I have a small question about the Stripe workflow and there is one area in particular where I would like to know your opinion and experience. My setup is: Laravel 8 and "stripe/stripe-php": "^7.97".
The workflow as I understand it:
Client wants to pay with stripe
Client sends XHR request to application server (Laravel)
The server generates a Stripe payment intent with the Stripe Key.
Stripe sends back a key.
The server passes this key on to the client.
Stripe JS is loaded (https://js.stripe.com/v3/)
Stripe JS renders a payment form (credit card number etc).
The client enters his credit card details.
The client then clicks on "pay".
Stripe receives the client's credit card information along with the Stripe Payment Intent Key.
If the data is correct, the payment process is successfully completed at Stripe.
Stripe sends back the payment status information to the client as a response.
This information will then be sent from the client to the server.
The server can mark the order as completed.
My questions:
a) Have I understood the workflow correctly?
b) Would you already store the order in the database at the payment intention (Point 3.) or only at the last point (Point 14.)?
a) Your understanding is correct. But for Step 13 and 14 you would want to use Webhook to complete your order on Server instead. More intuitive guide is on Stripe's official document.
b) On Point 3 you can create an order but need to mark its status something like uncompleted. On Point 14 you can mark it completed and start providing your service. The reason is the customer can drop off between (ie not providing Card detail and simply close the browser).
Related
I am working on stripe payment getaway one question is arising in my mind.this question in few steps i have defined below.
customer generate a payment request on my server
after input successful details customer request submitted on stripe.
stripe payment getaway done their process and they send me response either success or failure.
now what happen when stripe send me success or failure that time my server stopped working. then obviously i am not able to save stripe response in my tables. even i don't have record what my customer paid to my website.
so how would we know the stripe response even after my server stopped working on stripe callback.
i am using PHP for this.
I note that you originally tagged this question with PayPal. You should understand that Stripe works differently how a conventional PayPal checkout flow would work.
With PayPal the shopper arrives at the end of your checkout flow, they click a link to get transferred to PayPal, they login/register, confirm their card details and then PayPal sends a callback to your server. This is where your point about your server being down is relevant.
With Stripe Checkout the flow is different. You add the Stripe javascript code to the final page of your checkout, this triggers a panel (like a modal window) where the shopper enters their card details. Upon submission Stripe generates a token for the card and then adds this as a hidden fields to the form on your site.
You set the form action to point to some code on your server. Upon submission your PHP script then takes the token and processes a payment.
At no point is there a callback between Stripe and your site. Instead you take the payment in a single call from your server. Once you get a response from this API call then you can log the order in your database, send confirmation emails, etc.
Hope this helps.
I am implementing PayPal payment to my application.
I am using Laravel Framework and merchant-sdk-php package to handle NVP/SOAP API. I would accually prefer REST API, but i need customers to make Reference Transactions with various amount, in non regular time periods and as far as i know it's possible only with NVP/SOAP API.
The payment flow in shortcut:
1. Payer clicks "connect" button, which is to create billing agreement using "SetExpressCheckout" method. Amount is set to 0 and adding a Billing Agreement field to request. Customer is redirected to PayPal, log in to his account, agreeing to direct debit and finally redirected to my return url.
2. After response is come, return action is fired (the one, which is passed in returnurl field). Next using token from paypal resposne i use CreateBillingAgreement method to get "BillingAgreementID" which i store in database.
3. Using "BillingAgreementID" i make "DoReferenceTransaction" request. No prompt to login is occurring, everything is happening behind the scene. Finally i get response after transaction.
The thinks i want to know are:
1. Is there a way, to get an email address, which consumer used to log in when creating billing agreemenet? I want to show in application which PayPal account (related to mentioned email) is direct debit set to?
2. I want to make some action in databse both after "BillingAgreementID" and "DoReferenceTransaction". Is the response status "Success" and additionally in "DoReferenceTransaction" field "PaymentStatus" set to "Completed" enought to conclude, that transaction is fully completed, and i cant i.e. share some digital goods or should i wait for IPN from this request?
Thanks for all contributions!
Found solution to question 1.
After betting billing agreement id i had to make "GetBillingAgreementCustomerDetails" action. In response i got customer details including email.
Still watching for hint to second question
I am a little bit confused by the Cordova plugin by PayPal in terms of what this means for implementing a safe workflow for interacting with a Magento instance.
Normally, the Express Checkout workflow looks like this:
Customer visits Magento Site checkout
Customer is directed to PayPal
Customer is returned to Magento Site
Customer clicks 'Place Order' on Magento Site
Magento Site converts quote to order
Magento Site accesses PayPal to capture / confirm funds, check for possible fraud, etc...
The workflow imposed by the Cordova plugin appears to be like this:
Customer visits App checkout
Customer is directed to PayPal
Payment is authorized or captured based upon the configuration
Customer is directed back to App
App executes a success handler
In the above Cordova Plugin workflow, notice that the step where a quote to order conversion is missing. From my perspective, I see two options:
Insert quote -> order conversion call between 2 and 3
Caveats:
The customer may not complete checkout and now an order is permanently orphaned in the system
The customer may wish to change something (which now can't happen -- orders can't be modified)
Insert quote -> order conversion call after 5
Caveats:
The client is being trusted to notify the server that the payment was made (which requires server-side cross-examination with PayPal / additional complexity)
The client may never actually send the notification.
I do not like any of the options presented above. Can anyone help clear up my confusion or show me what I hope that I'm missing?
I've found that I am able to provide a placeholder invoice number to the Cordova application to pass on to PayPal.
PayPal can then send this invoice number along with relevant transaction details to the Magento server via an IPN. This takes the client out of the picture and fits my needs.
