I developed a small payment process that uses the Express Checkout API. I'm testing the code with my friend's account with $1. My payment process is redirecting to the live paypal site, he enters his information and pays, he is redirected to my confirmation thank you page, but I never receive funds. I've checked my API credentials in the code, and they are OK. I'm receiving a token and paypal payerid info on my confirmation screen. What could be the problem?
Thank you in advance.
See my answer in Why is DoExpressCheckoutPayment required for Paypal?
In order to use Express Checkout, you must call at least the following API calls:
1. SetExpressCheckout -- to set up the transaction.
2. DoExpressCheckoutPayment -- to finalize the transaction.
If you don't call DoExpressCheckoutPayment on the 'Thank you' page, the transaction is not completed. This is by design to allow for greater flexibility
Express Checkout is intended as a drop-in solution in your own checkout process. After Express Checkout redirects you back to your site, you're supposed to show an order confirmation where the buyer can review his/her final order details before initiating a button / link which initiates the final DoExpressCheckoutPayment API call. This is why DoExpressCheckoutPayment is required.
Related
Is there any way I can be notified that someone has approved a payment through SetExpressCheckout, if they don't get redirected back to my website?
ie. After they approve the payment I would receive a callback or payment notification.
If so, how would I do it?
Thanks.
Users will always be redirected to your site when using Express Checkout. They have to because the payment isn't final until you call DoExpressCheckoutPayment which can't occur until after they've been redirected back to your site. Maybe I don't understand what you're asking here..??
In any case, take a look at IPN (Instant Payment Notification). It will POST transaction data to a listener script you have on your server so you can automate post-order processing in real-time. Again, though, no IPN would be triggered form SetExpressCheckout alone because no payment has actually been made at that point.
I was trying to use the express checkout php api. Everything is working well in the sandbox environment. My question is regarding security.
After payment the sample code redirects to GetExpressCheckout.php?token=...$PayerID=.....; But after clicking "confirm payment" in my site and logging in to paypal account (did not confirm payment in paypal); I directly opened the same page in another tab, and it showed payment successful (which is not the case). Is there a way to prevent this or am I missing some thing.
I'm not following exactly what you're trying to say here.
The process needs to be...
1) Call SetExpressCheckout to retrieve your token and redirect to PayPal accordingly.
2) PayPal will return the user back to your ReturnURL if they confirm payment, at which point you can call GetExpressCheckoutDetails (optionally) and DoExpressCheckoutPayment to finalize the payment.
Not until DECP is completed does any transaction actually take place. The success message you're seeing probably came from GetExpressCheckoutDetails, which does nothing more than retrieve the buyer/order info so that you can finalize the payment on your site.
I am using PayPal with NVP API (using PHP) for express checkout. I am creating an invoice record in the database before redirecting the user to Paypal. In case the user doesn't return to my site after processing, I am using IPN to confirm the purchase and then update the invoice record that the payment is confirmed. I am still in the sandbox mode and trying to figure out how I will tie the transaction started with NVP to the confirmation I get with IPN.
I need to verify if the "PAYMENTREQUEST_n_INVNUM" sent in the NVP will come back as "invoice" in the IPN post.
It appears I cannot actually test this until I am live since the Sandbox IPN does not seem to be active with NVP initiated sandbox transactions - is this correct?
Thanks for your help.
You can test this in Sandbox. But if you're using "PayPal NVP", I assume you're using PayPal Express Checkout and calling the SetExpressCheckout and DoExpressCheckoutPayment API's.
If that's the case, you don't really need IPN, because a transaction will only be completed as soon as you call DoExpressCheckoutPayment.
In other words, buyers will always be redirected to the RETURNURL you specified in SetExpressCheckout, and the transaction is completed (or not) when you call DoExpressCheckoutPayment on this return page.
To get the invoice number, you could call GetExpressCheckoutDetails and supply the TOKEN you retrieved earlier (it's also appended to the GET of the RETURNURL).
Finally, check PAYMENTSTATUS=Completed in the DoExpressCheckoutPayment API response to see whether the transaction has completed or not.
Thank you Robert for the clarity on the process - especially useraction=commit.
