I'm building an Elance style site for a client who wants paypal incorporated so job posters can pay the job winners.
Would each job winner need to go to Paypal, get the unique Paypal HTML which creates the "Pay with Paypal" button for them, and then input this on our platform? Or is there another way to do it?
There are a number of ways this could be done.
You could generate buttons for people using the Button Manager API.
You could also use Express Checkout along with the Permissions API so you can have a single checkout system that works with everybody involved.
You could use Adaptive Payments in a number of different ways depending on your needs.
Really going to need more details about what your overall goal is to provide a better recommendation, but yes, those would be better options than having job winners create their own buttons.
Related
I have browsed this forum and been through the PayPal documentation but I am confused. I know what I need but cannot work-out how to specify it for my coder.
We have a .Net application that runs on our internal network. We use this application to create customer quotations. These quotations are emailed to our customers. I simply want the application to be create a link that I can send to the customer such then when it is opened it takes them straight into Paypal and allows then to make a payment for the quotation. Or maybe the link is embedded into the body of the quotation that I send. Either would be fine.
I know of programs that do this (Sage Line50 does it with Sagepay rather than PayPal) but I cannot get my head around the process. Most of my research is talking about taking payments from an external website but trawling through the PayPal documentation it looks like it should be possible. But I cannot figure out whether I need Smart Buttons or PayPal Me. The key thing is that I don't want to force customers to have a PayPal account so guest access must be an option.
Smart Payment Buttons would be ideal, and offer the best payment experience to your customers. However, they require your own server on which to host some HTML/JS for them. They do not offer a link that can take the customer directly from an email to a PayPal checkout.
I recommend using Smart Payment Buttons, if you are able to host one. The flow is:
Email -> page on your server with Smart Button -> PayPal payment.
The key thing is that I dont want to force customers to have a PayPal account so guest access must be an option.
PayPal.me does not meet that requirement
If your requirement is truly a link that proceeds directly:
Email -> PayPal.com checkout for payment (no webserver of yours) ... well, there two solutions for this.
One is to use PayPal invoicing, which can be emailed directly by PayPal, or can be a link which you share yourself (via your own email). A PayPal invoice can be created manually via: https://www.paypal.com/invoice/create . Or programmatically via the invoicing API (see developer.paypal.com)
The second way, which may work fine but is a very old web 1.0 way of doing things, is to start by going to http://www.paypal.com/buttons and create a Buy Now button for an item named "Placeholder", amount "777.88". Expand the section "Step 2", and uncheck the option to Save the button at PayPal. Do not change any of the customization options, particularly ones that add menus or input fields.
Once you have generated the code, click the option above it to remove code protection, and then switch to the E-mail tab.
This will give you a plain HTML link with a description and amount that can be set dynamically by your developer when sending your own email. Additional useful variables, such as invoice (for an invoice number that is unique for what is being paid for, and can't be accidentally paid twice) are documented here.
Again, Smart Payment Buttons should be preferred if you have a web server to act as an intermediary. Here is a skeleton demo of the experience.
I'm in the process of developing a feature to accept payments in my website, and I already did it using a paypal button and IPN (a PHP listener to process data to a DB once the payment is completed, this one actually https://github.com/paypal/ipn-code-samples/blob/master/paypal_ipn.php, properly customized).
I never touched PayPal API and I wonder if I am missing something... I'm kind of new to this kind of development and I want to be sure I'm doing it right and not missing any obvious thing which might compromise the security of the payment or whatever... I already tested things in Sandbox and everything works as expected, but I am concerned about the API and I see many people using it...
So, am I missing anything?
Thanks!
What you've done is accurate and will work just fine so long as it's suiting your needs.
One potential security risk would be if you are not using a hosted button. Did you choose to "Save this button at PayPal" when you created the button? If so, you should see a hosted_button_id included in the HTML for the button. In this case it's protected.
If the button code includes individual parameters for things like item_name, amount, etc. then that code could be adjusted by people in their browser and then the button could be submitted with different pricing, for example.
You could check for this sort of thing in your IPN script and setup an automatic refund if the price doesn't match your database, but I generally try to avoid that sort of thing.
I prefer using the Express Checkout API instead. If you were comfortable getting IPN working with PHP then you should be plenty comfortable using this PayPal PHP SDK to integrate Express Checkout.
The three calls you'll need to work with are SetExpressCheckout, GetExpressCheckoutDetails, and DoExpressCheckoutPayment.
This documentation will cover the general steps and where those calls come into play, and that library will make each of those calls very simple for you.
Express Checkout will eliminate any potential adjustments users could make to code (because they won't be able get to the code at all unlike HTML) and it also has more advanced features and options that PayPal Standard does not have. Most importantly, the ability to force the "guest checkout" experience so that non-PayPal account holders can easily checkout using a credit card without any confusion.
They can do it with PayPal Standard, too, but depending on cookies set in their browser it may make the guest checkout option tough to find. Express Checkout makes it very prominent at all times, and generally results in increased checkout conversion rates.
I'm new to PayPal and overwhelmed by all the possible approaches for integrating with PayPal.
As a start I want to implement one single subscription with monthly recurring payment. When the user returns to the site after fulfilling the payment, he/she will instantly be upgraded to "premium" member (digital product only - no shipping involved).
The first alternative I've looked into is the Express Checkout API, which looks ok, but is there any simpler way to do it?
Can I for example create a standard button (JS button or the form based), but still be able to verify the payment details when the user returns, using either the REST API, IPN or something else?
Any hints on best practices are appreciated.
Yes, there are entirely too many ways to solve this problem by now.
