While playing in sandbox and setting up recurring payments via SetExpressCheckout (as suggested in docs) I can successfully create BillingAgreement and recieve a token. Now after user follows a link like https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=[token goes here] , agrees to all terms and conditions etc., he is automatically redirected to returnUrl provided in SetExpressCheckout method, and additionally this token value is appended to the returnUrl.
So far so good. Now the question is - can I rely on the fact that returnUrl will be called at all times? F. e., what happens when for some reason user's browser refuses or fails to be redirected to the specified url?
As far as I can understand from PayPal documentation, you cannot use IPN to notify you of new subscriptions, initiated by user, though clearly IPNs would be an ideal option. I have tried to provide notifyUrl when I compose SetExpressCheckout request, but it is not being hit. Same IPN works fine for "pay" method which I use for one-time purchases.
I think you're missing a step in there. The recurring payments profile doesn't get created while the buyer is on the PayPal website -- you have to wait for the buyer to come back to your return URL, then call CreateRecurringPaymentsProfile to actually create the recurring payment. If you never call CreateRecurringPaymentsProfile, then no recurring payment gets created -- which is probably why you're not getting any IPNs.
Related
I'am having troubles about how to handle the paypal recurrent payment system.
I followed every instruction in the website, but once i create the profile, paypal puts it in pending, making me doubt about the reliability of the service itself.
I tried to look over the internet but i didn't really get how this should work...
i made the first call with SetExpressCheckout in order to create the request, when the token is returned, i send the token to the paypal page, the user confirms the payment, then i call the CreateRecurringPaymentsProfile method to confirm the operation (passing PAYERID and TOKEN and setting the AMT value for the first payment and the PROFILESTARTDATE as now +1 month for the future payments)
Now when i try to read the response from the last call (or if i go to the buyer/seller paypal account) i see that the payment is in pending and i have to wait an undefined amount of time before this payment is activated.
Now the real question is: can i trust the fact that even if the payment is in pending, i'll receive the payment and so i can set set the user as member or i have to check and wait until the status is 'active' with the GetRecurringPaymentsProfileDetails method?
PS: i'm doing this in the sandbox version, maybe the official version is a bit faster and more reliable?
Thank you!
In Sandbox as in Live when you call CreateRecurringPaymentsProfile you will also get the response in which it will give you the status of the profile (ActiveProfile or PendingProfile). When the status is in Penidng it means that the system is in process of creating the recurring payment profile. You can then check your IPN messages for an update. It is normal but obviously if you notice that all the profiles you create get into Pending and never activate then there could be a bug but should not be the case. In here is the PayPal technical guide for this API: https://developer.paypal.com/docs/classic/api/merchant/CreateRecurringPaymentsProfile_API_Operation_NVP/
When using the classic PayPal API, what happens to an express checkout transaction in which DoExpressCheckoutPayment does not get called?
For example, if a user is sent to the PayPal site via a successful call to SetExpressCheckout, signs in and completes the sale on the PayPal and is sent back to my site via the ReturnURL field. At that point, what happens if the DoExpressCheckoutPaymet method is not called? Is there still a transaction waiting to be processed?
The token would still be available for a little while yes, but the transaction is never complete until DECP is called. You could circle back around and use the same token, though, or you could go through SetExpressCheckout again to obtain a new token.
Again, though, there is no actual transaction until DECP is completed successfully (unless you're working with recurring payments, in which case you may skip to CreateRecurringPaymentsProfile).
Is there any way I can be notified that someone has approved a payment through SetExpressCheckout, if they don't get redirected back to my website?
ie. After they approve the payment I would receive a callback or payment notification.
If so, how would I do it?
Thanks.
Users will always be redirected to your site when using Express Checkout. They have to because the payment isn't final until you call DoExpressCheckoutPayment which can't occur until after they've been redirected back to your site. Maybe I don't understand what you're asking here..??
In any case, take a look at IPN (Instant Payment Notification). It will POST transaction data to a listener script you have on your server so you can automate post-order processing in real-time. Again, though, no IPN would be triggered form SetExpressCheckout alone because no payment has actually been made at that point.
I was trying to use the express checkout php api. Everything is working well in the sandbox environment. My question is regarding security.
After payment the sample code redirects to GetExpressCheckout.php?token=...$PayerID=.....; But after clicking "confirm payment" in my site and logging in to paypal account (did not confirm payment in paypal); I directly opened the same page in another tab, and it showed payment successful (which is not the case). Is there a way to prevent this or am I missing some thing.
I'm not following exactly what you're trying to say here.
The process needs to be...
1) Call SetExpressCheckout to retrieve your token and redirect to PayPal accordingly.
2) PayPal will return the user back to your ReturnURL if they confirm payment, at which point you can call GetExpressCheckoutDetails (optionally) and DoExpressCheckoutPayment to finalize the payment.
Not until DECP is completed does any transaction actually take place. The success message you're seeing probably came from GetExpressCheckoutDetails, which does nothing more than retrieve the buyer/order info so that you can finalize the payment on your site.
I am using PayPal with NVP API (using PHP) for express checkout. I am creating an invoice record in the database before redirecting the user to Paypal. In case the user doesn't return to my site after processing, I am using IPN to confirm the purchase and then update the invoice record that the payment is confirmed. I am still in the sandbox mode and trying to figure out how I will tie the transaction started with NVP to the confirmation I get with IPN.
I need to verify if the "PAYMENTREQUEST_n_INVNUM" sent in the NVP will come back as "invoice" in the IPN post.
It appears I cannot actually test this until I am live since the Sandbox IPN does not seem to be active with NVP initiated sandbox transactions - is this correct?
Thanks for your help.
You can test this in Sandbox. But if you're using "PayPal NVP", I assume you're using PayPal Express Checkout and calling the SetExpressCheckout and DoExpressCheckoutPayment API's.
If that's the case, you don't really need IPN, because a transaction will only be completed as soon as you call DoExpressCheckoutPayment.
In other words, buyers will always be redirected to the RETURNURL you specified in SetExpressCheckout, and the transaction is completed (or not) when you call DoExpressCheckoutPayment on this return page.
To get the invoice number, you could call GetExpressCheckoutDetails and supply the TOKEN you retrieved earlier (it's also appended to the GET of the RETURNURL).
Finally, check PAYMENTSTATUS=Completed in the DoExpressCheckoutPayment API response to see whether the transaction has completed or not.
Thank you Robert for the clarity on the process - especially useraction=commit.
I finally realized that I could turn on IPN in the Sandbox for my test seller and test NVP with IPN together. I was able to verify that PAYMENTREQUEST_0_INVNUM matches the 'INVOICE' parameter in the IPN POST.
I will use the custom field to pass customer email from my system in case they use a different email to log into paypal with, therefore allowing me to have email/invoice number pair for confirmation.