Stripe: do checks before accepting a payment - javascript

I have stripe already integrated and working but now I'm trying to manage some "corner cases" that can happen in a regular usage and found a case that i'm not sure how to manage.
In my platform all the products i will provide are going to be unique and buyable only once. If 2 people try to buy the same product concurrently, one of them will get it, and the other should get an error when trying to complete the payment.
Currently i have setup webhooks so the backend is able to detect the case but i don't know how to notify stripe to cancel that PaymentIntent at that exact moment, being able to notify also the user.
Is there anything i can do to achieve this? would i be able to cancel the PaymentIntent on that moment so the user can have a custom error message?
Thanks a lot!

Related

PayPal Subscription Integration | Confusion with Capturing Funds

I am currently working on a PayPal Subscription Integration for a client. But I had some issues with PayPal, do I need to capture the funds when the subscription is activated, and do I need to capture the funds every time the next billing cycle is hit? Or do I only need to do 1 of them?
Like, how does this work?
And how do I cancel a subscription when an error occurs when the user is trying to activate his subscription? Should I just cancel it using an API request from my server, or is there a function in the PayPal JS SDK (in the frontend) to cancel it? Since there is a method to actions.restart() restart the payment flow, but that is not what I want and doesn't work actually since that gives me an error again for some reason.
It's very confusing, the documentation also isn't helping me on that and PayPal's Community forums are kinda dead.
Thank you.
When a PayPal Subscription is approved by the payer, it will become active and bill (capture) automatically. This will be immediate if no start_date is specified.
There is no server-side activation and hence no need for an actions.restart() equivalent.
(An exception to this is if you override the application_context's user_action; this changes the verbiage to indicate you are going to show a review page, and do the activation with an API call)
Cancellations are done using API calls, not the JS SDK.

Paypal check if user has already purchased something

Is it anyhow possible to check from a website with paypal js client lib and API's whether a user/customer has already payed for a digital downloadable good?
Is it possible to check whether the user has a valid subscription (which is payed)?
Is it possible to allow a purchase only once and paypal redirects the user back with a notice he already has purchased it?
What I like to achieve:
If the user has already payed for a document/subscription, he should not need to
pay a second time but rather directly get the download. My idea, if
the user previously payed for it, I'd like to replace the paypal pay
button with a download button.
The whole check should happen from the Website and not
server-to-server communication.
Download must no be secured if not payed. I do know this may NOT be secure and the user may be able to download the document without paying. That is okay, because this is a test whether the user is willing to pay for something and implementation should be as simple as possible for now.
I lack to find the functionality within the PayPal API's. I found the list payments, but for me this seems more like a server to server API or?
How do you know who the "user" is when they visit your site? Are you proposing having them log in to your site with their PayPal account? (Connect with PayPal integration?). That would be very unusual, and unsuitable for people who paid with PayPal as a guest.
So what you are proposing is somewhere between impractical and not possible.
Instead, you need to authenticate the user yourself -- provide them with a username/password to login, for example, or a unique link, though be warned such links could be shared. Then, once authenticated, check your own database as to whether they paid/subscribed or not. You need to maintain your own records.
Expecting a payment processing service to somehow do any of this for you is a misplaced expectation.
Typical implementations are to send an email with the download link, or to use a digital product delivery service such as for example e-junkie

Node.js Stripe Connect implementation with already created users on my platform

I am trying to add Stripe Connect to my app, but I do not want to create users using Stripe Connect integration. I have my own user sign up process, because not every user will need the payment option provided by Stripe so I do not want to force everyone signing up to Stripe if they do not need it. That is where my problem is. I follow Stripe's quite nice and straight forward documentation here: (https://stripe.com/docs/connect/enable-payment-acceptance-guide).
My problem is that I do not know how to save the user's stripe_account_id which the oauth return s to the /connect/oauth path so it is saved to appropriate user since there is no id of the user passed. How can I find out, which user is connecting to Stripe and save the id to his account in database? I feel like I am missing something here. I understand this would work if I would create a user but I cannot do it that way.
Thank you for help.
When you create the OAuth link that connects your users to your platform, you can pass in an arbitrary state string which Stripe will then pass back to you after the link is completed. If you put your user's unique ID in there, you'll be able to link the completed connection back to your user in your database.

How to disable a user from firebase?

