I'm working on a Software-as-a-service (SAAS) application that allows companies to manage supplier information.
What are the providers / vendors that can offer Billing services, including managing invoices, subscription, renewal and reminder for payment dues?
I find that building this from scratch will take a lot of time.
In addition to the billing, what other major components / considerations that I should look into in order to publish this application succesfully?
I have the following notes and welcome any suggestions:
1) Infrastructure : for scalability and maintenance, I use cloud computing so that I'm free from managing infra, especially for scaling up should the demand increase.
2) Security : I find that if I use dedicated server, I have to pay a lot more for security, such as Firewall. So using cloud computing will enable my application to 'ride' on the secure platform.
regards
We just came across this which looks pretty good - http://chargify.com/.
The biggest challenge with a lot of the billing systems is that you either end up with a lot of coding to do or they come up short with one or more critical features. Systems such as PayPal can't handle externally driven recurring billing for security reasons; you as a customer can agree to a subscription from a seller, but PayPal has to handle everything. Also, everyone having to have a PayPal or GoogleCheckout account to conduct business may be a non-starter depending on your audience. The traditional e-commerce merchant systems like AuthorizeNet and LinkPoint give you more flexibility, but you might have a lot of coding to do to push the transactions through the way you want, depending on your platform, not to mention more overhead in setting up the account in the first place. Amazon Flexible Payments Service stands somewhere in the middle, offering more flexibility than PayPal/Google Checkout, but still having the third party account limitation. Since you're doing a tool that manages customers' relationships to their suppliers, you may benefit from Amazon's ability to facilitate transactions between two external parties.
I've done development in this space using Java or Ruby on Rails. Ruby on Rails has a wonderful gem built by the people at Shopify called ActiveMerchant that makes credit card processing pretty simple once you have opened your merchant account with one of the AuthorizeNet/LinkPoint type of providers. Most of the merchant providers have decent Java APIs as well. You may want to look at something like Blinksale for invoicing, since it lets you put together pretty invoices and has an API.
Regarding cloud computing: I'm a big fan and it lets you manage the costs of scaling more easily. However, it does require in many cases that you solve problems of clustering and failover more quickly. For tasks such as batch billing that can be run through something like Amazon MapReduce, this isn't an issue; you bring up what you need, throw it in the black box, and get the result out. For something that requires continuous uptime, such as the web interface, you will want to evaluate whether it'll be cheaper to run a cluster of webapp servers in the cloud or just run 1 or 2 boxes at a managed data center such as The Planet or Rackspace. The right answer for you depends in part on the expertise you have available and the languages/platforms you're using. For the continuous uptime side, you may also want to look at a provider such as Morph that will host a Rails app in the cloud.
Please reply if anything I said requires further clarification.
Mosso (which is Rackspace's cloud subsidiary) has some basic billing capabilities built in - I am just in the process of moving my sites over, and client billing was one of the reasons I did. They only do CC billing, at least for now.
Related
My question title may not appropriate as I am not so aware of how to call it. I will appreciate it if anyone can edit to fits the query.
I am planning to build a web application where users will subscribe. For instance, CRM or Project management application. I want to have a separate instance and database with a custom domain for enterprise subscribers, and I may have a common database or instance for non-enterprise subscribers. The subscription will be handled through a marketing website, where all subscribers will checkout and have their own account.
Marketing website to subscribe
Application instance / website/ database / etc
Once the subscription period is over and it is not renewed, they will lose access. If they do not renew/reactivate for x time, the instance will destroy itself.
I am quite confident with PHP and MySQL, have some knowledge of AWS and Digital Ocean. I am planning to use Laravel for serverside. However, I am open to other languages as well, such as python.`
Can anyone help me to learn the best approach for the system I want to
make. Pros and Cons and things to be considered? Also, approach to make a mobile application for the subscriber where they can access their own instance.
Which requirements I am oblige to fulfil as self assessment part , as web-developer for eCommerce application. I have lots of SAQ,s (self-assessment-questionnaires) as part of PCI DSS.
What should be scope of concern throughout the development life-cycle.
Development
Testing
Deployment
Any other aspect you might think ?
Is there any open source tool to support this process (assessment and tracking) etc ?
Only an QSA can give you an official answer but I can give you some ideas.
How is the web app being used? This will help determine your scope:
Is it only for your own use? The best scenario is to use an iFrame or full page direct from a PCI compliant provider (generally the payment gateway), this could be SAQ A. If you need to do a direct post (i.e. the credit card details never touch your server) then you may be able to use SAQ A-EP. If the credit card number touches your server then it's SAQ D. Aim for SAQ A it'll save you a big headache.
Do you provide it for clients to use in their own systems where they have control over the code or servers? Take a look at PA-DSS.
Do you offer it as a service to clients where they have no control of the system? Then you'd need SAQ D service provider.
Take a look at requirement 6 to get an idea of what is need for the SDLC.
Tools-wise there's the PCI scoping toolkit, i'm not sure that's what you're asking for though.
I'm tasked with coming up with an e-commerce solution for a small, local business. My client uses Intuit/Quickbooks point of sale software. I've just discovered that Intuit has a series of PHP 5+ classes that allow interoperability (link for anyone else that may stumble on this: https://code.intuit.com/sf/sfmain/do/viewProject/projects.php_devkit).
The website will be hosted on shared hosting, so the two systems are split quite literally. Her desktop does have internet access.
So, my questions:
Is there a way for me to connect to her desktop via curl?
If so, is there a way for me to do it securely if I can't create a VPN on my host?