I finally realized that I could turn on IPN in the Sandbox for my test seller and test NVP with IPN together. I was able to verify that PAYMENTREQUEST_0_INVNUM matches the 'INVOICE' parameter in the IPN POST.
I will use the custom field to pass customer email from my system in case they use a different email to log into paypal with, therefore allowing me to have email/invoice number pair for confirmation.
I've had a difficult time working with PayPal express checkout... Basically I'm looking to protect a PAGE, not a download or anything. The user pays and they can access that page one time. And have to pay each time they want to access the page.
Does anyone have a simple PHP solution to protect my page until the person pays through PayPal? Or even a pre-written example of the PayPal code for Digital Goods for Express Checkout?
Thanks in advance.
PayPal doesn't have much to do with this -- it's all about the logic you place on your 'return page' (the page the buyer returns to after they have completed payment).
For a simple Express Checkout integration you would:
1. Call the SetExpressCheckout API
2. Supply the AMT, RETURNURL and CANCELURL
3. Retrieve the token as returned in the SetExpressCheckout response.
4. Redirect the buyer to https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-xxxtoken-herexxx&useraction=commit
5. When the buyer agrees to the payment and is returned back to your RETURNURL, call the GetExpressCheckoutDetails API and supply the token to retrieve the PayerID (alternatively; the token is also appended in the GET array for your RETURNURL)
6. Call DoExpressCheckoutPayment to finalize the payment.
7. Now that the payment is complete, do whatever logic you have to to ensure the transaction is completed and provide the buyer access to the content you wish him/her to see (could be the RETURNURL page itself, or a completely different page).
Sample (NVP) API calls would look similar to the following:
SetExpressCheckout Request
METHOD=SetExpressCheckout&USER=yourAPIuser&PWD=yourAPIpwd&SIGNATURE=yourAPIsig&VERSION=78.0&AMT=0.01&RETURNURL=http://www.your-return-url.com/&CANCELURL=http://www.cancelurl.com/
SetExpressCheckout Response
......
Ack=Success
TOKEN=EC-12345678
.......
GetExpressCheckoutDetails Request
METHOD=SetExpressCheckout&USER=yourAPIuser&PWD=yourAPIpwd&SIGNATURE=yourAPIsig&VERSION=78.0&TOKEN=EC-12345678
GetExpressCheckoutDetails Response
.....
Ack=Success
PAYERID=ABCDEFGH
......
DoExpressCheckoutPayment Request
METHOD=SetExpressCheckout&USER=yourAPIuser&PWD=yourAPIpwd&SIGNATURE=yourAPIsig&VERSION=78.0&AMT=0.01&PAYERID=ABCEDFGH&TOKEN=EC-12345678
DoExpressCheckoutPayment Response
....
Ack=Success
PAYMENTSTATUS=Completed
....
See also
SetExpressCheckout: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_nvp_r_SetExpressCheckout
GetExpressCheckoutDetails: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_nvp_r_GetExpressCheckoutDetails
DoExpressCheckoutPayment: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_nvp_r_DoExpressCheckoutPayment
As well as https://www.x.com/ > API Reference.
Note: I'm using "useraction=commit" in the redirect URL to PayPal because that will change the 'Continue' button on the PayPal 'Review Your Payment' to a 'Pay now' button. Thus implying the buyer will be immediately charged as soon as he clicks on that button. It's just handy.
Hi
I have paypal express checkout working on my site, when user buys something the transaction goes through and the merchant is able to capture payment by clicking on the capture button on the sandbox site. Problem is that I need 'capture status' returned to the site as I need to store it in database for future use, is there a way that paypal sends some notification whenever the payment is captured by the merchant.
Thanks
PayPal IPN: https://www.paypal.com/ipn
In short, include NOTIFYURL in your SetExpressCheckout and DoExpresscheckoutPayment call and you'll receive a POST on that URL when the transaction has been captured. Look for 'PAYMENTSTATUS', as that should read 'Complete'.
Don't forget to validate the POST by sending it back to https://www.paypal.com/cgi-bin/webscr?cmd=_notify-validate and checking for a VERIFIED / INVALID response.