In the firebase API
https://firebase.google.com/docs/auth/web/manage-users
we can delete users, but how could we prevent users from simply registering again, in the GUI for firebase we have the option to disable users , how could we do this in the program, for example if we are building a admin panel that checks posts for a listing site that have been reported, and we want to disable the creator or the reporter for spamming as part of availiable actions.
Thanks.
I develop in react if that changes the answer.
To prevent the user from re-registering, you should disable account instead of deleting it. This will prevent the user from signing in again, and from refreshing their ID token. If you want to do this programmatically, have a look at updating a user with the Admin SDKs. For example, in Node.js it'd be:
admin.auth().updateUser(uid, { disabled: true })
Keep in mind however that even after disabling the account, their existing ID token will remain valid until it expires (typically within an hour), and cannot be revoked. If you want to prevent them from posting in the meantime, you'll also want to keep a list of blacklisted/blocked UIDs somewhere, and check against that list before allowing them to write/access the data.
You will not be able to programmatically disable a user from the frontend of your app. You will need a backend, and use the Firebase Admin SDK to update the user account to become disabled. The API is updateUser.
Well they can always register again (in case the website is public/ not invite-only), with completely different credentials.
You can do a matching of the new data and existing blocked users, and if it matches above a threshold, flag them.
And you can improve your reporting, the faster you detect a user who should be blocked, the better.
Can't say I'm super familiar with Firebase but ill try and help (can't hurt).
Have you tried to blacklist the IP of the user in question?
Hope I helped :)
Have a good day!

paypal custom confirmation email

I am working on my first Paypal site. I have a form on the site that the customer fills out with custom information. I want to take that information the user fills out and have it send a message to my email along with the payment confirmation that Paypal sends. Any Idea on how to do this? I'm using Angular and Ajax for the front-end and php for the email service. Thanks
What you want is Instant Payment Notification (IPN). It will automatically POST data about any transaction that hits your PayPal account (ie. sales, refunds, disputes, etc.) to a URL that you specify so that you can receive that data and process it accordingly.
Within your IPN script you can update your database, generate email notifications, hit 3rd party web services, etc.
It's a very powerful tool for automating lots of post-transaction processing tasks.
While demanding a custom email to you as the payment receiver, what you didn't mention is the business needs behind it, or put it in other words, what you are planning to do with the custom email.
(I think this topic could turn into a big essay... My conclusion is I'd recommend IPN or EC with IPN. But below is what was on my mind when I got the conclusion.)
The emails to receiver can be used as a primitive way to notify sellers about payments they received or other transaction events. However this requires either a person's manual work to check the emails, or a program to parse the emails and get info out of the emails. Manual work is error prone and once your business grows bigger the number of emails will be overwhelming. A program to parse the emails costs a lot to develop, is unreliable because emails by nature may be delayed (applies to the manual way above too), and as PayPal doesn't consider emails as the preferred way of notification, sellers shouldn't either - maybe the content / format may change. PayPal provides a few better ways, I'll mention later.
Thus, if you want to start small, checking your emails manually could work for a while, until it becomes overwhelming. Unfortunately this email from PayPal isn't customizable.
So here are the ways I know, starting from manual to automated:
Downloaded transaction log from your PayPal profile. This works best if you don't have to check transactions very often. If you only check transactions daily, weekly or even monthly, this works. My nonsense thinking is, it would work if someone really wants to check transactions every minute... but this is really funny.
Transaction detail report. This works only if you have a business account. It's generated daily and you have to download through sFTP. It's mainly used for end-of-day transaction checking. This can also be automated.
Instant payment notification (IPN). Sent automatically once a payment is made or transaction status changes. You need a script at an accessible URL to listen to this notification, and this script should process the IPN once it arrives, for example updating your order status. https://developer.paypal.com/webapps/developer/docs/classic/ipn/integration-guide/IPNIntro/
EC with IPN. If you use Express Checkout (EC) to receive payments, EC returns transaction status immediately with the response of your API call. But, you still need IPN because there are cases which are not triggered by API calls. This is a big topic so please check below page: https://developer.paypal.com/webapps/developer/docs/classic/products/express-checkout/
For other products, similar to #3 and #4 above.
All points above can be explained in a loooong article, or many loooong articles. I'm just too lazy to explain them here.
So conclusion again, do try #3 IPN or #4 EC with IPN.
And, all those ways above may be very confusing for people who just came into this topic. If you write down your business needs instead of demanding the email, people may be able to help in a more specific way.

Categories

Resources