I've got a site that offer users 3 different subscription plans (with 3 different prices). So there's a sign up page with 3 different subscribe buttons, each of which opens Stripe Checkout for the appropriate amount for each plan (I'm using the standard Stripe simple Checkout integration https://stripe.com/docs/checkout#integration-simple ) .
On my server I know which plan a user has subscribed to because I've got a hidden field in each Stripe Checkout button form with the plan name. The problem is how to stop someone editing the form (e.g. using developer tools in their browser) and changing the hidden plan field so they get e.g. the Gold plan at the Basic plan price.
The obvious solution seemed to be to check the amount associated with the stripeToken that Stripe returns (i.e. the same as the data-amount field in the Stripe Checkout form), before calling the Stripe API to actually subscribe the user. However, I'm not sure how to get the amount from Stripe using just the token and can't find an obvious API call for this.
Or is there some better way of handling multiple subscription plan options while ensuring a user can't somehow get away with paying a lesser amount?
Thanks.
Related
I am implementing PayPal payment to my application.
I am using Laravel Framework and merchant-sdk-php package to handle NVP/SOAP API. I would accually prefer REST API, but i need customers to make Reference Transactions with various amount, in non regular time periods and as far as i know it's possible only with NVP/SOAP API.
The payment flow in shortcut:
1. Payer clicks "connect" button, which is to create billing agreement using "SetExpressCheckout" method. Amount is set to 0 and adding a Billing Agreement field to request. Customer is redirected to PayPal, log in to his account, agreeing to direct debit and finally redirected to my return url.
2. After response is come, return action is fired (the one, which is passed in returnurl field). Next using token from paypal resposne i use CreateBillingAgreement method to get "BillingAgreementID" which i store in database.
3. Using "BillingAgreementID" i make "DoReferenceTransaction" request. No prompt to login is occurring, everything is happening behind the scene. Finally i get response after transaction.
The thinks i want to know are:
1. Is there a way, to get an email address, which consumer used to log in when creating billing agreemenet? I want to show in application which PayPal account (related to mentioned email) is direct debit set to?
2. I want to make some action in databse both after "BillingAgreementID" and "DoReferenceTransaction". Is the response status "Success" and additionally in "DoReferenceTransaction" field "PaymentStatus" set to "Completed" enought to conclude, that transaction is fully completed, and i cant i.e. share some digital goods or should i wait for IPN from this request?
Thanks for all contributions!
Found solution to question 1.
After betting billing agreement id i had to make "GetBillingAgreementCustomerDetails" action. In response i got customer details including email.
Still watching for hint to second question
I want my PHP web application to have the ability to save the user's PayPal details in their user account.
When they go to purchase items, rather than going through the standard PayPal form, it will automatically grab the user's PayPal details from their user account, and make the payment directly from my website. There is definitely a way to do this, as I have seen this feature on sites such as Freelancer.com
Thanks for the help! :)
No, you don't need Payments Pro for that. That would only be if you want to do it with direct credit cards. What you're after in general is called Reference Transactions, and when done with PayPal Express Checkout it uses Billing Agreements.
You'll use Express Checkout and/or Payments Pro (optional) to process an original authorization or sale transaction. Then, you can send that ID you get back in that original transaction along with a new amount in the DoReferenceTransaction API and that new amount will be instantly processed without any redirection or further authorization required.
I got a simple Digital Goods Checkout to work in Sandbox mode. I have a "Pay with PayPal" button that I can click which pops up an window for logging into PayPal. After that it redirects me to my purchasemade.php script, and from there I can successfully download a file.
My problem is that on my website I'm going to sell many products, so I need to know which product they want to download when they finish the purchase. Each product has a unique ID, so I thought I'd pass that ID as the item number in the HTML form as a hidden field named "item_number". However, I don't know how to read that value once I reach the purchasemade.php.
How do I read values passed in POST in the original form? Otherwise, what's the best way of identifying a product? I'm using PHP as my scripting language for this project.
If you're going to stick with Payments Standard I would recommend using IPN to deliver your digital goods. You could use PDT (which is very similar to IPN) to send order data back to the page the user gets redirected to, however, there is no guarantee they will make here even with Auto-Return enabled in your PayPal account.
Alternatively, you could use the Express Checkout API instead of Payments Standard. This method guarantees the user will make it back to your site prior to completing payment. This will allow you to utilize session variables so you can present the download to the user on the thank you/receipt page.
Still, though, I think IPN would be your best bet regardless of which way you go. You can use it to auto-deliver the digital goods, send out general email notifications, update your database, hit third party web services, etc. all in real-time.
I have a scenario where a user can input the amount he wants to be billed. I use buynow buttons that are created using code. Now in this case what what i had in mind was to:
Set minimum billing amount to 10$
If he enters below that, give error.
Set the amount of buynow button 10$ when form loads.
Once User inputs a number greater than 10 do an ajax request to controller
Check if their is a button saved in DB against that amount that was created earier on PayPal.
If button does not exist, create a new one on PayPal, save button in the DB.
Return the HTML of the newly created button
Replace the existing button with the returned HTML
Problem with this approach is that it might be too heavy. I also do not want to spread form over 2 pages. Are there any alternate and better options? Can i do some tweaks to make this option more robust?
A better option in this case would be to use the API and do the payments via either Express or Payments Pro. Essentially, you're trying to over-complicate this by making the buttons to the job of the API; getting the worst of both worlds in the process.
You could still utilize a "pay now" button graphic, but just submit your own request to the paypal express gateway (exactly what the button does for you) with a couple curl commands.
There are many tutorials available, but PayPal provides PHP code and a complete walkthrough on their site, so best, in my opinion, to go right to the source.
Log into PayPal -> Merchant Services -> Express Checkout
Under "Setting it up", you'll find all the implementation details.
I'm working on a project that ties into an API and uses virtuemart. Basically a user can buy time for a phone card. the few things I need help with are:
A) can/how can I create a custom php function once the user signs up. For instance, the user adds Items to the cart and proceeds to checkout. once the user clicks checkout they need to create an account, after they create an account is there an area in this process that allows for a custom function so that I can tie the creation of the account to an API?
B) same as above but after checkout. After the checkout goes through, how can I make it so the new values are sent to the API? Is there an area in the files that allow for custom functions here.
C) Lastly is it possible to add more options the the virtuemart customer account maintnance screen. I want an option that will tie into the API and show them exactly how much time the have left for their phone card. This information will be provided by the api.
All of these things can be achieved with a System Plugin. You would simply look for the right url, get any information from the result screen with regex, call your API and insert any changes back into the screen.
I'm not specifically aware of any VM functions for this, but as VM is in flux with Version 2 getting closer, it may not be a good time for any such investment in any case.