I'm currently trying to implement a mechanism whereby i can return a customer to a success page containing an activated PIN allowing access to a piece of software. The process is a straight forward PIN purchase without any kind of user accounts or login system involved.
I have the payment buttons and IPN script in place and working fine, but this only allows me to email the PIN after a successful payment via the IPN script, since of course the two sessions are completely separate to maintain security.
My problem with this is that i can't be sure the customer has access to the same email they used to pay with via Paypal. I had the idea of asking the user to enter which email they would like the PIN sent to prior to the Paypal redirection and then sending it as a custom value.. but then came visions of a mammoth backlog of support emails where users have entered the wrong email. I would really like to be able to redirect to a success page containing the PIN.
Thanks in advance.
I would recommend using the Express Checkout API. The payer experience is very similar to standard payment buttons, however, the user is always guaranteed to return back to your site, so you can display whatever you want on your final page.
That documentation can be a little scary, but it's really just a matter of utilizing 3 API calls.
SetExpressCheckout - This is used to setup a new transaction and will return a token that you'll append to the end of a redirect URL to PayPal. The user is sent to PayPal, they login and agree to pay, and are then sent back the ReturnURL that you specify in this request.
GetExpressCheckoutDetails - Now back on your site/application, you use this API to obtain information about the buyer like their shipping address, address status, payer status, payer ID, etc. You will need the Payer ID for the final API call.
DoExpressCheckoutPayment - This is very similar to the SetExpressCheckout request, but no transaction is completed until this call is completed. Only then does the money move.
Again, those final calls are done on your site so you can use the API response data to update your database and display details on the final page however you want to.
Keep in mind that payments could still be pending for one reason or another, so you'll want to check the status (returned in the DECP response) and display appropriate information on the final page.
IPN's will still be triggered with Express Checkout so you can adjust the IPN script to handle pending payments or anything else you may want to automate outside the checkout flow.
If you happen to be working with PHP my class library for PayPal will make these calls very quick and easy for you.
Related
I'm trying to implement the new PayPal Orders API, here is what I did:
Create a developer account, add an app name and then I have Client Id and Secret.
Use OrderCreateRequest to create an Order
Get approvel_url from the resposne->result->links
Redirect to this approvel_url and finish the payment
Paypal will redirect back to my website.
But I never got any thing from the PayPal testing account,Please, what did I miss?
Edit:
On No.4, when redirects to the PayPal page, somehow it only shows 'Continue' button on the page, not the 'make payment' button.
You are missing:
Display an order review page to the payer.
Capture the order with an API call, which (if successful) will return the transaction ID in the purchase_units[0].payments.captures[0] object.
On success, display a thank you/confirmation page.
Without the final capture API call, there is no PayPal transaction.
You are also still using an old integration method based on redirects, which is for old websites. Current PayPal Checkout integrations use no redirects. At all.
Instead of redirecting, make two routes on your server, one for 'Create Order' and one for 'Capture Order', documented here. These routes should return only JSON data (no HTML or text). When a capture response is successful, store its resulting payment details in your database (particularly purchase_units[0].payments.captures[0].id, the PayPal transaction ID) and perform any necessary business logic (such as sending confirmation emails or reserving product) right before sending your return JSON.
Pair those two routes with the following approval flow: https://developer.paypal.com/demo/checkout/#/pattern/server
I have a form where a team signs up their players and then are transported to paypal to make a registration payment then I receive an IPN when everything is complete. I am doing a similar form and found that Paypal has changed a lot since I created that form.
Is there still a simple way to transfer to paypal, user pays, send back to success page?
It seems like now I have to send the user to paypal using SetExpressCheckout then Getting Payer Details Using GetExpressCheckoutDetails and then DoExpressCheckoutPayment. Am I making it too complicated? It seems I'll be bouncing a registrant around to a bunch of unnecessary pages just to get a payment for a single item. What is the simplest way to do this and still get an ipn to insert into my db? Thanks!
