I have been working paypal integration to an existing system of ours and successfully done tests on sandbox by using rest api and express checkouts.
Although documentation is detailed, I couldnt see anything about chargeback (i.e reverse transactions) and cancellations on rest api documentation page http://developer.paypal.com/docs/api/
So in case a user buys something successfully and the payment status becomes "completed", then there is a reverse transaction like chargeback, paypal will send a request to the return and cancel urls which are predefined while creating the related payment, or the client application has to check the payment statuses manually by rest calls? Or are there any other configs that I need to send while triggering the very first payment request?
You'll need to setup Instant Payment Notification (IPN) to handle that sort of thing.
IPN will automatically POST data about all transactions that hit your PayPal account to a URL you specify. This URL (a script) can receive the data and update your database, generate email notifications, or anything else you might want to automate based on the transactions.
You can handle all sorts of things with IPN. For chargebacks specifically, you would receive an IPN with the following params...
txn_type=new_case
case_type=chargeback
Of course, you'll get a bunch more parameters, too, but those would be how you can pick out the chargebacks and processing them accordingly.
Related
I have the following flow with Paypal:
I create a payment with intent "order", and I redirect the user to Paypal's website.
Once the user returns, I execute the payment.
Then, I authorize the order.
At this point, I can still look up the payment or the order and I get expected result.
Finally, I capture the order.
After I capture the order, I can't lookup the payment with /v1/payments/payment/PAY-XYZ or retrieve the order with /v1/payments/orders/O-ABC. I get a 500 Internal Service Error.
Before you tell me to send debug id to Paypal because I stumbled upon their bug: I tried, but they are not responding. I had them on the phone, sent support requests, etc. I got no reply from them, so I have to turn to community.
After capture, I can still lookup a payment by listing payment resources. Since I store paypal's create time, I send a GET request that looks like:
/v1/payments/payment?start_time=2016-06-21T09:08:56Z&end_time=2016-06-21T09:08:58Z
Sure enough, I can get the payment object back, but that looks awfully hacky to me.
The reason why I need the entire payment object is because I need a definitive information about the status of the payment. E.g. I can stumble upon a network error when I send a capture request and I won't get capture ID, so I can't check what's going on. Or I can miss a webhook event (for any reason, e.g. bug in my code), and the payment can become refunded without me knowing, so it would be ver nice to be able to fetch a payment.
I noticed the REST API documentation here https://developer.paypal.com/docs/api/payments/#payment_get says that I should use that endpoint for incomplete payments, but I don't understand why I can't check the order, or why list payment resources works, but fetching a single payment doesn't.
Retrieving the payment used to work though, so I could look up related_resources of transactions of the response (like I can do now with listing all payments by date).
My question is: what is the recommended way to get the definitive information about a payment?
Also, if someone from Paypal is reading this, here are some debug_id's so you can perhaps look into it: 3ffa3007a7561 (result of https://api.sandbox.paypal.com/v1/payments/orders/O-3PA36862ST053572T) or 85576d66784cd (response from https://api.sandbox.paypal.com/v1/payments/payment/PAY-7N237030X85089344K5UQIKI)
This happens on both sandbox and live.
Thanks,
Dejan
I'm currently trying to implement a mechanism whereby i can return a customer to a success page containing an activated PIN allowing access to a piece of software. The process is a straight forward PIN purchase without any kind of user accounts or login system involved.
I have the payment buttons and IPN script in place and working fine, but this only allows me to email the PIN after a successful payment via the IPN script, since of course the two sessions are completely separate to maintain security.
My problem with this is that i can't be sure the customer has access to the same email they used to pay with via Paypal. I had the idea of asking the user to enter which email they would like the PIN sent to prior to the Paypal redirection and then sending it as a custom value.. but then came visions of a mammoth backlog of support emails where users have entered the wrong email. I would really like to be able to redirect to a success page containing the PIN.
Thanks in advance.
I would recommend using the Express Checkout API. The payer experience is very similar to standard payment buttons, however, the user is always guaranteed to return back to your site, so you can display whatever you want on your final page.
That documentation can be a little scary, but it's really just a matter of utilizing 3 API calls.
SetExpressCheckout - This is used to setup a new transaction and will return a token that you'll append to the end of a redirect URL to PayPal. The user is sent to PayPal, they login and agree to pay, and are then sent back the ReturnURL that you specify in this request.
GetExpressCheckoutDetails - Now back on your site/application, you use this API to obtain information about the buyer like their shipping address, address status, payer status, payer ID, etc. You will need the Payer ID for the final API call.
DoExpressCheckoutPayment - This is very similar to the SetExpressCheckout request, but no transaction is completed until this call is completed. Only then does the money move.
Again, those final calls are done on your site so you can use the API response data to update your database and display details on the final page however you want to.
Keep in mind that payments could still be pending for one reason or another, so you'll want to check the status (returned in the DECP response) and display appropriate information on the final page.
IPN's will still be triggered with Express Checkout so you can adjust the IPN script to handle pending payments or anything else you may want to automate outside the checkout flow.
