is there possibly a way that the paypal api checks for duplicate IDs and return "invalid" on finding one?
Example:
If a user puts a product in her cart, browses on for a while, then checks out, can Paypal return INVALID (before she actually log into paypal to pay) because another user has bought this product (= same productID) meanwhile?
Of course I could do this check myself, but only after the user has logged into Paypal and returned to my site.
Thx for your Help
I think the expression you are searching for is "inventory management". And no, PayPal does not seem to provide this.
Roughly speaking, the traditional approach to this is to allow UserA to reserve an instance of Product#1 for a certain period of time, P. If you only have quantity=1 of Product#1 in stock, then during this time, Product#1 would appear sold out - e.g. UserB could not put an instance of it in their cart.
After period P, if you have not received confirmation from PayPal (either via PDT or IPN) that UserA has completed their purchase, then UserA's reservation expires, and Product#1 is available for sale again.
This has nothing to do with PayPal; I assume you're not interacting with PayPal API's whenever a buyer adds something to the cart on your own site.
Unless you're talking about the cmd=_cart (Website Payments Standard cart) functionality, in which case; no, this is not available as a featuer per se. You could use the 'prevent duplicate invoice' functionality for this and pass the product ID in in the 'invoice' field.
This would prevent any payments to go through for a specific 'invoice' (product ID), ensuring you can only get 1 order per unique product.
E.g.,
And turn on the following option in the PayPal account:
Profile > Website Payment Preferences > Block accidental payments
Related
I am building a payment system where a user can make a payment against an orderId
I want to make sure that only one payment gets through (gets captured)
The payment flow is like this:
1- User clicks on Paypal button
2- a Transaction PENDING_PAYMENT gets created for the user with orderId
3- User pays in Paypal
4- Paypal sends webhook and marks the payment as AUTHORIZED
5- The system CAPTURES the payment
as you see, the user can open multiple Paypal pages and pay all of them at the same time, there's no way for me to prevent this, but I want to be able to CAPTURE only one of these payments. (so I can automatically refund the rest of the payments)
I really appreciate any help, Thank you in advance.
When you set up the PayPal transaction for approval, pass a unique invoice_id to PayPal that has never before been used for a successful payment on that PayPal account. This could be your orderId, perhaps with some additional prefix added if desired. (For instance if you had multiple storefronts on the same PayPal account that might use the same order numbers, a prefix of 3 letters and a dash indicating the store name is a typical choice)
By default, PayPal accounts prevent (block) any subsequent payments for an invoice_id that was previously used for a successful payment on that account -- precisely to prevent accidental payments for the same thing, as is your use case.
I am trying to create a subscription feature on my site. The users can subscribe to a number of projects (from 1 to 30). The price of a projet: 10$.
For subscribing I use a the Subscription button. I validate the payment using the IPN from paypal. All ok.
Now I want to give to users the possibility to change the number of projects they are subscribed for. But the paypal doesn't allow an increasing of payment more than 20%.
How can I change the user's subscription ? Should I remove his profile (not sure if I understant what it is) and create a new one ?
As you saw in the documentation, PayPal Subscriptions product doesn't seem like a good match for your requirements. You could have someone re-subscribe with new (higher) premium, but you probably would be better off with a product that allowed you to simply change the recurring amount billed.
PayPal has several other products that allow you to do that; hopefully one will meet your needs. In particular look at Recurring Payments & Reference Transactions (within PayPal's classic product suite) or Future Payments (within PayPal's RESTful API suite).
I want to verify that whether user has entered valid Paypal id or not. If not than user can't do registration. I've also visited this [1]: How can I verify a PayPal ID? question but it doesn't help me :(
You can't find a direct answer because "valid PayPal ID" doesn't have a single fixed meaning. You will need to be more specific as to what you are trying to discover. Then there may or may not be a way to accomplish what you want, since PayPal protects some aspects of their customers' account and identity information for their protection (and for business reasons).
A bit of background that may help you clarify your question, if not necessarily answer it:
Any email (or phone number) can be configured to receive PayPal payments, in many cases even if the email was not attached to a PayPal account at the time the payment was sent. However, not all PayPal products can function in this way (e.g. you cannot make API calls as an account that has not been set up and has not generated API credentials). Are you asking about receiving money, and if so with which product(s)?