Now that I think about it, is there a VPN service I could use?
Any other security things I should be aware of?
Payment processing will be handled through Stripe (http://www.stripe.com). This is really just for inventory/order synching.
Your best bet is the QuickBooks Web Connector, along with that set of PHP classes you mentioned. See my specific comments below:
I've just discovered that Intuit has a series of PHP 5+ classes that allow interoperability (link for anyone else that may stumble on this: https://code.intuit.com/sf/sfmain/do/viewProject/projects.php_devkit).
It's worth noting that that library is NOT developed by Intuit (disclaimer - I'm the developer of that library). Intuit hosts our Subversion repository, but we're a separate company, and Intuit does not contribute to the actual PHP code. Intuit provides a Windows COM-based API only, we provide the actual PHP components so you can talk to QuickBooks from a remote server via the Web Connector, without the need to muck with COM.
We have a ton of information on our QuickBooks integration wiki which might be helpful - specifically the QuickBooks integration with PHP section and this overview of the QuickBooks Web Connector.
Consider grabbing the latest nightly build from the link you posted, and taking a look at this file:
* docs/example_web_connector_point_of_sale.php
It illustrates exchanging data between PHP and QuickBooks Point of Sale.
The website will be hosted on shared hosting, so the two systems are
split quite literally. Her desktop does have internet access.
This ^^^ is just fine, and a typical scenario. It's exactly what the Web Connector was designed for. The Web Connector essentially acts as a "dumb proxy" between a PHP SOAP service, and QuickBooks itself - it relays messages from your PHP app, over HTTP(S), to QuickBooks.
Is there a way for me to connect to her desktop via curl?
Not with Curl, no (though you could build one... but why reinvent the wheel?). The Web Connector is SOAP based, but your PHP components will be the SOAP server half, not the SOAP client half.
If so, is there a way for me to do it securely if I can't create a VPN on my host?
The Web Connector can use SSL via HTTPS to keep the data secure while in transit across the net.
Now that I think about it, is there a VPN service I could use?
Just buy an SSL certificate, it's easier. :-)
Any other security things I should be aware of?
Not beyond the typical web application security guidelines that you could find elsewhere on Stackoverflow.
If you're going to sync to a system like Quickbooks, don't do it real-time, do it in a batch process that is resilient to things like her desktop being turned off, the crappy office internet (compared to a datacenter) being slow or down, etc.
This ^^^ is great advice, and is exactly how the Web Connector works.
If you need real-time, Quickbooks running on a desktop is NOT the way to go.
In fact, if you need real-time, QuickBooks period is not the way to go. QuickBooks is a great small to medium business accounting software... but is slow and not reliable enough for consistent real-time communication. With that said... what you're talking about does not require real-time communication, so this shouldn't bother you.
Batching the orders isn't a problem, but how would I make even a batch process resilient?
The PHP code uses a queue with a status, so you can track what got processed, what didn't, what you got back from QuickBooks as a response ("Added a customer successfully!" vs. "Ooops, failed to add a customer because ..."), what error messages QuickBooks threw, etc. and then react appropriately with your code, or manually.
You won't need cron - the Web Connector can be scheduled to run, and it'll relay all errors and a ton of other information back to you so that you can handle errors, send out warnings, build reports to show to people about what failed/succeeded, etc.
We have a website which provides time-critical updates on changes in the value of FOO, and want to deliver notifications of new data via various IM protocols.
For reasons best known to themselves (and their parents), the FOO-traders use Yahoo! Messenger, MSN, gTalk, AIM, you name it. They want to receive their updates on their desktops so they can buy and sell FOO realtime.
We want to deliver the updates to them via the various networks, without investing a huge amount of time in supporting new networks.
I'm aware of services like RPX (or whatever it's now called) and Gigya, which allow you to authenticate across multiple websites. I want something similar, but which allows us to deliver IM to the same various networks.
The service should be able to readily expose access to notifications coming from a PHP (Drupal 7) website.
The website is a paid subscription service; we are not after a cross-network spam solution. I say this (1) so you won't hate me (2) because if we wanted to send spam, that would probably preclude gateway providers.
Self-hosted solutions like PHPurple are an option also, but I haven't found much online to recommend it as an option yet.
Support for other networks will be a bonus, although I haven't seen any of the FOO-traders use Twitter yet. We will also include SMS and email notification for added old-school cred.
Through Jabber server.
Set up Jabber server
Register accounts for all the services you going to use
Register gateways, all jabber servers support them
Test through GUI jabber client
Write a daemon (or get somewhere), which logs into jabber, starts up gateways, reads messages from somewhere and sends them right away.
There are command-line utilities, but they won't work, because server won't keep gateways connected unless on it's own.
XMPP protocol is quite straightforward and has many libraries.
For reliable SMS you might need to use other, 3rd party protocols or utilities.
I am looking for sandbox or test environment where I can learn:
How to deploy PHP applications on Cloud and learn about the basic of Cloud computing.
Like Paypal has sandbox for developers. Is there any such test environment exists for PHP programmers? I would like to know the path I should follow to gain knowledge in cloud readiness based on PHP.
Just to make it clear, I am looking for free service. If free or testing place is not available then very cheaper service is also good to know for developers point of view.
i would suggest trying Amazon Web Services as from some time they offer free usage tier for users http://aws.amazon.com/free/
We offer a free tier. You can have multiple apps and deployments for free within certain limits (max 1 box per hour and the limits of the free add-on options you may choose).
Feel free to try it at http://cloudcontrol.com and if you have any questions I'm around and happy to answer them.