We need to accept credit cards (from anywhere in the world) directly on our website. We'd like to use PayPal, but NOT require a PayPal account. The user should be able to simply type in the credit card, date and cvv directly on our site and go. I'm having a hard time figuring out what PayPal API I need to use for this, to integrate with our Java-based server. Turns out PayPal has an overwhelming number of APIs and documentation.
It looks like this link is what I'm looking for... sort of. But can I post this directly from JavaScript? It includes account name and password, which would be in the clear for anyone to see, so I'm thinking this must be server-side code. So the idea is to use a REST API to do this? So the client must pass the credit card information to my server, which then calls PayPal's server?
I'm a little lost, when looking at all the APIs at the Rest API page. Which ones exactly do I need to use?
There is also this link but I'm not familiar with "curl" -- looking for Java. Maybe the distinction is minor and easy to convert from one to the other?
Vern, if you look at the top of this page, you'll see Java (click Java) as one of the languages supported by the PayPal REST Payment API:
https://developer.paypal.com/webapps/developer/docs/api/
You will see related sample requests that use the Java SDK:
https://github.com/paypal/rest-api-sdk-java
Related
I am using Braintree payment in my app. It works perfectly fine using nonce method using server, this method.
But now our requirements changed and we are not allow to use any sever to verify nonce.
In Braintree we can use tokenization key authorizes clients to tokenize payment information. But there is not any descriptive information about it, this method. Only one line of code is provided in doc and there is no other resources I found useful for tokenization key method.
let apiClient = BTAPIClient(authorization: tokenizationKey)
How to use it with DropInUI ?
apiClient is always return nil.
Also I checked Briantreeios demo, but its very confusing. In some example I don't know how payment method work and on which end points used to verify details and deduct amount.
Thanks in advance.
Full disclosure, I work at Braintree. If you have any further questions, I recommend contacting Support.
You are not able to perform transactions directly from the client. Braintree is a full stack solution that requires a server integration with one of Braintree's available SDKs or by using the GraphQL API. In either case, you cannot make payments directly from the client using a tokenization key.
I need to add PayPal button on client's website. It is first time I am doing this and I asked for credentials he gave me API signature, API username and API password. I was checking lots of tutorials how to add PayPal button, they use sandbox/live Client ID and Secret. Can I use this API credentials instead?
I searched a lot but couldn't find an answer.
I am coding in CodeIgniter 3.
Thanks
Username, Password, and Signature are related to Classic API integration.
Client ID and Secret are related to the REST API integration.
Which one do you want to work with?
Or, the easiest option is to use PayPal Standard Payment Buttons, but that will also be the most limiting.
We actually have a PayPal CodeIgniter Library that you might be interested in. It was built for the Classic API.
The general PayPal PHP SDK that it's based on is now available with Composer, so I would recommend installing it that way.
We'll be releasing an update to that library before the end of the year that adds all of the REST APIs. It's available in the dev branch on GitHub already.
Today I have been trying to implement the rest API into my application to look up transaction information from a transaction ID (GET /v1/payments/sale/)
I have implemented everything correctly on my end and set the mode to "live" and I can't seem to get details from a transaction.
Here is the full error code:
{"name":"REQUIRED_SCOPE_MISSING","message":"Access token does not have required scope","information_link":"https://developer.paypal.com/webapps/developer/docs/api/#REQUIRED_SCOPE_MISSING"}
And here is documentation on what I am trying to do: https://developer.paypal.com/docs/api/#look-up-a-sale
Any help would be appreciated.
Thanks.
There are few things you could do to make sure your configurations are set right.
If the mode is set to live, are you using the live credentials instead of sandbox. You can select the sandbox app and copy the live credentials from there. See bottom part of this image.
Make sure Payments are enabled on live. PayPal has a dashboard page, where you could see all the services that you have enabled to work with Live environment. This prevents accidents on unknowingly using an API on live. You can check the status here
Is the sale that you are looking for created by the same clientId that you are using for making a GET call ? Only the app who creates the sale, can view the sale.
In the mean time, PayPal has created SDKs for many languages to support REST APIs. They are actively developed, and maintained, and could help you mitigate issues in handling tokens, credentials, etc, and allows you to quickly use APIs faster and in a way that could be upgraded easily. Also, few SDKs come packaged with Sample codes, and wiki documentations. Few are still under development, but you can feel free to contribute back to these open source SDKs.
