I use for one-time purchases.
I think you're missing a step in there. The recurring payments profile doesn't get created while the buyer is on the PayPal website -- you have to wait for the buyer to come back to your return URL, then call CreateRecurringPaymentsProfile to actually create the recurring payment. If you never call CreateRecurringPaymentsProfile, then no recurring payment gets created -- which is probably why you're not getting any IPNs.
I would like to check if a paypal user who tries to buy something from my site has a verified account before he makes purchase.
Once the user isn't verified, any payment he/she makes would fail. Funds will be returned back to user automatically.
Is there any code I can add or edit to make this work due to fraud issues.
Well I found this
https://www.paypal.com/us/verified/pal=emailhere
where if i replace emailhere with any email i get verified or unverified.
I would like to add this to the code.
Thanks
If you're not already, I would recommend using the Express Checkout API. This will allow you to check the payer status prior to finalizing the payment.
The SetExpressCheckout API would generate your token that you use to redirect the user to PayPal with. They would then sign in, review the order, and click continue which would send them back to your site.
At that point, you can call GetExpressCheckoutDetails to obtain all the buyer details including their verified status.
To finalize the whole thing you would call DoExpressCheckoutPayment. In cases where the payer is not verified, though, you could simply stop the flow and leave this call out. No payment will have taken place so no refund would be necessary. You can simply display a message that they need to verify their account prior to making purchases from you.
If you happen to be working with PHP I would recommend taking a look at my class library for PayPal. It makes all of this very simple for you.
I was trying to use the express checkout php api. Everything is working well in the sandbox environment. My question is regarding security.
After payment the sample code redirects to GetExpressCheckout.php?token=...$PayerID=.....; But after clicking "confirm payment" in my site and logging in to paypal account (did not confirm payment in paypal); I directly opened the same page in another tab, and it showed payment successful (which is not the case). Is there a way to prevent this or am I missing some thing.
I'm not following exactly what you're trying to say here.
The process needs to be...
1) Call SetExpressCheckout to retrieve your token and redirect to PayPal accordingly.
2) PayPal will return the user back to your ReturnURL if they confirm payment, at which point you can call GetExpressCheckoutDetails (optionally) and DoExpressCheckoutPayment to finalize the payment.
Not until DECP is completed does any transaction actually take place. The success message you're seeing probably came from GetExpressCheckoutDetails, which does nothing more than retrieve the buyer/order info so that you can finalize the payment on your site.
I want to make payment process in 2 step , in first step paypal should collect fund from user account but not transfer to the merchant account .
when i send another request with sucess action at that type paypal should transfer fund to merchant account or if i pass fail action then paypal should refund to user.
is there any way to do this ?
i reefer following URL but cant find solution .
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_WPECIntegration#id0861K0T0WY4
Express Checkout is what you want, but there's better documentation available.
Basically, what you're after is Authorization and Capture. When you create your Express Checkout API requests you'll set the PAYMENTACTION to Authorization. Then, when you're ready to process the payment you call DoCapture and pass in the transaction ID you get back from Express Checkout.
No money is processed until the DoCapture call is processed. If you don't end up needing to process it you can simply do nothing, but that would strand the authorization on the user's account for the default period of time depending on their bank. Usually 30 days.
It's a better practice to call DoVoid at that point, which would cancel the authorization and release those funds back to the user's account immediately.
If you want to do the same thing with credit cards directly you can use Payments Pro. The process is almost identical, except there are actually fewer calls involved.
If you're using PHP I would recommend taking a look at my PHP class library for PayPal. It'll make all of this very simple for you, and I can provide 30 min of free training to help you get going if you want, too.