I'm trying to work out how I can generate a unique payment token that I can redirect users to so they can pay for a digital item.
I think the Button Manager SDK is what I need. However, I can not see how I can set the receiver email? For a particular item, there is a different receiver and I want to dynamically set this.
However, it seems I just have to set my credentials as the receiver. I want to use many receivers for different items rather than one sdk config file.
What I currently use is simply a HTML Paypal button but I'd rather dynamically create a unique URL to redirect a user to stop users tampering with things.
Have you considered the Express Checkout API? -- (perhaps with SOLUTIONTYPE=Sole to allow guest checkout?)
I believe it's a better tool for this job; token redirection is a core feature of EC.
Related
I'm working on integrating PayPal Subscriptions into my web app. I create the subscriptions server-side, but it's trivial for anyone to create a subscription, since all PayPal requires is the public Client ID. This is intended to allow (mostly) server less transactions, but in my case it just feels like leaving part of my app exposed.
Is there any way to disable this?
Continue to use the clientId+secret that you have on the server side (or, create a new pair and deactivate your current pair, if you are paranoid)
Then, create a separate permissionless REST app for use from your buttons. Make sure it corresponds to the same sandbox account if testing in sandbox, and give it the name "no permissions" for clarity. In the app features section, uncheck everything.
This new clientid will not be able to create orders or subscriptions, but can be used to present the buttons and approve ones that were created server-side.
I am trying to build a simple web form that would ideally sit on a WordPress page to allow the subscribers on our platform to change or update their subscriptions, without having to ask our support team (currently they can only cancel, but we want to offer them the option to upgrade).
We use Recurly to manage our billing, and their support team said:
'You would essentially want to build a form that will input values into the Subscription Update API request, that would then be sent to Recurly to make the changes on your customer account.'
They also shared the following document: https://dev.recurly.com/docs/update-subscription
I have limited experience of working with APIs and am also aware that because this form deals with sensitive information (the user ID of a subscriber in this case), I don't want to inadvertently jeopardise the accounts of the subscribers that choose to do this.
Any help would be much appreciated. I have tried searching for a solution but am unsure how to word my request effectively.
It sounds like using the Recurly Hosted UI might be your best bet. Instead of having to build a a web form you can just redirect your customer to the Recurly Hosted UI on a button click. You can retrieve and redirect the url using the Recurly API on your Wordpress site using some simple PHP and then that allows the customer to view invoices, change their plan (if you allow), and change CC information.
Does SendGrid support double opt-in to Lists as a feature or is that something we will have to implement for ourselves?
https://sendgrid.api-docs.io/v3.0/contacts-api-recipients/add-recipients
It doesn't appear to me to be anywhere in the docs, but I thought I'd ask in case I missed it.
Not as of the current date; I asked their support staff and received the following answer:
Double opt-in needs to be implemented by you in the form/page you're subscribing your recipients. The confirmation email can be sent through SendGrid.
For Marketing Campaigns we have the SendGrid’s WordPress Subscription Widget that makes it easy for people visiting your WordPress site to subscribe to your marketing emails;
or Building a SendGrid Subscription Widget.
I got this answer from their support. It turns out we have to implement it by ourselves.
The double opt-in functionality is not something SendGrid provides as
we expect our customers to handle any opt-in practices on their side.
We apologize for any inconvenience.
SendGrid will be GDPR compliant by May, 25, 2018. Please note that
SendGrid does not – and does not currently have plans to – use servers
or data centers in the European Union to process email. Thus, SendGrid
cannot restrict data to the EU. However, neither current EU law nor
the GDPR require this. Instead, what is required is that SendGrid must
provide "appropriate safeguards" for data that it hosts and processes
on its US servers (see Art 46 of the GDPR here). SendGrid offers a
Data Processing Addendum (DPA) to provide such adequate safeguards,
which includes provisions for when GDPR goes into effect.
More info on GDPR can be found here. Our DPA can be reviewed and
signed by filling out the information here.
They do not support it. I asked support many times, which is a strange as it would seem a company of that size could spare the dev resources to build a feature that literally all of their customers need.
However, https://sgwidget.com is a third party product that provides double opt in functionality for Sendgrid accounts.
Full Disclosure: I am a developer at SG Widget.
No, indeed still today, they do not. Not in their forms, nor in their API is there simple, flip-switchable support for double opt-in. But, with email automation fairly recently implemented in their marketing services ("free" and "advanced" plans, not "essential") you can send an automated email directly upon sign-up.