Well EC is the preferred option because its easier for the merchant, but you can use PayPal Standard as well. PayPal standard can be implemented simply as a button. Its pretty simple, but it does not use API calls; its just simply form data posted to PayPal, then PayPal sends you the confirmation of payment in the form of an IPN. the customer is not "forced" back to your site either.
https://www.x.com/developers/paypal/products/paypal-payments-standard
I would like to check if a paypal user who tries to buy something from my site has a verified account before he makes purchase.
Once the user isn't verified, any payment he/she makes would fail. Funds will be returned back to user automatically.
Is there any code I can add or edit to make this work due to fraud issues.
Well I found this
https://www.paypal.com/us/verified/pal=emailhere
where if i replace emailhere with any email i get verified or unverified.
I would like to add this to the code.
Thanks
If you're not already, I would recommend using the Express Checkout API. This will allow you to check the payer status prior to finalizing the payment.
The SetExpressCheckout API would generate your token that you use to redirect the user to PayPal with. They would then sign in, review the order, and click continue which would send them back to your site.
At that point, you can call GetExpressCheckoutDetails to obtain all the buyer details including their verified status.
To finalize the whole thing you would call DoExpressCheckoutPayment. In cases where the payer is not verified, though, you could simply stop the flow and leave this call out. No payment will have taken place so no refund would be necessary. You can simply display a message that they need to verify their account prior to making purchases from you.
If you happen to be working with PHP I would recommend taking a look at my class library for PayPal. It makes all of this very simple for you.
I'm implementing a simple Buy Now button and I'm using IPN (not PDT) to verify the transaction.
A thing that bugs me is that I don't understand how come only after I set the notify_url field to the button I also get the transaction variables to the success URL, as GET params. It would seem normal to be the other way around.
Since the user could or could not choose to "return to the merchant's website" there's not way I should rely on that data. It does however seem to be identical to the one sent to the notify URL.
Some clarification would help. Thanks!
I know what you mean, after the user has finished paying and chooses to return to the sellers website (button in paypal page) they are redirected to your thankyou page.
I don't think it used to do this back in 2009 but now paypal will issue the redirect with all sorts of parameters in the url query string.
I'm just ignoring this information and relying on the backend IPN post which is verifiable by paypal
In my previous experience with IPN, I defined the location of the notify URL in the control panel. Once the payment is processed, PayPal sends a POST notification to this URL independent of any user behavior.
In any case, even if you define the notify_url parameter in the button, I believe PayPal will still send the payment notification seperate from the user behavior - they spawn a new process to send the data. As to why they are using a GET rather than a POST, that is odd behavior. However, in your IPN script you should still have logic that verifies the call with PayPal before you continue processing.
I've got a web application with a form where users can sign up for a seminar. The process is currently as follows:
Register for seminar
Registration success page with Paypal Buy-Now button to make payment
Paypal payment
Registration completion page
At present, emails are sent to the admin and the user at step 2 after registering confirming their registration. This needs to be changed so that the emails are actually sent in step 4, after payment has been made.
The application is built in ASP.NET, and all of the code to send emails, etc is all done. I'm curious as to what is the best way to trigger a process on the main website using the users details after they have completed the Paypal payment process.
From what I can see, there are the following options:
Store the data in the session. When the user returns to the registration completion page, retrieve the information and send the emails. My concern with this is that I've worked on a project in the past implementing this and it never worked very well, with the session getting lost.
Store the data in the database. Have the Paypal redirect include the transaction details in the querystring to the return page, which can retrieve the registration details using the email address and send the emails. However, this may not work if the email address used on Paypal is different from the one used to register (which is quite likely in this scenario).
Post all the details to Paypal, so that they are included in the transaction. Downsides: Won't send confirmation email to the user, only the admin (and assuming that the Paypal email address is the same as the email to which payment notifications should be sent). Also not sure if this can be used with hosted buttons.
I'm sure this is a common problem, and any advice would be appreciated. Thanks.
Use paypal instant payment notification
When the order is placed on your site, put it into a db table, with whatever you need to record. I then have an OrderId (from the db table) that I pass to paypal as an 'invoice' field, this gets passed back via ipn with a payment status etc.