If you happen to be working with PHP my class library for PayPal will make these calls very quick and easy for you.
Using the PayPal permissions API can you receive notifications from payments made after a customer clicks on a payment button, proceeds to PayPal, and then pays?
I notice they have IPN, but will this work with the permissions API?
Thanks!
You can include NotifyURL in your API requests to set a URL for IPN to POST data to. It's not something that technically "works with the permissions API" but any transaction that is made would indeed trigger the IPN.
If you're building an app for 3rd parties to use, though, and you're passing NotifyURL in your API requests, that will override any IPN configuration each individual merchant using your tool might have setup on their own. This can cause frustration for such users because then their own IPN solution doesn't get hit when they take payments through your app.
If you're going to do that I recommend setting up a way for your users to enter their own IPN URL in your app settings, and then if they have a value, forward the POSTed data to their URL when PayPal sends it to yours. That way both IPN scripts will get hit and process the data accordingly.
Current Status
I'm quite new to PayPal and I'm currently integrating chained adaptive payments on our website. Already successfully called the PAY API call via the .NET SDK. Money (sandbox enviroment) will be correctly transferred to each participants of this payment (sender, primary and secondary receiver).
Requirement
My goal is to execute vital tasks after the payment is successful (update DB, send mail, ...) or has been cancelled (clean up stuff, ...).
Possible solutions
1)
First approach was to create the payment with actionType set to CREATE, redirect the user to paypal.com (wait for approval), redirect user back to website and execute the payment and then perform the vital tasks. But it seems not to work, the payment will be paid and is COMPLETED before the second redirect.
2)
Another possible solution would be to get the preapproval from the user, redirect back to the website and execute the payment. Haven't tried this solution yet, don't think that this is best practice.
3)
Call PAY with actionType set to "PAY" and wait for IPN. Haven't tried that either, because it is quite difficult to test it locally (even though I've already found this question: Paypal Sandbox Test Tool IPN Simulator in Localhost).
Question(s)
Which solution is best practice? I guess the recommended solution would be to wait for an IPN?
If I'am using IPN how long is the average response time after a payment has been completed? Seconds, minutes, hours? I know it depends on the load of the PayPal webservers and that there are 15 retries over 4 days, but what are some real world numbers?
Can I store additional information (e.g. UserId) about the sender in a payment (besides the memo field) which I then get back in an IPN?
Here is how I do it.
When I'm going to initiate PayPal payment (before I send a request to obtain TOKEN), I create new transaction in my database and set it's status to PENDING. In transaction table I also have userID column, which is foreign key to user table. This way I connect transaction with user.
When transaction is created in my table, I use transactionId value, and save it to PHP $_SESSION variable.
Please note that if you want to support recurring payments, you can provide transactionId to PayPal. This you can do by setting:
"PAYMENTREQUEST_0_INVNUM"=>$transaction->id.
This value will be sent when PayPal sends you IPN request after recurring payment happens.
Go back now to the story
User is redirected to PayPal, and when user fills PayPal username and password, and when user confirms payment details, user will be redirected back to your website and you have to call DoExpressCheckoutPayment to make payment itself.
If the result of DoExpressCheckoutPayment API call is success, that means that transaction was successful and you have money. At this point, you can send email, notifications, or any other important action.
$transactionResponse=$paypal->request("DoExpressCheckoutPayment",$requestParams);//Execute transaction
if(is_array($transactionResponse) && $transactionResponse["ACK"]=="Success")//Payment was successfull
{
//Send email
//Notify user
//Do other important changes in database, for example mark this transaction as successful
Transactions()::model()->updateByPk($_SESSION['transactionId'],array('status'=>'SUCCESS');
}
IMPORTANT NOTE FOR RECURRING PAYMENTS: PayPal can/will send you several IPN requests for the same recurring transaction which means that you have to add logic which will chekc weather specific IPN request is already processed or not. Usually I do it in a way to check weather status of my transaction with transactionId is 'PENDING' or 'SUCCESSFUL'.
As recommended by PayPal I am using a combination of the PayPal API and the IPN to create a 'Adaptive Payments' flow.
When my IPN listener receives a new notification from PayPal I have two options (after security checks):
1) Use the received data to make direct actions in my website (for example set a preapproval as approved)
or instead a more secure and clean way (I think):
2) Detect the transaction type variable (or other identifier) and request more details from PayPal accordingly.
For example if the 'transaction_type' is 'Adaptive Payment Preapproval' then I will use the received 'preapproval_key' to request the preapproval details using the PreapprovalDetails API call and then use the received data of that call to set the preapproval as approved.
Is this (option 2) the better way to go?
Thanks.
In general there is probably enough information in the IPN for you to act on, but IPNs are pretty confusing what with all the optional fields and the way that there is no payment_status or txn_id on subscribe events, and no subscription information on payment events, so marrying them up can be interesting. You may well find it easier to understand if you go ahead and get the relevant information from them for each IPN via their API as you suggest.