My solution is to have 2 lists for new contacts, where one is a "pre-confirmation" list and the other being the "real" list. Here´s a way to use automation:
Create initial signup form, either via their sparse Web forms or via your own, using HTML/JS/PHP and API endpoint:
Create 2 separate lists, one for "pre-confirmation" emails and the other for people who confirm their addresses.
Make the form sign up new contacts to the first list, "pre-confirmation".
Create a marketing automation flow that triggers upon new signups to the "pre-confirmation" list. Make the automation trigger an email that contains a button or a link with the following link structure:
https://yoursite.com?email=user#email.com&passphrase=[phrase-you-set-manually]
where ?email= is your user´s email, substitute this in the email template/design by {{ Sender_Email }}
where &passphrase= is a phrase long enough to not be guessed. Since you only have one single email design here, and you can only enter one single phrase, unless you make a script or a hash, you make it difficult enough for people to think it was generated by a server :).
On your server/application, yoursite.com, use $_POST['email'] and $_POST['passphrase'], or whatever you name them, to validate the email clicks from your list and then enter all validated emails to the correct list using the PUT
/marketing/contacts endpoint.
you may also have to delete the user from the previous list, using DELETE
/marketing/lists/{id}/contacts, but I do think that the PUT /marketing/contacts takes care of placing the contact in only the lists specified in the list_ids field.
once the contact has been entered into the correct list, you can also have a marketing automation set up for that list, which sends him/her a welcome message.
This method takes care of double opt-in for SendGrid without using one single email credit from the Email API (transactional plan). The only catch is that we utilize one initial and one second/final list to achieve it.
Note: the initial sign-up message that here acts as the "confirm your email" message, will be tied to the first list and will require a marketing unsubscribe link in the footer. Make it clear in the bottom of the email that it is a temporary list, to not get any spam complaints. But it will not be an issue, as we wont be sending to anyone in that list except for this initial time. Unless you have a user who enters his/her email twice, after some time of inactivity when they forgot they already signed up. That could happen. But it´s a separate issue.
I think this is possible by switching the flow of a typical email subscriber. When the user clicks your subscribe button, instead of calling the sendgrid members/contact PUT api to add to your list, send an email with a link to a URL of yours that will then trigger the members/contact PUT api call.
Not sure what stack you are using but I was able to build something like this with next.js utilizing their api routes
I'm adding very simple membership renewal functionality to a web site using PayPal Payments Standard buttons. We only have 300 or so members, so a simple e-comm solution like this should work fine.
I'd like to capture some sort of confirmation that I can then capture on my end so that I can insert it into the database. I've seen the IPN listener method, but it seems more complex than I really need - all I really need is to pass the confirmation code via a URL variable in the return URL, i.e. http://www.example.com/landing?transactionid=abc123. Is this possible? Also, is there a way to pass my own dynamic variable (for instance, a membership ID) into the form and have that be a part of the return string?
Thanks
An alternative is to use express checkout which is a two step process requiring pre-authorization and then charging a customer. If you are accepting echecks you will eventually need to use IPN to update the original transaction. You can pass a dynamic variable using the custom field in Paypal.
Either way one of the two methods is required to process a transaction securely - what is stopping someone from typing the URL you are suggesting?
I have just created my first PayPal button and it is working correctly within sand box. I would like to know the best way (if possible) to issue a unique activation code on my return url ensuring that the user has definitely paid before they receive the code. I could manually email the code but wondered if the was any way of automating this using some sort of return value? Possibly returning to an aspx page which then reads from my database to get the next activation key and displays it?
Thanks
Garry
As you already know that PayPal doesn't provide such facility for delivering activation instantly but it does offer the Instant Payment Notification API (PayPal IPN) which can be used to build such a platform.
Here is a great article for that purpose only. https://www.codeproject.com/Articles/383207/Selling-software-using-PayPal-IPN-as-an-eCommerceenter link description here
The best way to handle that would be to use Instant Payment Notification (IPN).
Any time a transaction happens on your site (whether it's a payment, refund, cleared pending payment, dispute, etc.) the PayPal server will POST details about that transaction to a script you have sitting on your server.
This script can receive the data and process it accordingly allowing you to automate things like updating a database, generating email notifications, hitting 3rd party web services, delivering e-goods, etc.
If you want the activation code to be visible on the return URL you can look at Payment Data Transfer (PDT), which is just like IPN except that it's made for use with the return URL. It is not recommended to use this, though, for post-transaction processing because there is no guarantee the user will make it back to the return URL, for one, and also it wouldn't handle things like e-checks correctly.