So really the workflow is as follows:
The client clicks on the 'PayPal Button'
A request is sent to the Magento Server to create an order and placeholder invoice
The Magento Server provides the placeholder invoice number to the client
The order is now 'Pending Payment' in Magento
The client proceeds to PayPal to make the payment
If the client successfully pays, an IPN is sent to the Magento Server and the client is returned to the App payment success page
If the client fails to pay and fails to return to the app, the order will remain as 'Payment Pending' to be cancelled by a crontask every so often
If the client fails to pay and successfully returns to the app, the app will contact the Magento Server and immediately cancel the order
I'm severely disappointed by the lack of documentation / support for this product.
I am trying to integrate the PayPal REST API into my Symfony 2 web app but I find hard to understand how exactly the complete workflow looks like:
The PayPal docs describe the following steps to accept a payment. One can use the PayPal Playground to simulate these steps:
Get an access token
Create a Payment object by querying the API
Redirect the user to the approval url received in the Payment response
After the user approved the payment on the PayPal page, he is redirected back to my page, using the success-link defined in the Payment object. Use the received information to execute the payment.
Payment is completed with status approved
From the docs: Once a payment is complete, it is referred to as a
sale. You can then look up the sale and refund it.
So far so good. BUT: Where are Webhooks used/fired in this workflow? I have defined a wildcard Webhook (accepting all possible events) in the PayPal Developer Dashboard.
My observation is, that my system receives the Webhook event 1-2 Minutes (!) after the user was redirected back to the success-link and after the payment was executed (Step 4).
Beside this long delay between executing the payment and receiving the Webhook, this workflow means, that I only receive the Webhook AFTER handling the success-link. This means, handling the success-link is absolutly necessary for the payment to be completed. Is this correct?
Do I need to use Webhooks?
I already asked this question a few days before and the answer by nifr is quite reasonable: One cannot trust the user to follow any redirect URL but should only rely on the Webhook events.
However this collides with the observations I described before, since I will never receive the Webhook without handling the redirect URL...
So, handling the PAYMENT.SALE.COMPLETED webhook event does not make a lot of sense, since this should already be done in when handling the redirect URL. Correct?
However, to handle updates on pending payments, handle refunds or reversed payments, etc. are only possible by listening on those events.
So the answer is: Only use Webhooks to get updates on payments made before. Correct?
So, the main questions are:
The 5-step process to accept payments does not say anything about using Webhooks. This does not seem to make a lot of sense, because without Webhooks one would miss update events, etc.? So, is it really possible to implement the complete payment workflow without Webhooks?
If yes, how are updates (refunds, pending, etc) handled in this case?
If no, what is the right strategy/time to fulfill the order since it take quite a long time to completly receive and handle the webhook?
i am still a newbie in PayPal world, but few days ago i integrated PayPal Plus REST API in an online Shop, and from my understanding i can tell that the workflow looks like:
create a Payment
redirect to PayPal
Payer could pay using PayPal account OR (using Bank Direct debit or Credit Card Payment without PayPal Account)
After completing the process on PayPal side, PayPal redirect the user back to your success URL.
till now the user is still not charged(you got no money). At the moment where you (in your success URL) do $payment->execute($paymentExecution,$api); , you ask Paypal to charge the amount from user. BUT also after this, you got no Money. Paypal have first to process the charging and notify you later via WebhookEvents.
the Webhook Notification (with that nasty delay) is especially important when the user pays per direct debit or Credit Card etc. Processing such Payments takes few seconds/minutes.
the redirectUrl ist absolutly necessary for charging/executing the Payment.
here on execution succeed, just to tell the user, that he finished his Job, and you can here save/capture the PaymentID/Transaction id for later usage/update via WebhookEvent Listener.
so i would recommend you to update your Database(Payment completed) only after receiving notofications via WebhookEvent Listener and not in the success RedirectUrl.
I'm currently implementing a payments platform for my website which is very similar to Stripe, but I still can't understand the process or how should I use WebHooks since I need to specify one on my account in the payments platform.
So let's say a person pays on my website for a product that costs $5, I take them to the payment form where they will introduce credit card details. Now when they click "Pay Now" everything gets verified via javascript/jquery and sent to my server and I'm able to charge the user successfully and see it reflected on my Sandbox from my account on the payment platform. Where or when should WebHooks be used or called, or why do I need them?
Thanks in advance
Webhooks are a way to communicate with your application. With many APIs, you send them a request and the API response is included in the response to your request. But what if the request you make is asynchronous, or if for some reason the API you're using wants to be able to communicate with your application by calling it directly as opposed to waiting for you to make the request.
With webhooks, you'd open an endpoint on your application that the other API / service can send requests to so that you can process their requests. You can almost think of it as push notifications for web applications.
With payments the standard use case for webhooks is to handle subscription renewals. So a customer would sign up today and you'd now in response to your createSubscription call whether or not the subscription was created successfully, but how do you know whether or not the subscription renewed successfully? You could either just poll the payments API over and over again, or the payments API can send you a webhook event saying the subscription renewed and in your webhook handler logic you can handle what to do internally (like send a receipt, update some db fields, etc)
Imagine when you book a hotel room on a travel website. You select the check-in date and check-out date, the website calculates the price and you click on the pay button. Stripe takes care of the payment process.
Now since you booked a hotel room, the website has to save that booking details in their database to make sure that room is reserved for you on certain days so that someone else cannot try to book the same room on those days. Before the website reserves that room for you, it has to be sure that your payment process is successfully completed. Stripe uses webhooks to notify the website and actually, website is subscribed to listening for checkout.session.completed event by stripe. Once the website receives that notification then it will book your room.