You can probably satisfy your requirements via buttons (aka Standard), Express Checkout (aka Pro) style APIs, or RESTful APIs, but there are a few gotchas to know:
First, PayPal has several products to do recurring payments; these products have functional differences and are tied to different integration styles. So (for example) PayPal's product called "subscriptions" (tied to Website Standard aka buttons) has different (and generally less flexible) capabilities than "recurring payments" (tied to Express Checkout) which in turn differs from "billing agreements" (tied to REST APIs, although the term "billing agreements" is also used in the express checkout recurring payments product). Oh, and there's another similar product tied to the Adaptive Payments suite of APIs.
Confused yet? Sorry. But it is important to determine whether the specific product you want to use will satisfy your requirements first before you do any integration, or you might end up redoing that integration work later (and potentially have to migrate customers, if you have already opened your business) in order to get access to specific features of another product later on. E.g., the subscriptions product has very limited ability for sellers to modify the subscriptions after they are set up. If that is OK, then great, use it -- it's simple to integrate. If I can oversimplify a bit: the Standard subscriptions product is the oldest and most limited; the Pro recurring payments is more flexible and mature; the REST billing agreement product is the newest, very flexible, but not yet as widely used; it may lack a feature you need today, but is the most likely to be continually improved going forward. I would not personally recommend the Adaptive product, although it also has its benefits.
Now, to your integration question: fortunately all these PayPal products can use IPNs. Unfortunately, IPNs are not instant. They generally arrive quickly (1-2 seconds) but delays can happen and it is quite awkward to be unable to process the customer. I would use IPNs only when shipping physical goods, not for immediate access to digital goods or in other cases where customers are waiting for a page from you. Fortunately, each of the other methods has a way to instantly determine the success of a PayPal action without waiting for an IPN:
Website Standard Payments will include GET or POST variables when it posts the user back to your site that will tell you about the outcome. If you use the Payment Data Transfer feature, these variables will include signature information so that you can post them back to PayPal & PayPal will verify their validity (so that a would-be thief could not fool you by engineering a post that looks like a PayPal success redirect).
The two API-based methods are even easier: the APIs themselves return all the information you need in the API response. So wherever in your code you make the call to create the subscription/agreement, if you get back a success then do your work to make your user premium.
There is the odd case of a user successfully paying and then getting "lost", as it were, e.g. the redirect failing/browser closing before they return to your site, or your site choking while trying to turn on the user. For this reason many people advise using IPNs, which PayPal will attempt to redeliver until you verify them back to PayPal. Not a bad idea, depending.
And of course you can call search & get details type APIs to get information about your transactions & agreements at PayPal -- although again, you will need to integrate with the right API that matches the product you are integrated with (e.g. Standard-based subscriptions won't show up if you ask the REST interface for billing agreements).
Hope this helps.
I plan to create a page on my website that lets others upload games and apps they've built, then sell them via PayPal. Please forgive me if this is a simple question, I've never used PayPal for anything other than purchasing things. I need the button to dynamically change who it's sending the money to. I understand that in order to split who the money is going to, I would need to set up a business account, but if I wanted the creator to keep all of the money they charge for their virtual goods, would it be as simple as changing one of the tags within the PayPal form?
I'm experienced in PHP, SQL and Javascript, so dynamically changing any of the forms elements wouldn't be an issue, but would the payment actually finalize?
Yes, if you're working with Payments Standard it would just be a matter of updating the business parameter with the email address or PayPal merchant ID of the person you want the money to go to.
This isn't the best way to do it, though, because people can see the HTML, copy it, adjust it, and submit payments that are for less than what you set the price at.
In order to protect that sort of stuff you could generate your button code using the Button Manager API, or better yet, go with Express Checkout and the Permissions API (or manually granting permissions) so you can make API calls on behalf of 3rd party users.
My PHP class library for PayPal would make this pretty simple for you.
Suppose some online retailer uses XYZ Bank's payment gateway. Is it possible to do the job of filling in card details and proceeding through the entire process using a script? If yes, is it legal?
Update:
To make the question more clear, I'll give a scenario.
Suppose the retailer we're talking about is Amazon, and I wan to use a card/netbanking (not PayPal). I want to be able to place an order on Amazon using a script which does the job of filling my cart and making the payment. Say the cart thing has been taken care of. How do I automate the payment process now? If it's allowed that is. Card details etc will not of some user, but my own, so no security issues with that I suppose.
The payment API would usually support something like this. For example, if we look at Paypal's direct payment api, they provide secure means for you to pass credit card numbers, etc to Paypal to process the payment.
If you are thinking to do this to process recurring payments, then you are doing it the wrong way. You should never store any credit card details unless you are PCI-DSS compliant. This takes a lot of work and auditing, so it is somewhat rare for small and medium companies to do it. For recurring payments, store the credit card numbers with your payment gateway (most should provide a means to do this) and the gateway should return a token to store. Every time you want to charge the card, simply pass the token to your gateway.
Given the new information:
What you are trying to do is to automate the browser (that's the best way to do it). You could write a script that connects to Amazon, loads the page, fills in the POST variable, send it back, get results and so on, but it is not very robust. For example, if amazon changes the name of a few post variables or even the markup, then your script would fail.
The best way to do this is to use a Browser Automation framework. Selenium is prbably the most popular and most well known. It is often used to automate testing user interfaces, but it is also useful for doing something like you are suggesting. You can use Selenium IDE which is a Firefox addon to quickly reproduce and replay recorded actions. For something more advanced and highly scriptable, try Selenium WebDriver.
As for whether this is legal or not, I don't see why it shouldn't be legal if you are using your own credit cards and what not.
If you are using your own credit card details it's at your own risk so very minimal legel issues. But it's always a good idea to store & transmit(SSL) card details encrypted for some peace of mind. But if it's for wider public you will need to look into PCI guidelines and matching class requirements.