I'm developing a server that will detect PayPal payments to a specific PayPal account.
I've started looking into the PayPal SDK and got lost... I saw that V1 is deprecated, so I probably should use V2.
The only thing that I need is that PayPal will call my server webhook once the account receives money.
How should I do this?
The only thing that I need is that PayPal will call my server webhook
Don't do that. Use a proper server integration.
You need two routes on your server, one for 'Set Up Transaction' and one for 'Capture Transaction', documented here: https://developer.paypal.com/docs/checkout/reference/server-integration/
The best approval flow for the customer to go through is: https://developer.paypal.com/demo/checkout/#/pattern/server , as your site stays loaded in the background, and it does not redirect away from your page.
When your capture transaction API call runs successfully and completes the order, you will have an immediate response with a payment object and transaction details. Thus, there is no need for the extra asynchronous step of waiting for a separate webhook call (which is prone to errors or exceptions), and your integration will be more robust.
Related
I have two applications settled up. One is a E-commerce (TrayCommerce) that has itself an Api (Oauth), from which I can get order, clients, products information, etc. The other one is a chatbot (Take Blip).
My goal is to make the chatbot retrieve information from the e-commerce's API so I can send it to final user.
I thought in two ways of doing it:
Hosting a javascript code inside the bot, so I can call the API whenever user requests data. However, I don't know how to implement the authentication flow on this approach and how I would, in the future, set up a system to receive notifications from the API to send information each time it is updated, since I can only host one js file per action.
Creating a NodeJS API, which will be hosted on a third party, and that will return the information I want, in a formatted way, to the chatbot. I don't know if this is over-engineering, because I already have an API from the e-commerce.
I am sorry if it is a dumb question, I am new to web development, but any information would be valuable for me to choose a workflow for this integration.
To be able to answer, the right question to ask yourself is the sensitiveness of the data inside the e-commerce; and the power granted to the generated token in the auth implementation.
Typically, a chatbot (assuming a web one) is a piece of Javascript held in the client (browser). This piece of code is perfectly readable by the user, thus you have to assume the generated token could be used to perform a request that you didn't intended him to perform.
So as a simple answer :
If — and only if — the implemented OAuth mecanism lets you limit the scope of authorization to the customer, then you can make the customer authenticate directly with TrayCommerce and the appropriate scopes (and use his token to perform on the API). Said differently, if typically TrayCommerce lets you register your Chatbot as a "client" (this is an OAuth keyword), and generate Auth journeys with appropriate 3-parties flows, granting only something like "orders:view:self" for customers, it's OK.
If the TrayCommerce API is more like a "management API"; with auth implemented in a way that you (yourself, not the customer) have to authenticate on it; then this auth mecanism is not suitable for your use-case. You then have to make an API like you described, that would act like a proxy to TrayCommerce. With considerations (see below).
In the case of you making a "Proxy API" to TrayCommerce; you are basically hiding the TrayCommerce Authentication on your server-side, and shifting that responsibility from TrayCommerce to yourself. In such a case, you have to implement your own authentication (+ authorization) mecanism on this API, to be able not to expose TrayCommerce data to the world.
I am currently working on a PayPal Subscription Integration for a client. But I had some issues with PayPal, do I need to capture the funds when the subscription is activated, and do I need to capture the funds every time the next billing cycle is hit? Or do I only need to do 1 of them?
Like, how does this work?
And how do I cancel a subscription when an error occurs when the user is trying to activate his subscription? Should I just cancel it using an API request from my server, or is there a function in the PayPal JS SDK (in the frontend) to cancel it? Since there is a method to actions.restart() restart the payment flow, but that is not what I want and doesn't work actually since that gives me an error again for some reason.
It's very confusing, the documentation also isn't helping me on that and PayPal's Community forums are kinda dead.
Thank you.
When a PayPal Subscription is approved by the payer, it will become active and bill (capture) automatically. This will be immediate if no start_date is specified.
There is no server-side activation and hence no need for an actions.restart() equivalent.
(An exception to this is if you override the application_context's user_action; this changes the verbiage to indicate you are going to show a review page, and do the activation with an API call)
Cancellations are done using API calls, not the JS SDK.