Most people can pay through PayPal if sent to a PayPal page, whether they are accountholders or not (depending upon the PayPal product being used). In addition to guest payments and/or direct credit card payments through PayPal, people can set up PayPal accounts when they arrive and immediately pay with them. So collecting email first and refusing to go forward if there is no PayPal account attached to that email would loose you potential customers. It would also "let through" many customers who could not pay, such as people who know an email address but don't own the attached PayPal account. PayPal also intentionally declines to easily answer questions about whether an email has an associated PayPal account in order to make it harder for bad actors to accumulate lists of PayPal accounts (often with associated personal information) for spear phishing campaigns. There are some APIs that allow you to get limited information about a PayPal account but there are limits associated with these APIs; see e.g. GetVerifiedStatus documentation at:
https://developer.paypal.com/docs/classic/api/adaptive-accounts/GetVerifiedStatus_API_Operation/
Note also that Verified has a particular technical meaning in PayPal, and is NOT AT ALL THE SAME as "able to pay you."
If you want to know if someone can log into their PayPal account, and then use that PayPal account to get information about the user (as well as potentially pay you), that's easy: use Login with PayPal. That's what it's for. Naturally this requires the user to login and assent to your use of their information.
If you want to know if someone can take a particular action (e.g. make a payment), at this moment, the only way to be certain is to actionally request that action. You have options short of actually requesting money; if you want to ensure the user has funds and reserve them for you to collect shortly you can request an authorization rather than a sale. If you want to make sure the user can log in, has payment mechanisms and generally looks ready to pay you (but WITHOUT reserving and guaranteeing funds) you can request an Order.
Hopefully one of these things is what you are asking for?
If you have a PayPal AccountID (a PayPal-generated ID rather than an externally-generated identifier like email or phone number) you can pass it to certain APIs (such as the GetVerifiedStatus), so many of the same options above apply.
I am working on a website to sell some advertisement concept online, where user can get the access of more options after opting a monthly subscription paying through recurring Paypal.
I have already implemented the recurring paypal functionality successfully except one thing. Like One can subscribe for the plan and monthly payments are deducted from the concerned account.
But I have no idea how to update my database after the first payment from the recurring paypal.
eg, a customer comes to the site, choose his options, went to paypal recurring part and made the transaction. Now I have one page , where the paypal returns the control, which is given on the return url. Now the problem is, in this page when I am updating the database, the paymanet status is pending.
Then after a while when the IPN response comes to the application, I wont able to update the earlier entry in my database, as I am not sure how to match these two entries, I mean upon which field the update query should be coded.
There's no point in updating the database at all until you get the money. When you get the money, the transaction contains everything you need to create or update the subscription.
I wanted to use Paypal's IPN service to verify payments for a recurring subscription charge for my website. How do you tie the IPN confirmations to a user in your site?
The IPN confirmation message has a name, email, paypal ID, recurring payment ID, but it seems to not give a unique identifier since I don't know where the paypal ID or recurring payment id comes from and it may not be trivial to uniquely match up the name/email that a user has on their paypal account (or entered there) with the name/email I have for them on my site (there may be many John Smith's and the person may choose to use a different email.)
1) When I send the initial payment request to Paypal, I can attach a unique UUID in the URL I ask them to send back to me, so if I save that unique ID for that user I can match that payment confirmation to the user who initiated it. Am I making that harder than it is? Is there an easier way?
2) Also, for a recurring/subscription charge, does paypal always use the URL I specified with the initial payment initiation? Does anyone have practical experience using the recurring Paypal payments with IPN's, does it reuse that unique URL? Or do I have to associate the Paypal ID's with the user after the first recurring payment is received?
Attaching unique data to the payment request is pretty much the accepted way to do it.
I don't have any experience with recurring charges.
I recently also set up some reoccurring payments with Paypal.
I actually wanted people to register as members after paying for the subscription, if they wanted to. As having to sign up as a member could add some friction to the sale process. So I don't send any user info along with the Subscribe button.
What my IPN script does is generate a unique activation code tied to the Paypal subscriptionID in the Activations table, then it sends this code to whoever paid for the subscription, with instructions on how to activate.
At the point of activation, you need to register or login. At this point the userID is added to the relevant row in the Activations table.
When the EndOfTerm IPN notification comes in the IPN script looks up the userID from the Activations table based on the SubscriberID given in the IPN. Then I can do whatever I need to do to that user to disable their subscription.
At all time the URL of the IPN script remains the same.
1) You can send an 'item_number' parameter with the initial subscription setup, which will get passed back to you. I'd suggest embedding an identification token in it.
2) If you mean the 'return' parameter, no, that's for sending the user to at the conclusion of the subscription setup. The renewal is automatic and doesn't 'ping' that page.
1) You want to be using the item_number parameter. Set this in your HTML form shown to the customer, and it will be returned to you by the paypal IPN, so you can put a database row ID in here, and use it to match up to the right person later.