After cloning rest-api-sample-app-php and updating for my environment (db, client, secret, etc...) I can buy a pizza using the paypal payment option. I cannot using the credit card option, although I have a creditcard_id in the ppusers record.
The error happens in function makePaymentUsingCC($creditCardId, $total, $currency, $payment_desc)
I'm getting to makePaymentUsingCC and I can echo the params. This line fails (for lack of a better word) : $ccToken = new CreditCardToken(); I don't think the use statement use PayPal\Api\CreditCardToken; is finding the the file.
My main issue is not the pizza app, but my custom app is failing at the same point. So, if we can figure out the pizza app issue it will probably resolve mine too.
Oh, the error message from the pizza app screen is:
INVALID_RESOURCE_ID : The requested resource ID was not found
Thanks in advance!
A CreditCardToken is a reference to a tokenized credit card - essentially storing a card to re-use later without reentry, see https://developer.paypal.com/webapps/developer/docs/api/#store-a-credit-card
If you have stored a credit card in the vault, you can then use it for subsequent payments. If the credit card token used is not valid for your credentials then a INVALID_RESOURCE_ID is returned.
Related
We're currently using the rest API for PayPal (PHP) and everything was working fine in the sandbox. When we went live we continue to get the following message:
{"name":"INSTRUMENT_DECLINED","details":[],"message":"The instrument presented was either declined by the processor or bank, or it can't be used for this payment.","information_link":"https://developer.paypal.com/docs/api/#INSTRUMENT_DECLINED","debug_id":"8ad80896530bd"}
What does this mean and more importantly is there a reason this is not being caught as an exception in the php SDK. It seems to pass through without issues (using the exact same code as in the sample file for executing a payment). Is there a way to catch this?
Sounds like the payment method was turned down by the bank, or is not allowed for the attempted purchase. For instance prepaid debit cards are often now able to complete certain payments, and many cards are restricted geographically.
everything was working fine in the sandbox
The sandbox doesn't actually check with the bank whether a card is good, so it wouldn't have thrown the same error. The sandbox is for testing whether the code paths work as intended. The problem is not with your script.
In case other people look at this issue.
There is actually an official explanation and solution in the paypal documentation.
A buyer's funding source can fail for several reasons, including:
The billing address associated with the financial instrument could not
be confirmed. The transaction exceeds the card limit. The card issuer
denied the transaction. If a funding source fails, the Orders API
returns the INSTRUMENT_DECLINED error. Handle this error and provide
the buyer an opportunity to select a different payment option by
restarting the payment in the onApprove function.
https://developer.paypal.com/docs/platforms/checkout/add-capabilities/handle-funding-failures/
That will be a little hard do explain, but let me try:
I'm building an online store using Laravel 4 and now I have to create the payment methods and they might be completely different from each other and for each one of them I'll have to build a different number of pages (views), wich could be, as examples:
Credit Card
Get the credit card data (to, first, create a token).
Nice! It was accepted by the company and your token was created, would you really like to pay?
It was paid, thanks!
Credit Card
Get the debit card data.
It was paid, thanks!
Paypal
Jump to paypal site and wait for it to get back.
Stripe
Gosh, we still doesn't have it in Brazil. :(
Billet (Banking) I think this is something we only have in Brazil. It's is a document (like a bill or a fracture, here's an example: Billet) you can print at home (it has a barcode) and pay at your bank (online or in person). Payment is received in our bank account a couple of days after payment, so there's nothing we can do, just show the document and wait for a payment that may never happen:
Just open a new window with it, customer may print it or not.
And, of course, for each step there might be decisions to make, problems, error messages, retries in case of errors (credit card may say "try again" and I must ask the user if he wants to do it).
So how would you achitecture this, in terms of (mainly) views, controllers and services (or repositories or libraries...), the way we can at anytime add more payment methods to the list. Are there any Design Patterns (to add to the Repository Pattern) wich would help to design this kind of interaction?
If you want to save the request in a queue you can use Command pattern.
As per my understanding in this scenario after getting the credit and debit card detail we will swipe then we will jump paypal site then we will have the Billet these are sequence activity or these are request queue here we can use Command pattern and for the different pages of your credit card ,debit card etc we can use factory class to get the instance of credit and debit cards etc.