I am working on my first Paypal site. I have a form on the site that the customer fills out with custom information. I want to take that information the user fills out and have it send a message to my email along with the payment confirmation that Paypal sends. Any Idea on how to do this? I'm using Angular and Ajax for the front-end and php for the email service. Thanks
What you want is Instant Payment Notification (IPN). It will automatically POST data about any transaction that hits your PayPal account (ie. sales, refunds, disputes, etc.) to a URL that you specify so that you can receive that data and process it accordingly.
Within your IPN script you can update your database, generate email notifications, hit 3rd party web services, etc.
It's a very powerful tool for automating lots of post-transaction processing tasks.
While demanding a custom email to you as the payment receiver, what you didn't mention is the business needs behind it, or put it in other words, what you are planning to do with the custom email.
(I think this topic could turn into a big essay... My conclusion is I'd recommend IPN or EC with IPN. But below is what was on my mind when I got the conclusion.)
The emails to receiver can be used as a primitive way to notify sellers about payments they received or other transaction events. However this requires either a person's manual work to check the emails, or a program to parse the emails and get info out of the emails. Manual work is error prone and once your business grows bigger the number of emails will be overwhelming. A program to parse the emails costs a lot to develop, is unreliable because emails by nature may be delayed (applies to the manual way above too), and as PayPal doesn't consider emails as the preferred way of notification, sellers shouldn't either - maybe the content / format may change. PayPal provides a few better ways, I'll mention later.
Thus, if you want to start small, checking your emails manually could work for a while, until it becomes overwhelming. Unfortunately this email from PayPal isn't customizable.
So here are the ways I know, starting from manual to automated:
Downloaded transaction log from your PayPal profile. This works best if you don't have to check transactions very often. If you only check transactions daily, weekly or even monthly, this works. My nonsense thinking is, it would work if someone really wants to check transactions every minute... but this is really funny.
Transaction detail report. This works only if you have a business account. It's generated daily and you have to download through sFTP. It's mainly used for end-of-day transaction checking. This can also be automated.
Instant payment notification (IPN). Sent automatically once a payment is made or transaction status changes. You need a script at an accessible URL to listen to this notification, and this script should process the IPN once it arrives, for example updating your order status. https://developer.paypal.com/webapps/developer/docs/classic/ipn/integration-guide/IPNIntro/
EC with IPN. If you use Express Checkout (EC) to receive payments, EC returns transaction status immediately with the response of your API call. But, you still need IPN because there are cases which are not triggered by API calls. This is a big topic so please check below page: https://developer.paypal.com/webapps/developer/docs/classic/products/express-checkout/
For other products, similar to #3 and #4 above.
All points above can be explained in a loooong article, or many loooong articles. I'm just too lazy to explain them here.
So conclusion again, do try #3 IPN or #4 EC with IPN.
And, all those ways above may be very confusing for people who just came into this topic. If you write down your business needs instead of demanding the email, people may be able to help in a more specific way.
I want to setup a Shopify Webhook on the Order Cancellation event that will cause some javascript code to be run.
In this specific case, I want to send a negative transaction to Google Analytics to remove the transaction when an order is cancelled (as described here: https://support.google.com/analytics/answer/1037443?hl=en )
I have my callback url / page setup (PHP) and it works correctly when loaded in a browser. But the webhook apparently (obviously?) does not trigger any client side code to run.
Any ideas on how I can make this happen?
Although this does not solve the question specifically (of running javascript via a webhook) an alternative solution for this specific case would be to use Server Side Google Analytics tracking to send the negative transaction:
https://github.com/thomasbachem/php-ga
https://developers.google.com/analytics/devguides/collection/protocol/v1/
In my shoppingcart appliction i use google analytics ecommerce for analyzing purchases.
The user pays for the order using ogone. When the user comes back from ogone I handle the order and return a view which contains javascript to post the data to the google servers. This is all working great.
However when a users doesn't return to the website after the payment (by for example closing the browser) The ogone server sends a request with the payment data to a function on my shoppingcart. There i handle te order and return a view with the javascript to post the data to the google servers. But since javascript is executed on client side, will this javascript be executed ? I am not getting any results from this request (the normal one does work)
Any clues or suggestions for a better way to handle ecommerce when the customer doesn't return to the website?
To avoid the issue you should perform the log operations in your server side code - at the end the entire API is based on HTTP requests and nothing more so you can use HttpWebRequest or HttpClient class.
I'm assuming that for your purchases analysis you are tracking transactions, in that case there is a ready to use library for you:
GaDotNet
You can use it directly or analyse it source code (available at GitHub) to provide your own implementation.