Paypal has recently changed integration method. Now instead of providing public/private key option paypal has selected javascript button. My question is how much secure is this? Say for example i have used following code to create button.
<script src="js_path/paypal-button.min.js?merchant=XXXXXXXXXX"
data-button="buynow"
data-name="SiteName"
data-amount="10"
data-env="sandbox"
data-callback="payment_success.php"
data-cancel_return="payment_cancel.php"
data-currency="EUR"
></script>
Now if you are familier with firefox addon of firebug then you can see all this values and easily edit them and pass them to paypal page. It will easily change amount of 10 to 1 and customer can pay 1 and leave site. This is loss to merchant.
Previusly i was using method of http://www.stellarwebsolutions.com/en/articles/paypal_button_encryption_php.php to create encrypted buttons. It was working properly and no customer had complaint any problem like i had mentioned before.
My question is that can this new system paypal has created has this facility of encryption? If not then what is solution?
Thank you
Tejas Mehta
If you are wanting to use encrypted buttons so they can't be modified, you would want to use PayPal's BMCreateButton API so that you can dynamically create buttons on the fly. You could create hosted buttons, or encrypted buttons. Both buttons would prevent someone from modifying the amounts and etc.
Related
I am trying for the first time to implement a PayPal Checkout solution (aka PayPal Commerce Platform for Business) in an ASP.NET Web Application, using Web Forms. I've set up a new REST API for the Sandbox and followed PayPal's Set up server-side SDK guidance to install the SDK in my .NET project. PayPal's button demo now lets me log into the Sandbox with a newly created Sandbox user name and make a test payment, which is confirmed as being successful. So far, so good.
My next step was to create a PayPalButton.aspx page containing exactly the same code as used on Paypal's button demo page. All my updated code was then uploaded to my live site. That's when I hit a problem, as the PayPal buttons don't work on my live site (the PayPal log in window just briefly flashes and then disappears). Being a total newbie to the Paypal Checkout process, it's highly likely that I have made some very basic error.
The only thing I can think of is that my problem might have something to do with the section in Set up server-side SDK that refers to modifying HTTP request headers? I didn't understand what that section was asking me to do.
What routes/paths did you implement the create order and capture order functions at? What data do they return? Update your question with this information. For the create order route, is the data a valid JSON object with a PayPal order ID in the id key?
Have you set the paths in your "PayPalButton.aspx" HTML/JS code to call the aforementioned routes? Your question does not include any specific information about what is going on, i.e. your button code and the result (Response body) of the fetch calls from the browser's developer tools 'Network' tab.
This morning, I managed to resolve the problem with my PayPalButton.aspx page just briefly flashing the PayPal login page. As previously mentioned, it contains a script copied from PayPal's button demo. I then realised that it was different from the sample script provided on the Integrate Checkout page.
I created a new PayPalButton2.aspx page containing this alternative script and, unlike PayPalButton.aspx, it worked fine. In both cases, I had substituted my own Sandbox ClientID.
I am adding a PayPal "Buy Now" button to a web site using code supplied by the PayPal developer site. It's possible to have options, for example garment sizes, XL,L,M,S... I see how to set up the button so the user can make a choice, but how do I access the choice so that I can take action? Is this supposed to be done in HTML, or should I write a CGI program to take my action - this is my preferred option - but either way, how can I access the option values? I am new to all this, but I can't find anything in the PayPal Developer documentation.
This can be easily done. Please look at the follow sample implementation and the source code for setting a Multi option based button.
https://www.paypal.com/us/cgi-bin/webscr?cmd=_pdn_xclick_options_help_outside
In my wordpress site, I need a paypal donation feature to work so, if, for example, they donate $5+, they are taken to one page(redirect). If they donate $7+, they are taken to another, and so on. I've tried multiple donation plugins, but all of them only have one URL you can use after a donation.
Any plugin you know of or other way this can be done would be appreciated.
You'll need to either write your own plugin or an extension of one of the ones you've already tried.
Basically, you'll set the redirect URL in your payment code (whether API or standard HTML checkout) to a page that will use PHP or whatever you're comfortable with to check the amount and then do another redirect based on that. Nobody would ever seen that page, of course. They would just see their final page based on their donation amount.
Again, though, if you can't find an existing plugin that gives you that option you can easily customize it. That's the beauty of WordPress and (properly developed) plugins!
I'm trying to work out how I can generate a unique payment token that I can redirect users to so they can pay for a digital item.
I think the Button Manager SDK is what I need. However, I can not see how I can set the receiver email? For a particular item, there is a different receiver and I want to dynamically set this.
However, it seems I just have to set my credentials as the receiver. I want to use many receivers for different items rather than one sdk config file.
What I currently use is simply a HTML Paypal button but I'd rather dynamically create a unique URL to redirect a user to stop users tampering with things.
Have you considered the Express Checkout API? -- (perhaps with SOLUTIONTYPE=Sole to allow guest checkout?)
I believe it's a better tool for this job; token redirection is a core feature of EC.
This question is based on a project done through the MvcMusicStore tutorial.
Same technologies are also implemented in my site e.g. (MVC3, Sql Server 2008 SSMS & EF Code First)
I have implemented PayPal Web Standards payment at my project. Thanks to #Arun, i have referred to his site here http://www.arunrana.net/2012/01/paypal-integration-in-mvc3-and-razor.html
Situation at MvcMusicStore:
My project is similar to the data flow of MvcMusicStore. As you can see in this link, http://www.asp.net/mvc/tutorials/mvc-music-store/mvc-music-store-part-9
In this tutorial, Jon Galloway has inserted a Payment field in the AddressAndPayment.cshtml page (but for simplicity purposes he made all products to be purchased for free by typing the keyword 'Free' - which would allow the user to checkout by clicking SubmitOrder and saving the Order in database)
Situation at My Project:
My question is about the workflow that i intend to apply.
When user adds items to shopping cart and reviews items in the Cart.
I want to:
Redirect user to PayPal to make payment upon clicking Checkout
After User make payment, return the user to AddressAndPayment.cshtml page
User then enters information and submit order
Is this work flow even right to begin with?
If yes, how do i convert these variables from my project;
Product.Title
Product.Quantity
Product.UnitPrice
to match these PayPal variables?
Item_Name
Amount
Quantity
Well i figured it out myself.
My first question, "Is this work flow even right to begin with?"
I have implemented it successfully. I cant say it is 100% right way of implementing it. It depends on your own system workflow. As for MvcMusicStudio, i cannot think of any other methods than this.
As for the second question, all i did was call a foreach loop and looped the PayPal variables. You will see it in more detail on Arun's website (link provided in the question thread above).
Thank you.