Page Protection - paypal

I've had a difficult time working with PayPal express checkout... Basically I'm looking to protect a PAGE, not a download or anything. The user pays and they can access that page one time. And have to pay each time they want to access the page.
Does anyone have a simple PHP solution to protect my page until the person pays through PayPal? Or even a pre-written example of the PayPal code for Digital Goods for Express Checkout?
Thanks in advance.

PayPal doesn't have much to do with this -- it's all about the logic you place on your 'return page' (the page the buyer returns to after they have completed payment).
For a simple Express Checkout integration you would:
1. Call the SetExpressCheckout API
2. Supply the AMT, RETURNURL and CANCELURL
3. Retrieve the token as returned in the SetExpressCheckout response.
4. Redirect the buyer to https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-xxxtoken-herexxx&useraction=commit
5. When the buyer agrees to the payment and is returned back to your RETURNURL, call the GetExpressCheckoutDetails API and supply the token to retrieve the PayerID (alternatively; the token is also appended in the GET array for your RETURNURL)
6. Call DoExpressCheckoutPayment to finalize the payment.
7. Now that the payment is complete, do whatever logic you have to to ensure the transaction is completed and provide the buyer access to the content you wish him/her to see (could be the RETURNURL page itself, or a completely different page).
Sample (NVP) API calls would look similar to the following:
SetExpressCheckout Request
METHOD=SetExpressCheckout&USER=yourAPIuser&PWD=yourAPIpwd&SIGNATURE=yourAPIsig&VERSION=78.0&AMT=0.01&RETURNURL=http://www.your-return-url.com/&CANCELURL=http://www.cancelurl.com/
SetExpressCheckout Response
......
Ack=Success
TOKEN=EC-12345678
.......
GetExpressCheckoutDetails Request
METHOD=SetExpressCheckout&USER=yourAPIuser&PWD=yourAPIpwd&SIGNATURE=yourAPIsig&VERSION=78.0&TOKEN=EC-12345678
GetExpressCheckoutDetails Response
.....
Ack=Success
PAYERID=ABCDEFGH
......
DoExpressCheckoutPayment Request
METHOD=SetExpressCheckout&USER=yourAPIuser&PWD=yourAPIpwd&SIGNATURE=yourAPIsig&VERSION=78.0&AMT=0.01&PAYERID=ABCEDFGH&TOKEN=EC-12345678
DoExpressCheckoutPayment Response
....
Ack=Success
PAYMENTSTATUS=Completed
....
See also
SetExpressCheckout: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_nvp_r_SetExpressCheckout
GetExpressCheckoutDetails: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_nvp_r_GetExpressCheckoutDetails
DoExpressCheckoutPayment: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_nvp_r_DoExpressCheckoutPayment
As well as https://www.x.com/ > API Reference.
Note: I'm using "useraction=commit" in the redirect URL to PayPal because that will change the 'Continue' button on the PayPal 'Review Your Payment' to a 'Pay now' button. Thus implying the buyer will be immediately charged as soon as he clicks on that button. It's just handy.

Related

Paypal PhP api security issue

I was trying to use the express checkout php api. Everything is working well in the sandbox environment. My question is regarding security.
After payment the sample code redirects to GetExpressCheckout.php?token=...$PayerID=.....; But after clicking "confirm payment" in my site and logging in to paypal account (did not confirm payment in paypal); I directly opened the same page in another tab, and it showed payment successful (which is not the case). Is there a way to prevent this or am I missing some thing.
I'm not following exactly what you're trying to say here.
The process needs to be...
1) Call SetExpressCheckout to retrieve your token and redirect to PayPal accordingly.
2) PayPal will return the user back to your ReturnURL if they confirm payment, at which point you can call GetExpressCheckoutDetails (optionally) and DoExpressCheckoutPayment to finalize the payment.
Not until DECP is completed does any transaction actually take place. The success message you're seeing probably came from GetExpressCheckoutDetails, which does nothing more than retrieve the buyer/order info so that you can finalize the payment on your site.