When I had this issue, the problem was that I was making REST requests using the Identity API token. Basically, I was logging users into my website with Paypal then using that token for REST requests when another token from the REST API service should have been used. "
Here is the support ticket from Paypal SDK deveoper Randy who helped answer my question even though I do not use the SDK. Thanks Randy:
https://github.com/paypal/PayPal-PHP-SDK/issues/785#issuecomment-282749095
I'm trying to integrate PayPal Payflow Advanced into my site, and I'm so confused... I've enabled secure tokens in the management interface, but I'm not clear on whether that's generated from their side or mine?
I've never done this before and really, the developer guides and sdks and even the forum posts feel extremely elusive... I'm just not sure about the process...
It seems as though I can embed an iframe and then they handle the rest, but one of the parameters is SECURETOKEN and SECURETOKENID. I don't know where I get those values from? I don't see it anywhere in any of the paypal settings for my account, so I think it might be something I need to generate? But, if it is, then I don't know exactly what kind of token I should send? Just any old random string?
Sorry... But, I'm really unclear on this, despite having googled and gone through the paypal documentation... Plus, I think my PMDD is acting up, so I'm hoping to get a solution before I take this computer and huff it out the window...
This is an old post now, but the answer is that you have to perform a token request using server-side code. There is an PHP example of a secure token request in this post:
https://go.developer.ebay.com/developers/community/blogs/ppintegrationsnate/new-payflow-gateway-tutorial
This was for a PayFlow Pro integration. Also see chapter 2 of https://www.paypalobjects.com/webstatic/en_US/developer/docs/pdf/payflowgateway_guide.pdf for the syntax of the request. You may need to look into the specifics of what is required in the token request for your product.
If you haven't already, try looking here under the section “PayPal Payments Advanced and PayPal Payments Pro (Payflow Pro/Link)”
https://www.x.com/developers/community/blogs/ppintegrationsnate/nates-blog-home-page
and
https://www.x.com/developers/community/blogs/pp_integrations_preston/testing-paypal-payflow-gateway
Thanks
Would implementing openssl prevent users from changing the button values?
I've researched into encrypting buttons, from hosted to using openssl.
Using hosted buttons would provide security at the cost of flexibility although there are variables that you can override, but still you cant override the important ones.
would using and implementing openssl on my webserver prevent users from changing a non-hosted paypal button ?
or would it just be better to fall back to a hosted button and use/validate using IPN?
My answer is non–PayPal specific (applies to any kind of HTTP form input), but the short answer is no. Even SSL cannot prevent the browser from modifying the form values that it receives.
A user could use a bookmarklet to execute a JavaScript program of her choice on your page after it has loaded, which has the ability to change form values. Because SSL only protects the transport between the browser and the server, not after the page has been processed by the browser, it makes no difference at all whether you use it.
This could be automated with Greasemonkey, which is the same idea, except makes it even easier for users to install other people’s JavaScript programs to run on your web page. As above, using SSL does not affect this at all, because it is all execute client side, which you, as the server, have no control over.
As you alluded to, using encrypted PayPal buttons would solve the problem, as any modification of the button parameters would invalidate the checksum, and PayPal would not accept the item.
The best solution would be using Express Checkout. This allows you a great deal more flexibility than standard buttons can ever offer you.
If you're thinking if doing IPN, you're probably capable enough to integrate Express Checkout. All it really is, is 1 API call, followed by a redirect to PayPal, and a minimum of 1 more API call to finalize the payment.
A typical flow would look as follows:
Call the SetExpressCheckout API. If you're new to this, it's made dead-easy with PayPal's NVP API interface. You can just send the data as a GET NVP string to https://api-3t.paypal.com/nvp and get a response back in the same format.
Take the token from the response, and redirect to https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=XXXXXXX (https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=XXXXXXX for Sandbox testing)
As soon as the buyer is returned, PayPal will append a PAYERID to your RETURNURL. If you can't find it, call the GetExpressCheckoutDetails API and supply your token to retrieve it.
With the PAYERID and TOKEN, call DoExpressCheckoutPayment to finalize the payment.
To get started with this, I'd suggest taking a looking at the PHP NVP SDK they offer at https://www.x.com/community/ppx/sdks#NVP