I have a website with two payment processors:
The other processor have an API call to invalidate a token, so if the user still didn't submit his payment info and I revoked his pending payment token -> he'll get an error.
There's a scenario where a (crazy) user can pay using both payment gateways:
1. The user starts a request to paypal
2. The user starts a request to other processor
3. He completes the payment with other processor
4. He then completes the payment with paypal
As I can see it, only revoking the paypal token can solve this condition.
If so - does anyone know how to do it programmatically?
Note: Any situation where two transactions are completed successfully is unacceptable (so refund/cancel and similar is not a solution)
I'm assuming you're using the (popular) express checkout API, and that the situation you're describing is AFTER you've issued a SetExpressCheckout but BEFORE you issued the DoExpressCheckoutPayment.
In that case, as you already redirected the shopper to the PayPal site, it's out of your hands and there's no API to revoke the token. However, there's a simple solution to your case. Even if the shopper approved the transaction at PayPal, you can still ignore the redirect and NOT issue a DoExpressCheckoutPayment request. In this case, the captured funds from his account (which you never got), will be returned to him 3 hours after the initial SetExpressCheckout was issues.
Don't forget to issue a proper notification to the user.
Related
I am building a paypal subscription system but i have some difficulties to understand some points. When using sandbox i can't simulate a payment denial process so when the payment is made, paypal redirect me to my "approval url callback" and a billing agreement is created.
So i want to know , in a real situation, will paypal redirect me to the approval url and create this billing agreement even if the payment didn't occur yet ? or this one can be created if and only if the payment is accepted ? (So if paypal denied the payment the billing agreement will never be created)
In my case, my customers will need to access to some paid features of my website so, should i wait for the "ipn webhook notification (PAYMENT.SALE.COMPLETED)" which can take several minutes to be fired to my endpoint, or can i grant access immediately after the billing agreement is created ?
Which is the most secure thing to do ?
thanks.
If the user cancels the checkout, Paypal will redirect to your cancel URL.
But the failed payment cases are not clear to me either. I believe that the agreement will be created even if the payment fails, since it needs to exist for the payment attempt to be done, but I don't work at Paypal :).
My approach is to activate the subscription on a successful redirect no matter what, [edit: the execute response returns an agreement_details.next_billing_date in the past, so you can't use that] with a short initial subscription expiration (4h). When our webhook receives a PAYMENT.SALE.COMPLETED message, we fetch the agreement billing agreement details, and update the subscription expiration to the new agreement_details.next_billing_date. But if the webhook receives a PAYMENT.SALE.DENIED, we just let the subscription expire.
HTH.
I'am having troubles about how to handle the paypal recurrent payment system.
I followed every instruction in the website, but once i create the profile, paypal puts it in pending, making me doubt about the reliability of the service itself.
I tried to look over the internet but i didn't really get how this should work...
i made the first call with SetExpressCheckout in order to create the request, when the token is returned, i send the token to the paypal page, the user confirms the payment, then i call the CreateRecurringPaymentsProfile method to confirm the operation (passing PAYERID and TOKEN and setting the AMT value for the first payment and the PROFILESTARTDATE as now +1 month for the future payments)
Now when i try to read the response from the last call (or if i go to the buyer/seller paypal account) i see that the payment is in pending and i have to wait an undefined amount of time before this payment is activated.
Now the real question is: can i trust the fact that even if the payment is in pending, i'll receive the payment and so i can set set the user as member or i have to check and wait until the status is 'active' with the GetRecurringPaymentsProfileDetails method?
PS: i'm doing this in the sandbox version, maybe the official version is a bit faster and more reliable?
Thank you!