Paypal express-checkout with option useraction=commit not creating transaction

I have integrated paypal express-checkout in a website. All seems to work fine. When customer is redirected to paypal for payment, the button Pay Now appears, since I am using:useraction=commit, i.e.:
https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=MYTOKEN&useraction=commit
Customer logs in from Paypal and clicks on the Pay Now button. Paypal gives no error, everything seems to be successful and customer is redirected at the RETURNURL, but no transaction is created in the buyer or in the seller account.
I'm afraid I missed some points from Paypal API documentation.useraction=commit will NOT complete the transaction. After returning from Paypal, we still need to execute DoExpressCheckoutPayment in order to complete the transaction.
Like George said, useraction=commit does not complete the transaction. It only changes the PayPal UI so the customer feels they have confirmed it there, so you don't have to add confirmation UI on your site. You still need to make the request behind the scenes to confirm it.
PayPal's docs say this:
The useraction URL parameter in your redirect to PayPal determines
whether buyers complete their purchases on PayPal or on your website.
If you set useraction to commit, PayPal sets the button text to Pay
Now on the PayPal Review your informaton page. This text lets buyers
know that they complete their purchases if they click the button.
After PayPal redirects buyers to your site, call
GetExpressCheckoutDetails and DoExpressCheckoutPayment to have PayPal
complete the payment successfully. Call DoExpressCheckoutPayment
without waiting for buyer interaction. Use information in the
GetExpressCheckoutDetails response to fill out your order confirmation
page.

Paypal recurring + purchase

After looking through Paypal docs for a solution for this circumstance, I came up blank. What I want is a way to have a shopping cart with a subscription (recurring payment) and an item purchase. Is there a method that would resolve this or would I have to do something custom ( and how would I go about that if I'm using Paypal standard buttons for cart / checkout ).
Thanks in advance.
Yes, you can do this with Express Checkout Recurring Payments.
You would simply need to ensure you include an AMT in your SetExpressCheckout and DoExpressCheckoutPayment API calls.
A general Express Checkout checkout flow is based on three API calls; SetExpressCheckout, GetExpressCheckoutDetails and DoExpressCheckoutPayment.
SetExpressCheckout sets up the payment and returns a token
You redirect the buyer to https://www.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=TOKEN-HERE, where TOKEN-HERE is the token you received earlier
After the buyer has agreed to the payment, he is returned back to your site.
You can call GetExpressCheckoutDetails and supply the token as a parameter to get the PAYERID of the buyer.
Call DoExpressCheckoutPayment with the token and PAYERID supplied to finalize the payment
If you wish to use Recurring Payments, you would use the following flow:
1. Call SetExpressCheckout and set BILLINGTYPE to 'RecurringPayments' and set 'AMT' to 0 OR to any amount you wish to charge the buyer immediately. .
2. Retrieve the token from the API response for SetExpressCheckout
3. Call DoExpressCheckoutPayment and set the 'AMT' to the amount you'd like to charge immediately.
4. Call CreateRecurringPaymentsProfile and supply the token, specify all other required parameters (billingfrequency, among others).
(Optional) 5. Use UpdateRecurringPaymentsProfile if you wish to update your recurring payments profile..
You can find additional documentation for Express Checkout at https://www.x.com/community/ppx/documentation#ec as well as our SDK's at https://www.x.com/community/ppx/sdks#NVP
You can find an overview with links to the relevant API documentation for SetExpressCheckout, DoExpressCheckoutPayment, CreateRecurringPaymentsProfile and UpdateRecurringPaymentsProfile at https://www.x.com/docs/DOC-1372

Not receiving money through Paypal Express Checkout API

I developed a small payment process that uses the Express Checkout API. I'm testing the code with my friend's account with $1. My payment process is redirecting to the live paypal site, he enters his information and pays, he is redirected to my confirmation thank you page, but I never receive funds. I've checked my API credentials in the code, and they are OK. I'm receiving a token and paypal payerid info on my confirmation screen. What could be the problem?
Thank you in advance.
See my answer in Why is DoExpressCheckoutPayment required for Paypal?
In order to use Express Checkout, you must call at least the following API calls:
1. SetExpressCheckout -- to set up the transaction.
2. DoExpressCheckoutPayment -- to finalize the transaction.
If you don't call DoExpressCheckoutPayment on the 'Thank you' page, the transaction is not completed. This is by design to allow for greater flexibility
Express Checkout is intended as a drop-in solution in your own checkout process. After Express Checkout redirects you back to your site, you're supposed to show an order confirmation where the buyer can review his/her final order details before initiating a button / link which initiates the final DoExpressCheckoutPayment API call. This is why DoExpressCheckoutPayment is required.

Capturing payment; express checkout

Hi
I have paypal express checkout working on my site, when user buys something the transaction goes through and the merchant is able to capture payment by clicking on the capture button on the sandbox site. Problem is that I need 'capture status' returned to the site as I need to store it in database for future use, is there a way that paypal sends some notification whenever the payment is captured by the merchant.
Thanks
PayPal IPN: https://www.paypal.com/ipn
In short, include NOTIFYURL in your SetExpressCheckout and DoExpresscheckoutPayment call and you'll receive a POST on that URL when the transaction has been captured. Look for 'PAYMENTSTATUS', as that should read 'Complete'.
Don't forget to validate the POST by sending it back to https://www.paypal.com/cgi-bin/webscr?cmd=_notify-validate and checking for a VERIFIED / INVALID response.