I am trying to integrate the PayPal REST API into my Symfony 2 web app but I find hard to understand how exactly the complete workflow looks like:
The PayPal docs describe the following steps to accept a payment. One can use the PayPal Playground to simulate these steps:
Get an access token
Create a Payment object by querying the API
Redirect the user to the approval url received in the Payment response
After the user approved the payment on the PayPal page, he is redirected back to my page, using the success-link defined in the Payment object. Use the received information to execute the payment.
Payment is completed with status approved
From the docs: Once a payment is complete, it is referred to as a
sale. You can then look up the sale and refund it.
So far so good. BUT: Where are Webhooks used/fired in this workflow? I have defined a wildcard Webhook (accepting all possible events) in the PayPal Developer Dashboard.
My observation is, that my system receives the Webhook event 1-2 Minutes (!) after the user was redirected back to the success-link and after the payment was executed (Step 4).
Beside this long delay between executing the payment and receiving the Webhook, this workflow means, that I only receive the Webhook AFTER handling the success-link. This means, handling the success-link is absolutly necessary for the payment to be completed. Is this correct?
Do I need to use Webhooks?
I already asked this question a few days before and the answer by nifr is quite reasonable: One cannot trust the user to follow any redirect URL but should only rely on the Webhook events.
However this collides with the observations I described before, since I will never receive the Webhook without handling the redirect URL...
So, handling the PAYMENT.SALE.COMPLETED webhook event does not make a lot of sense, since this should already be done in when handling the redirect URL. Correct?
However, to handle updates on pending payments, handle refunds or reversed payments, etc. are only possible by listening on those events.
So the answer is: Only use Webhooks to get updates on payments made before. Correct?
So, the main questions are:
The 5-step process to accept payments does not say anything about using Webhooks. This does not seem to make a lot of sense, because without Webhooks one would miss update events, etc.? So, is it really possible to implement the complete payment workflow without Webhooks?
If yes, how are updates (refunds, pending, etc) handled in this case?
If no, what is the right strategy/time to fulfill the order since it take quite a long time to completly receive and handle the webhook?
i am still a newbie in PayPal world, but few days ago i integrated PayPal Plus REST API in an online Shop, and from my understanding i can tell that the workflow looks like:
create a Payment
redirect to PayPal
Payer could pay using PayPal account OR (using Bank Direct debit or Credit Card Payment without PayPal Account)
After completing the process on PayPal side, PayPal redirect the user back to your success URL.
till now the user is still not charged(you got no money). At the moment where you (in your success URL) do $payment->execute($paymentExecution,$api); , you ask Paypal to charge the amount from user. BUT also after this, you got no Money. Paypal have first to process the charging and notify you later via WebhookEvents.
the Webhook Notification (with that nasty delay) is especially important when the user pays per direct debit or Credit Card etc. Processing such Payments takes few seconds/minutes.
the redirectUrl ist absolutly necessary for charging/executing the Payment.
here on execution succeed, just to tell the user, that he finished his Job, and you can here save/capture the PaymentID/Transaction id for later usage/update via WebhookEvent Listener.
so i would recommend you to update your Database(Payment completed) only after receiving notofications via WebhookEvent Listener and not in the success RedirectUrl.
Related
I am implementing PayPal payment to my application.
I am using Laravel Framework and merchant-sdk-php package to handle NVP/SOAP API. I would accually prefer REST API, but i need customers to make Reference Transactions with various amount, in non regular time periods and as far as i know it's possible only with NVP/SOAP API.
The payment flow in shortcut:
1. Payer clicks "connect" button, which is to create billing agreement using "SetExpressCheckout" method. Amount is set to 0 and adding a Billing Agreement field to request. Customer is redirected to PayPal, log in to his account, agreeing to direct debit and finally redirected to my return url.
2. After response is come, return action is fired (the one, which is passed in returnurl field). Next using token from paypal resposne i use CreateBillingAgreement method to get "BillingAgreementID" which i store in database.
3. Using "BillingAgreementID" i make "DoReferenceTransaction" request. No prompt to login is occurring, everything is happening behind the scene. Finally i get response after transaction.
The thinks i want to know are:
1. Is there a way, to get an email address, which consumer used to log in when creating billing agreemenet? I want to show in application which PayPal account (related to mentioned email) is direct debit set to?
2. I want to make some action in databse both after "BillingAgreementID" and "DoReferenceTransaction". Is the response status "Success" and additionally in "DoReferenceTransaction" field "PaymentStatus" set to "Completed" enought to conclude, that transaction is fully completed, and i cant i.e. share some digital goods or should i wait for IPN from this request?
Thanks for all contributions!
Found solution to question 1.
After betting billing agreement id i had to make "GetBillingAgreementCustomerDetails" action. In response i got customer details including email.
Still watching for hint to second question
We have a little problem in our system, we allow customers to pay using PayPal which is great!
But in the following situation we have this issue:
A customer pays us using PayPal.
We send the product to our customer when the transaction has completed.
A few days later, PayPal refuses to pay us because the customer have his PayPal account connected with his bank account. And the funds on that bank account is too low.
So, is there a way to let PayPal know us when this happens through API/URL call to our server ?
As Dagon mentioned, IPN is the best way to handle this.
