PHP - PayPal Subscriptions - paypal

I am trying to figure out how to prevent users to subscribe more than once. I just completed a PHP application for premium membership using PayPal Subscriptions and IPN.
When users login to their account and if they are not yet premium members, they are present with the premium options they can select from a drop down list.
Once they subscribe, this form is hidden while their subscription is active. When the subscription expires, the form is shown again.
THE PROBLEM: The PayPal IPN notification is not instant and sometimes takes several minutes after successful subscription and before the first notice arrives. So the signup form is exposed during this time. Users may think their subscription did not work and may try to subscribe again. Without receiving the notice from PayPal, I have no way of knowing if the form should be hidden or not.
THE QUETION: What solution would you recommend to get around this problem?

Create subscription in your DB before you redirect user to paypal. Create special flag like active : 0. After you create inactive subscription pass to PP order_id parameter.
When you receive IPN just change subscription status active : 1
Thus you will not show subscription offer to users who is in progress but you will show another page like
Your subscription is in progress. please refresh this page in few minuts. If you still cannot get access, please contact admin.

Related

Paypal Webhook is created sufficient to imply activated

Paypal with active webhooks. We use a subscription plan.
When a customer
subscribes to the subscription plan PayPal's webhook sends us a BILLING.SUBSCRIPTION.CREATED. 

We do not get a BILLING.SUBSCRIPTION.ACTIVATED. Can I expect it being activated when it is
created or do I need to double check that?
(Side note, when trying to send an api request to activate it, an error message informs me that the subscription plan is not “suspended”. So that looks like it is already activated. Logging into PayPal also confirms it is activated.)

The documentation on it is a little vague.
Created means the user clicked the button to subscribe. It does not mean they entered any payment details, or finished subscribing.
If you are not receiving a BILLING.SUBSCRIPTION.ACTIVATED event but the subscription is active, perhaps you did not subscribe to that event?
In any case, the most useful event to listen for is PAYMENT.SALE.COMPLETED. This will occur for the first payment as well as every future payment on the schedule. You can build all your business logic with only PAYMENT.SALE.COMPLETED , using every receipt of this event to mark how long the subscription is valid for in your system (e.g. 1 month from receipt)

Check if user have valid subscription on PayPal

In our app user is paying for one year of use during checkout and then after a year we are staring to charge subscription.
Let's say that users are identified by email. So, how can I verify that user have now an active subscription ?
I have seen a few posts that suggest to build webhook and listen to PayPal events.
In our flow the initial purchase will be on WordPress website with one of the subscriptions Plugins and then I need to "activate" subscription in the App.
Is the "webhook" the only possible option with PayPal?
I have seen something in Braintree SDK related to subscription, can this work?
Seems to me too complicated to build the whole system only to verify subscription. In Stripe, for example, you can proactively ask if the user has subscription.
The webhook PAYMENT.SALE.COMPLETED informs of every completed subscription payment. Use this information to continuously update your records of whether a user has a paid-for subscription.
If you need metadata for reconciliation of which subscription corresponds to which user (since however they are identified at PayPal may not correspond to however you identify them), you can set the parameter custom_id when creating the subscription, to any value of up to 127 characters.
If you need to download a transaction history of previous payments, you can get a report in CSV format from the https://www.paypal.com account interface, typically under Activity -> All Reports -> Activity Download. This can then be imported to a database to backfill any gap in your records that you don't have webhook events for.

PayPal subscription API onApprove

I'm trying to implement the PayPal Subscription API but I'm not sure about the process flow.
I use the react-paypal-js package to generate the subscription button.
The way the users are created on my website is only through the Paypal subscription.
The process is as follow:
The user choose a plan and click on the subscribe button
The PayPal window open and the user follows the subscription process on Paypal
The user is redirected to my website
Using webhooks or with the onApprove callback, I receive the newly created subscription, create a user on my website with the Paypal email address associated with the subscription.
It all works. My problem is that I need to check, before accepting the subscription, if I already have a local user with given email and in this case, I don't want to accept the subscription (as I would then have 2 subscriptions for the same user) and display a message saying that their is already an active (or suspended) subscription associated with the given email.
As far as I can tell, when the onApprove is called or the webhook is called, the subscription has already been processed and activated.
Thanks!
You don't have to design a system in which the PayPal email used to make the payment, and the email of the user used to log into your site, have a 1:1 relationship. Instead you can have the user log and create their account with you first (as they will always need that to manage something subscription-based) and then you will know there is no subscription associated with that user before displaying the PayPal Subscribe button. Then they can pay with any PayPal account (might be the same email, might be different)
As far as I can tell, when the onApprove is called or the webhook is called, the subscription has already been processed and activated.
That is the default behavior, yes. Per the above it shouldn't be ncessary, but you can change the subscription to start in an inactive state, and show a final review step on your site that will activate it via API. This is controlled by setting application_context -> user_action -> CONTINUE (vs default SUBSCRIBE_NOW). See the API reference for subscription create, and you would of course need to use the subscription activate API call as a final step after confirmation.

Which PAYPAL method to use?

I am working an e-commerce site which will allow pdfs to be downloaded once payment is done.
So, user will put them in a cart, click buy using paypal and from there will come back to see download link on a success page.
I have implemented PDT.
Not sure which is the best option ?
Please help. I want to take care of any connection lost scenario too, like user completes payment at PAYPAL and while returning back to our site's success page, connection is lost and for some n days, user couldnt access internet as well.
I would just use the IPN.
Keep a record in your database that has all of the order items.
e.g. Order and Order Items (in 2 tables)
Then send that primary key across as the "custom" variable.
Then your ipn handler page will validate the payment and then email the customer their digital goods.

Triggering an action after Paypal Buy-Now purchase is complete

I've got a web application with a form where users can sign up for a seminar. The process is currently as follows:
Register for seminar
Registration success page with Paypal Buy-Now button to make payment
Paypal payment
Registration completion page
At present, emails are sent to the admin and the user at step 2 after registering confirming their registration. This needs to be changed so that the emails are actually sent in step 4, after payment has been made.
The application is built in ASP.NET, and all of the code to send emails, etc is all done. I'm curious as to what is the best way to trigger a process on the main website using the users details after they have completed the Paypal payment process.
From what I can see, there are the following options:
Store the data in the session. When the user returns to the registration completion page, retrieve the information and send the emails. My concern with this is that I've worked on a project in the past implementing this and it never worked very well, with the session getting lost.
Store the data in the database. Have the Paypal redirect include the transaction details in the querystring to the return page, which can retrieve the registration details using the email address and send the emails. However, this may not work if the email address used on Paypal is different from the one used to register (which is quite likely in this scenario).
Post all the details to Paypal, so that they are included in the transaction. Downsides: Won't send confirmation email to the user, only the admin (and assuming that the Paypal email address is the same as the email to which payment notifications should be sent). Also not sure if this can be used with hosted buttons.
I'm sure this is a common problem, and any advice would be appreciated. Thanks.
Use paypal instant payment notification
When the order is placed on your site, put it into a db table, with whatever you need to record. I then have an OrderId (from the db table) that I pass to paypal as an 'invoice' field, this gets passed back via ipn with a payment status etc.