In Sandbox as in Live when you call CreateRecurringPaymentsProfile you will also get the response in which it will give you the status of the profile (ActiveProfile or PendingProfile). When the status is in Penidng it means that the system is in process of creating the recurring payment profile. You can then check your IPN messages for an update. It is normal but obviously if you notice that all the profiles you create get into Pending and never activate then there could be a bug but should not be the case. In here is the PayPal technical guide for this API: https://developer.paypal.com/docs/classic/api/merchant/CreateRecurringPaymentsProfile_API_Operation_NVP/
When using the classic PayPal API, what happens to an express checkout transaction in which DoExpressCheckoutPayment does not get called?
For example, if a user is sent to the PayPal site via a successful call to SetExpressCheckout, signs in and completes the sale on the PayPal and is sent back to my site via the ReturnURL field. At that point, what happens if the DoExpressCheckoutPaymet method is not called? Is there still a transaction waiting to be processed?
The token would still be available for a little while yes, but the transaction is never complete until DECP is called. You could circle back around and use the same token, though, or you could go through SetExpressCheckout again to obtain a new token.
Again, though, there is no actual transaction until DECP is completed successfully (unless you're working with recurring payments, in which case you may skip to CreateRecurringPaymentsProfile).
While playing in sandbox and setting up recurring payments via SetExpressCheckout (as suggested in docs) I can successfully create BillingAgreement and recieve a token. Now after user follows a link like https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=[token goes here] , agrees to all terms and conditions etc., he is automatically redirected to returnUrl provided in SetExpressCheckout method, and additionally this token value is appended to the returnUrl.
So far so good. Now the question is - can I rely on the fact that returnUrl will be called at all times? F. e., what happens when for some reason user's browser refuses or fails to be redirected to the specified url?
As far as I can understand from PayPal documentation, you cannot use IPN to notify you of new subscriptions, initiated by user, though clearly IPNs would be an ideal option. I have tried to provide notifyUrl when I compose SetExpressCheckout request, but it is not being hit. Same IPN works fine for "pay" method which I use for one-time purchases.
I think you're missing a step in there. The recurring payments profile doesn't get created while the buyer is on the PayPal website -- you have to wait for the buyer to come back to your return URL, then call CreateRecurringPaymentsProfile to actually create the recurring payment. If you never call CreateRecurringPaymentsProfile, then no recurring payment gets created -- which is probably why you're not getting any IPNs.
I am using PayPal Adaptive payments (chained payments).
If I set:
1. CREATE payment
2. In the SetPaymentOptions -> Requires shipping address selection = true
3. When I redirect user for the https://www.sandbox.paypal.com/webscr&cmd=_ap-payment&paykey=[PA KEY] user after authentication is not shown any prompt for shipping address
why?
Accordingly to the
https://www.x.com/developers/paypal/documentation-tools/api/pay-api-operation
when using CREATE I should do: CREATE – Use this option to set up the payment instructions with SetPaymentOptions and then execute the payment at a later time with the ExecutePayment.
But as soon as I try to run ExecutePayment I get the following information:
This payment request must be authorized by the sender
How can I set additional payment options then?
The ExecutePayment call would only be used if you're utilizing delayed chained payments. Otherwise, the payment still happens as soon as the buyer logs in and approves it, so there is no need for ExecutePayment. Calling it at that point results in the error you're getting, that the paykey was already used.
Did the sender actually authorize the payment?
The flow should be like:
Call Pay API operation with actionType as CREATE
If paymentExecStatus=CREATED and ack=SUCCESS, obtain payKey (here, keep detailLevel=ReturnAll in RequestEnvelope field of your Pay API request)
Redirect user to Paypal https://www.sandbox.paypal.com/webscr?cmd=_ap-payment&paykey=YOUR_PAYKEY_ABOVE
If user approves payment, you will be redirected to your returnURL sent as a part of Pay API request
Verify approval status using PaymentDetails API operation
Later you can execute the payment thus setup in step 4 using ExecutePayment API operation. Send the same payKey you obtained in step 2.
You have got error code 550001 since the user approval seems to be not yet done successfully. It may be due to:
The application did not redirect user/sender to Paypal for authorization
OR
The user did not enter correct login details
OR
There were not sufficient funds available
etc.