I'm confused by the array of Paypal APIs and options out there. Can someone help me to identify a good starting point for a virtual/digital product option that can have some custom meta data associated with it? Here are my requirements:
I'm selling in-app credits/currency
I'm using PHP to integrate with Paypal
Each purchase must be able to attach some data (for example, a user ID and a product ID from my database) that will be passed back to me so I can identify which user purchased which product, so once it is verified with Paypal, I'll know how to give the digital product to the buyer.
I assumed that "Digital Goods for Express Checkout" would do the trick, since it seems designed for online/virtual/digital types of products. However, I'm having trouble finding a way to pass through the user ID and product ID with this option. I also looked at the example and library at https://github.com/thenbrent/paypal-digital-goods-php-examples but I don't see an obvious way attach this dynamic meta data.
Thanks for any help!
Actually you only want one id. Nothing more is needed. Before processing the order, you bind the id with your meta data (in a database like MySQL).
Then in the listener you can pull out the data using the id.
Hope it helped
Related
I am adding Google Wallet for Digital Goods to my simple Wordpress website. I have 5 products and do not mind if they need to be purchased one at a time (like Google Checkout). However, I am stumped with JWT.
I have downloaded the Sample App for PHP at https://developers.google.com/wallet/digital/docs/samples#iap-php and have identified the basics of changing my seller information as well as changing my first product (instead of the cake demo).
I still haven't figured out how to add more than one Buy Now button on a page. I assume that I need to add another payload in generate-token.php but cannot find any documentation on that. I sure hope someone with JSON/JWT could help me over this hump.
Another issue is creating a callback for each that allows me to redirect the buyer back to my website with the link and password to the download page. At this point, I'd appreciate answers to one of these 2 issues or both. Thank you in advance!
For each button on your web page you will generate a different JWT as the "name", "description", "price" and "sellerData" is different for each item:
https://developers.google.com/wallet/digital/docs/tutorial#1
You can set only one postback URL. The postback data will contain the JWT for the item purchased which allows you to determine what was sold. You can also place additional item information in the "sellerData" field:
https://developers.google.com/wallet/digital/docs/tutorial#5
I have a custom plugin that calls an API and adds some additional things to my orders at Woocommerce platform.
I had three scenarios before:
first time purchase, uses data submitted from the checkout form fields is used, e.g., $_POST['account_phone'], and everything went fine
subsequent purchases used the same principle
renewals used the order data from the initial orders, and acted like a single purchase is made
Now, the API has changed a bit and several new methods are available, which changes the scenario options above:
first time purchases go into two categories, new users at the API site, and existing users at the API site but new to this platform
remaining is the same
I have issue with the purchases for existing users of this site. First time purchase sends a request to the API, using the POST parameters. However, if a user is already registered, those parameters, like his cell phone number, should be read from the billing data he/she already entered. Thus, I need a way to tell the WooCommerce is this new user trying to buy something and registering, or that this is an already existing user that has his or her data entered. I can get this data from the initial order, or user's billing info, but can't figure out how to check what type of order is it and where WooCommerce should get those values from.
Thanks!
Managed to solve this via another way. The $fields['account']['account_phone'] was shown only during the registration, and simple change of that to $fields['billing']['account_phone'] makes that field "belong" to billing info, which is always shown, which is very convenient and makes no difference later when I check for input there.
I have created a basket where a user can add to and update etc. This basket has been built based on what product the user adds to cart obviously. The product itself is grabbed from the database and displayed in a table in the basket. How do I use Paypal from here? I now want a button called 'pay' that the user can click and then it takes them to Paypal to pay. But I want the details of the items to be displayed in Paypal.
I have signed up to paypals web standard payment. Obviously I don't need their add to cart buttons since I have got my own cart. I think I just need the buy button but as mentioned, I am not sure how to get products over to Paypal.
Can somebody explain what I need to do please
This broad of a topic is generally best suited with a quick Google search. Basically, find a paypal form (perhaps through Paypal's button builder) and edit the form's values to suit your needs. This can be accomplished with php or javascript quite easily (PHP is a bit safer as it limits tampering). Then users send the form :)
You can also create a link such ashttps://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=$business which will do the same as the full form (add all of the fields you want to send, of course).
Give it a shot - if you have more specific questions, post back with clarifications.
I have this small PHP/MySQL cart system that users add products to, checkout, and pay.
These products all have IDs on them so that when the user checks out,
I can get that product's attributes (price, weight, the vendor's account id, etc).
Right now it would be really easy for someone to open up Firebug,
guess another product ID, change it, and checkout.
What would be the best way to prevent this?
The store and the checkout system are on two different domains if that matters.
I could use something like a unique token
but how would that work if multiple customers could be using the cart at the same time?
EDIT: Wow, typed this too fast, left out some important details. The cart is currently represented as JSON that is being stored in a PHP session. All products have an account_id that associates them with a vendor's account.
The problem would occur if a user changed the product id and happened to get a product under another vendor's account (essentially purchasing another company's product from a different company's store) which would be undesirable. Thank you for the answers so far.
Use a server side session to store the cart details.
Every session gets a unique ID, stored in a cookie. All details (selected items, amount, etc) are tied to this sessionId.
By definition, you do not want different customers to use the same cart. Instead, every custommer uses their own separate copy of the cart.
If you need to 'share' the sessionId with some external service, instead calculate a separate unique key and share this key with the third party service (=checkout service in your case).
This ensures that you can uniquely identify your customer in communications with the thirds party, without the third party knowing anything about how you identify or communicate with your customer on your side of the fence. (the important thing to remember is, a sessionId is a shared secret, nobody else should ever know about it).
If you have access to the cart system, the proper way would be to have it duplicate the ID lookup and cost calculations before running the payment. That way, if someone DOES change from a $1.99 box of candy to a $1999.99 HDTV, they will get charged for the tv.
If you don't have access to your cart system, or you can't tell it what the products are and their cost. Get a new cart system.
As a side note: You should NEVER trust data that has come from the user. There should be no need to have to build in trusting the user. Just accept the IDs and run all the numbers on the server.
One way to do this is to use a hash. When they select a product and the form is rendered, take a hash of the Product Id and store it in a hidden field alongside the Product Id. When the 'checkout' post occurs, take a hash of the Product Id that is posted and compare it to the one that was sent out in the form. If they don't match, then the Product Id has been tampered with. I'm not familiar with PHP so can't provide a code sample but I've used this approach in ASP.NET and it works a charm.
Hope that makes some sense!
And what the threat is? If the client-side has only product IDs, then if they change the ID, they'd be buying different product, and that's all. Or your products are not available for all? If they aren't, you need to use random IDs so that they couldn't be easily guessed.
I think what you have to do is encrypt/decrypt your product id and use it.
you can use base64_encode() and base64_decode()
Hope this will help
I want to integrate paypal with my website.
I have studied the documentation available on paypal website.
My requirement is
A user selects a category, based on category course is populated,user selects course and discount. I want the user to pay through paypal according to the course selected. Also the data should be inserted into a table after successfull payment.
I have checked sample code also but i am unable to figure out how to accomplish this task ie how to make it dynamic according to the user choice. I think ipn would be used but not sure.
Plese help
Thanks
I don't think there is an option for that. Only configured prices.
The only field that doesn't have an price setup is "Donations"
Also in PayPal you can configure the stock that you have for every products, shipping price and tax.