Modifications are welcomed.
I am saving credit card info to the paypal's vault by using REST API. It gives me a token by using it i can make process further. But the problem i have to use paypal's button [ButtonSource] that is tracking total sales via paypal. So how can i use both ?
one other thing by using token i am able to get all details of card that is saved. In case if my code will be compromised then any one can steal my tokens saved in database and get the details. How can i make it secure ?
Thanks
Here is some feedback from PayPal on this one:
The Parameter ButtonSource is a parameter of our classic API's and is currently not supported with the REST API. The Rest API's are still in early stages and we will see much more Features added over the next 12 months. So even the parameter might not be supported with REST now, it can be soon. However, with REST as of now, the merchant would need to use other parameters to track his payments.
one other thing by using token i am able to get all details of card that is saved. In case if my code will be compromised then any one can steal my tokens saved in database and get the details. How can i make it secure ?
Technically, if the merchants System is hacked and his credentials + DB is exposed to a third party, they can lookup details using this API:
https://developer.paypal.com/webapps/developer/docs/api/#look-up-a-stored-credit-card
However, we won't return the full card number and the CVV is not stored on our end as well. So from that perspective the merchant is grand. However, they need to make sure that their credentials are secured and not accessible for third parties.
groupon.com is a great example when you register they take your credit card information. once a limited amount of people have purchased a coupon a mass amount of credit cards get charged. what is the best method of doing something like this and at the most safest possible way? one thing that i will be doing is encrypting the credit cards in the db with an encryption method that salts the encryption and that i can unencrypted it to use it when needed. would they possibly have a cron that goes through at a period of time to check and see if the coupon time limit has expired then do a mass charge? i cannot wrap around my head to how something can be written that queues transaction charges to a merchant. i am thinking of either using authorize.net or paypal pro.. what do you think from what ive said?
Don't store the credit card information on your server. It would need to follow PCI DSS security standards:
http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
There's just no reason for it these days. A large percentage of payment processing vendors provide these services for you. You submit the information and receive back a token that can be used to charge the card at a later time.
Furthermore, you are not allowed to store the CVV code.
I personally work with Paypal as the processor, you need to request reference transactions (this will require a background check, probably credit worthiness related and is not guaranteed to be approved). In this way I can authorize a card ($1 authorization only is common and accepted practice) and later charge the card any amount that is appropriate (in our case we have a payment model similar to pay-as-you-go mobile phones). Upon the first charge or authorization I receive a token that I can late use to charge against the "referenced transaction" (essentially just copying the details from the original txn).
Another really interesting option that we looked into was www.paysimple.com, they now have a new API, an attractive pricing structure, and if memory serves, all of the above features.
Many others exist as well that you can and should research. Do watch out though, some card processing providers don't charge anything for the functionality described above (paypal doesn't), but some charge gobs of money for the service. Look, it's generally readily available info on the sites.
Start reading PCI Compliance and periodical payments parts of the source code of an open source cart like Magento. There is a lot to it, if you want to do it all properly.
I've been curious about this for awhile and could never find any good information. I used to work at a pizza place that did online ordering. The user would submit their card information and we would run it at the store. I was wondering if someone could give me an idea as to how this transaction took place. If it was PCI compliant, and how it would be sent to the printer. I could think of a couple ways but none of them really seem to be the correct way. I'm looking to do this in PHP. Thanks.
If I where to design this system it would be like this:
The customer posts the order and CC information using a webform over a secure link to the server (using php to generate the page and take the info back in).
The server would use a payment gateway and bill the card on the server (server side PHP script).
On a successful billing it would contact a application running on a box at the restaurant with what to print on the order ticket (only the last 4 digits of the CC info is sent to the restaurant)
Updated with Chris's suggestion
Another option is to use PGP to encode the credit card on the server with the public key. When the CC is sent to the store, it can the be decoded with the Private Key and viewed in order to charge it. But when you are passing credit card information around like that, you always run the risk of something going terribly wrong. It's always better to use a gateway and charge the card immediately or authorize the transaction and then go back and collect the funds by running the authorization number.