From here in the Payflow Developer Guide:
To create a secure token, pass all parameters that you need to process the transaction except for payment details parameters such as the credit card number, expiration date, and check number. For details on transaction parameters, see Submitting Credit Card Transactions. In addition, pass the following Payflow parameters to create the secure token.
TENDER is listed as a required parameter here, in the "Submitting Credit Card Transactions" section. When using Hosted Pages, do I really need to ask the customer how they want to pay prior to passing them to Payflow? If not, could someone point me to where this is described in the documentation? I'm not seeing it anywhere.
Thanks,
Ian
TRXTYPE is the type of transaction you are doing, not what the customer is using.
Are you doing an (A)uthorization? (S)ale? (C)redit? (V)oid? etc.
With the hosted page token request, you pass over everything for the transaction except the payment method (credit card number or PayPal account).
Related
Is it possible to add or link PayPal to an account (get from paypal user access token or something like this ) to allow payments without authorization ( without log in and confirmation like with card if we have card number and cvc ) ?
And second question, I am using paypal sandbox and I cannot refresh the token when trying to execute the query
I get this answer
{
"error": "invalid_refresh_token",
"error_description": "No consent were granted"
}
Its possible they disabled this options on sandbox ?
Regards
Credit card company rules do not permit a cvc to be stored under any circumstances, so you would never "have" this information. It can only be transmitted when a card is first processed and then must be immediately discarded. As for storing card numbers themselves, there are many rules about that (PCI SAQ-D is a place to start, if you need to research it)
To your PayPal question, to be able to bill a PayPal account without the payer signing in (though they will always have to sign in for initial agreement/set up), the receiving PayPal account must have a feature called "reference transactions". The account owner can contact PayPal's general business support (not technical support) to explain the business need and inquire about being approved for enabling this feature. Once enabled, PayPal can guide you on which API to implement -- be it the older billing agreements API or a newer v2 or v3 vault one.
Refresh tokens are used by a Log in with PayPal integration to obtain a new access token when the old one (originally obtained from an authorization_code) is expired. If you are not integrating Log in with PayPal, refresh tokens are not applicable to what you are actually trying to do, and so the request in your screenshot won't be useful to you.
Refresh tokens are not used to obtain a regular REST API access token for authentication, which uses grant_type=client_credentials . If that's what you're actually trying to do, the documentation is here. The public PayPal Postman API collection sample takes care of this step for you, in the collection-level pre-execution script.
I am making a system in which user permits pre-approval of amount. I've used pre-approval with chained payment. But the problem is that my customer gets redirected to PayPal site and also he/she must have a PayPal account or need to create one. So can i make pre-approval payment using PayPal website payment pro? So my customers will not get redirected to PayPal account. And the process becomes more fast? Note :- I don't want to use authorization and capture method. Thanks.
Edit
One more question :- If i make the website in the UK and the currency in GBP, can I still use the American Paypal account for this?
Auth and Capture is what you're asking for, but then you say you don't want it..?? That's what gives you the functionality you're after, though.
You could do a $0 auth and then run DoReferenceTransaction when you're ready to process the payment as opposed to capturing an actual auth if you want.
Those are your only options when working with Pro, though, and it would give you the same sort of preapproval experience for the buyer.
Here are the steps to accomplish what you're after.
Use DoDirectPayment to run a $0 Authorization (card verification). Users will enter their credit card details directly into a form on your site without any redirection to PayPal (and without any knowledge PayPal is being used at all unless you notify them some way.)
Save the transaction ID that you get form this card verification into your transaction history for the customer in your database. This ID is what will be used to process future payments using that credit card.
When you're ready to process a payment for this customer, pull the ID out of the database and use it with a DoReferenceTransaction request to process any amount you need to.
So the card verification is your preapproval, and then running reference transactions are the same as running Pay requests with a Preapproval key. Both methods accomplish the same thing, but one is with direct credit cards and the other is not.
If you're using PHP you can use this PayPal PHP SDK to make all of the API calls very quick and easy for you. If you're using some other language then there are SDKs available for those as well I'm sure.
Please correct me if i am wrong, #Andrew Angell #Ved Pandya
Auth and Capture or Capture payments later method allows you to do direct payment, but it comes with additional charges, which might not suitable for crowdfunding model as refund/ cancel payment is very frequent
Auth and Capture: You are required to pay $0.30 for each "Card Verification Transactions"
Capture payments later: You are required to pay $0.30 for each "Uncaptured Authorization" that you triggered
https://www.paypal.com/us/webapps/mpp/merchant-fees
For paypal express payment (the one pay via a paypal account), I am quite happy to provide a return url and handle the payment in a paypal page. (so the transaction doesn't happen in my site).
If I want to accept credit card payments, I saw some APIs that I can pass credit card number from my site to paypal. Is it possible that I can just provide a return url and go to a paypal page? On that page, my user can type in credit card number and payment details. So I won't have to worry if my site is secure with those financial data.
Many Thanks
Just add the following parameters to your SetExpressCheckout request and I think you'll get what you're wanting.
SOLUTIONTYPE=Sole
LANDINGPAGE=Billing
USERSELECTEDFUNDINGSOURCE=CreditCard
Also, make sure you have the VERSION set to 119.0.
Is it possible to store the clients credit card information on our secure website database and automatically pass the values to paypal to process without even having to show paypal website?
I would like to do this so client does not have to enter paypal credit card information each time for payment, if they do not want to setup a paypal account.
So basically just use the paypal system in the back-end. After the information is passed to paypal, it processes it, and redirects user to another page.
Update: Paypal Introducing Direct Payment
Can I just pass credit card information from my secure web database to direct payment system, and have it be processed without manually entering data?
It is never recommended to store credit card details in your database for a number of reasons. You really don't need to, either.
Instead, you can use PayPal's DoReferenceTransaction API.
The DoReferenceTransaction API operation processes a payment from a
buyer's account, which is identified by a previous transaction.
Basically, you just pass in the transaction ID of a previous sale or authorization transaction along with a new amount to be charged. PayPal will charge the card using the details they have saved in their system, so you don't have to worry about the hassle of protecting sensitive data like that.
Has anyone yet dabbled with Paypal's REST API call for Direct credit card payments ?
This resource resides here:
https://api.sandbox.paypal.com/v1/payments/payment
The typical way to process this account is:
Get access token by making an API call that includes the Client_ID and Secret.
Using the access token, I make a call to the payment API with the necessary card specific data.
In point number 2, the line 'necessary card specific data' is important. So far, I had been testing using one of my test/sandbox business accounts. That is, the credit card data that was specifically generated for this account. However, it seems like I can manipulate the name, change the expiry date (as long as it's a valid date), the CVV2 number. As long as the credit card passes a MOD 10 check, the response object shows the payment as processed (state: approved) .
My question is, is this a loophole (unlikely) or just by design that paypal allows any random card related data to verify payments. (as long as they are valid credit card numbers).
If it is the earlier, then I wonder why Paypal wants me to create a business account and generates credit card data for me, when all I really need is the REST API client id and secret that is provided when I sign up as a developer.
Disclaimer: The documentation does not state anywhere that random card related data can be used.
Correct, this is by design. We'll accept any credit card number in the Sandbox environment as long as it adheres to MOD-10. This is done specifically to allow for easier testing in the Sandbox environment.
If it is the earlier, then I wonder why Paypal wants me to create a
business account and generates credit card data for me, when all I
really need is the REST API client id and secret that is provided when
I sign up as a developer.
I'm not quite sure what you mean here though?