You'll setup a listener script on your server, and every time a transaction happens on your PayPal account, the PayPal server will POST data about that account to your listener script. You'll get different parameters depending on the type of transaction that occurs. You can see a list of the types and parameters here.
You can build your email notifications, database updates, etc. into your IPN script to fully automate post-payment processing tasks.
So, in the example you've provided, what would happen is when the transaction first takes place the IPN would be triggered with a payment_status of Pending, and then you'd also see a parameter called pending_reason with a value of echeck. This tells you the payment was made, but it's an echeck which takes time to clear, so the status again is Pending instead of Completed.
A few days later when that payment does clear (or fails) you'd get another IPN with an updated payment_status. Only upon receiving an actual COMPLETED payment_status would you then would you deliver the order.
Again, this can all be automated within your IPN script.
How can I capture paypal IPN and Authorize.net "Silent Post" messages?
I'm fine with how to make payments with Omnipay but I could not yet figure out how to listen to the callbacks from these APIs to detect changes for my payments.
For example Authorize.net processes it's credit card payments one time per day (late night for me) and then sends out it's messages via their so called "silent post" (its just a http POST) notifications. So the API call might be immediately "accepted" but I won't know for sure if everything is OK with the payment until I receive the callback.
So how do I set up Omnipay to listen to APIs that do these kind of delayed callbacks?
I'm aware that I'll need a callback URL like /payments/callback/ to load the right gateway to do something with the callback. But I could not yet figure out what method(s) from Omnipay I have to use for it.
Omnipay doesn't support notifications for existing payments. It automatically handles the first notification which is made directly after a payment, but doesn't yet have methods to handle notifications if you change the status of a payment (for example by refunding it from PayPal's control panel, it will not update in your database automatically).
Note this isn't needed for the initial payment. Especially with PayPal Express the payment is not confirmed until the customer returns to your site, so there is no chance of them closing the browser window and the payment being lost.
If you want to set up a notification endpoint and listen for events which happen after the payment is processed, you will need to add a new request type to Omnipay.
I am running a e-commerce website and I want to integrate PayPal. I need to know immediately whether a user paid successfully or not after they paid via their credit cards. Is there a chance i can do that with PayPal?
I've heard PayPal has a service called IPN, which can post to my server and tell me the transaction's status. But lots of people are complaining that there are huge delays with IPN's PHP API.
Just finished an IPN integration a few hours ago :).
IPN stands for INSTANT payment notifications. In most times it just works(hi Apply fans!).
You add a form with variables such as currency and return URL and with a special page that you expect Paypal to send transaction information when the payment is made. Receiving a notification does not mean funds are sent to your account but the transaction has completed. (possible reasons to not get funds to your account include problems with card provider, incomplete accounts, etc)
You will face some questions regarding specific problems. But I would suggest checking paypal site and it's API docs. They are pretty straight forward and with a little understanding in your programming language and how HTTP works, you can implement it.
I have seen some posts about PayPal IPN system is slow. I have not seen it myself but in most cases, I'm sure you will get paypal API calls just before the user come back to your site.
I've had great success with nSoftware's PayPal plugins.
I'm doing a project involving Paypal, more specifically with the NVP API in PHP. But I just can't seem to figure what to use the IPN feature for.
I mean, when the user has been redirected to Paypal to confirm the purchase, he is redirected back to my website's "Paypal-succes-page", when the transaction is complete. And just to be sure that he actually payed i could use the "PaymentDetails" operation.
Now where does IPN fit in this process? and what is the benefit of it?
Thanks
The integrate with PayPal's services you will notice there are three main channels (and IMO it's important to know this so you can decide the benefits for your application):
IPN: Instant Payment Notification
PDT: Payment Data Transfer
PayPal's API
To use PayPal's IPN you need to add a 'listener' script (example) and add the address to your PayPal account. Whenever an event occurs PayPal will send a message directly to your server via your listener and you then update your accounts appropriately. This is especially useful for running subscription services as events will occur in the background without user intervention and you can capture successful/failed recurring payments etc.
PayPal's PDT is a system for accepting data when a user is redirected back to your site from PayPal. For example, a user clicks 'Buy', they are directed to PayPal, enter information etc. Then, once the payment has been taken, they are redirected back to your site. PayPal can pass details about the transaction including whether it was successful or not so you can display the appropriate success/failed page from your site.
PayPal's API allows you to integrate more deeply with PayPal's services, and you would use this if you were managing payments directly from your site.
These services aren't mutually exclusive, so you can use any combination with your application.
I hope this helps
The IPN feature is a very useful feature which you should use to update your database in my opinion. Sure the user is redirected to your success-page after the purchase where you can validate the payment details.
But what if he closes (by accident or not) the browser before reaching your success page? You will never know the result of the transaction and you will never update your database or process his order accordingly.
When using the IPN you can be sure that the transaction result will always reach you because PayPal will keep on making an offline request to your IPN page until it has reached your servers.
Instant Payment Notification
The typical usage of the IPN is to validate the purchase and to let your script or management system know that the transaction is complete so your system can update any records you may have for your service.
But the most important part is that the transaction is validated.
IPN send all data about transaction to your server - price, items, contacts ... so you can check, if someone don't pay you only 1$ instead of 100$ and confirm your order. It prevets thiefs, cheaters, ... USE IT! ;)