I'm using the examples in the paypal-php-sdk and setting up payments. It works fine and I'm getting the redirect URL and I'm able to make the payment.
In the example the PaymentId is stored in the session, and later in the executePayment.php retrieved. In the comments it says to store this, off course in a database.
But how can I link this PaymentId to the return values givin by the paypal api?
When the payment is approved I'm sent back to my webstore with this parameters:
ExecutePayment.php?success=true&token=EC-xxxxxx&PayerID=AXxxxxx
How can I link the token-payerID to my PaymentID? So I don't have to store it in a Session? For instance is it possible to get the ec-token during the build of the payment?
It turns out to be very simple!
In the return url parameter you just give the url an query string. Pretty simple:
$returnUrl = 'executePayment.php?orderId=234'
Paypal then automagically adds the token and payer-id to the return URL.
Related
For my users to be able to send money to each other on my website I figured the following flow:
User is authenticated with paypal connect
"Clicks on a pay button" calling my api
In the api
Create an order calling /v2/checkout/orders
what returns HATEOAS links, order id. And, I need the user to follow the authorize order
link from the HATEOAS links to authorize the order.
User follows the link.
I capture the order calling /v2/checkout/orders/{id}/capture
And, here is a question: how do I know when users follow the authorize order link to call the capture api? If that is not possible, is there a way to authorize orders calling the paypal api directly without making users following some links?
First of all, what you are actually talking about is user "approval", not authorizing.
The best approval flow to use is this one: https://developer.paypal.com/demo/checkout/#/pattern/server
This way, they don't follow a link and are not redirected away from your site. Your site stays loaded, but is just greyed out while they are presented with an in-context approval flow, and return to your site's JS, which will do a fetch call to your server, which can then do the capture.
An alternative legacy flow is to provide a return_url in your initial create call, where the payer will be redirected back to after approval. This is not recommended, the above solution (that uses no redirects at all) is much more modern and preferred.
As the title says, I would like to check if the user has deleted his consent on Future Payments in his PayPal profile. I am currently only testing in the Sandbox environment with the iOS mSDK and the Java REST API SDK.
I expected that creating new accessTokens using the refreshToken would throw an error, but it is still possible. Then I tried to query Userinformation, but this is also possible.
If I create a new Payment, then I get an error (REQUIRED_SCOPE_MISSING). But isn't there a way to check that without creating a transaction each time?
you can always call updateBillingAgreement API to check whether it is active or not.
Paypal also has IPN setup to adhere this kind of notifications.https://www.paypal.com/cgi-bin/webscr?cmd=p/acc/ipn-info-outside
I found no good solution for this problem without using IPN (not tested yet). I am now using a workaround as described here: https://github.com/paypal/PayPal-iOS-SDK/issues/189.
Conclusion: An accessToken generated with the refreshToken has the value "900" in the field "expires_in" if the user consent still exists. Otherwise, it is "28800".
Does anyone have a better solution?
We're using Paypal's REST API and we'd like to pre-fill the customer's data (email, name, address) on the approval's page.
There is a payer_info object that can passed to Paypal when the payment is created. But it does not allow specifying customer's details - email field is not supported and others are read-only. Also I don't see any mentions in the API docs on how to achieve this with the REST API. Do you know if it's possible and how? If it's not supported, is it known when it's gonna be supported?
Thanks in advance.
Even when using PayPal REST API you can follow these instructions https://www.paypal.com/cgi-bin/webscr?cmd=_pdn_xclick_prepopulate_outside and append the params as GET params on the end of the aproval_url before redirect the customer.
For example:
https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-77D44712W7736393M&first_name=Geovanny&last_name=Junio
I am integrating payflow link in a website.
I have a complex return URL to which the payflow link has to redirect after the user has a successful payment. the url is of kind
www.example.com/index.php?controller=main&data=no&detail=on
the problem is that when payflow redirects the user it replaces & with & amp; and the url becomes some thing like this
www.example.com/index.php?controller=main&data=no&detail=on
which crashes the framework because it arranges $_REQUEST parameters as follows
$_REQUEST['amp;data'] = no AND $_REQUEST['amp;detail'] = on
what should be done to avoid this?
This will only happen if you are trying to set RETURNURL programatically. If you set this value inside of the manager account's hosted checkout pages settings it will not.
This is because the variables you pass to the payflow server are going to get urlencoded. To get around this include a length on your variable:
RETURNURL[66]=http://www.example.com/index.php?controller=main&data=no&detail=on
I have an application that uses Express Checkout to process payments.
I need some way to cancel a transaction after calling SetExpressCheckout (and having the user fill out his details on paypal's page) and before i actually complete it with DoExpressCheckoutPayment.
I can't find the right way to do it in paypal documentation, do i just let it time out or do i need to do some API call?
You just let it time out. If you haven't called DoExpressCheckoutPayment yet, no action has yet taken place.
The token automatically expires after three hours.
Technically you could just empty the token REQUEST, and unset the reshash SESSION and let it expire without risk (assuming you are using the same named variables the api samples came with. What language are you using? I can further provide examples.
In PHP I would simply do:
// empty token
$_REQUEST['token'] = NULL;
//unset reshash session
$_SESSION['reshash'] = NULL;
unset($_SESSION['reshash']);
Now you would ideally want to redirect the user to a cancellation page, something like
header( 'Location: http://www.example.com/transactionCancelled.html' )
Otherwise depending if the user is in the 'ReviewOrder' phase, they will just automatically get redirected back to paypal to start a new transaction.