Payment gateway integration using redirection method - react-native

I have implemented a payment gateway in react-native which does not have any SDK/library for iOS/Android, it does have the payment API with the option to pay using web redirection method. I have another restriction, whereas the payment vendor does not provide any confirmation API. Upon payment, the only option I got is to redirect user to a successful page or using payment success web hook.
Currently It is implement following way
1. User request for a payment
2. Send request to our web server (not payment server).
3. Our web server generates the payment redirection url and pass it to mobile app
4. Mobile app opens a web view and show user the payment page.
5. Upon payment, we configure the URL to redirect user to a success URL. (protect it using a randomly generated token which is verified
upon payment)
6. Mobile app detects that users got redirected to payment success page and confirm that payment is done.
The issue is, sometimes there is a network interruption resulting in payment not getting confirmed by our web server after the payment is done. In such cases I think web hooks will be appropriate solution. However, I am not sure if this is the best way to deal with this.
Anyone who have implemented a payment gateway using the redirection method. Is there a better way or a different way to deal with this?
Thank you.

Related

How to verify the Access Token on the Shopify_App splash Screen

When the app review team uninstall and reinstall my app with their automated tools, they are getting an error because the uninstall webhook has not yet triggered the delayed job to delete the Shop record. I think that's then tripping up the install process because it is finding the old shop record with an invalid access token.
I've been advised that:
You should not be relying on an uninstalled webhook to determine a shop's status with your app. instead, each time a shop hits your app,
you should make a request to your server to first determine if the
access token you have for them is valid (if so, they have your app
installed - if not, redirect to OAuth) and then from there check for a
valid charge ID using the billing API (if not, redirect to billing
page).
How should I check the api key validity? When the app is installed they are redirected through splash page, so I need to somehow know if it's a new install and if it is, check the access token somehow?
It's really hard to tell what's wrong without knowing your architecture or request auth flow, so the solution could be somewhere else. Embedded apps redirect to shopify domain where Shopify checks if app URL is added to the store. If not it will return "There is no page at this address".
Answering your question -> the easiest way would be to make an API to /admin/shop.json request and see if you get a 401.

How to implement PKCE flow with an additional website between a mobile app and Auth0

I have an interesting case where user onboarding is designed the following way:
Users download the mobile app
Once they click "Sign up" they are be redirected first to a website to check if they are actually eligible to sign up (it's basically some kind of survey)
Once they are eligible, they are redirected to Auth0 to log in (the previous step will create a new account if they pass the eligibility checks).
Now, after successful login, the user is redirected back to the app.
That's the theory. Now, before we try to implement it, here are the questions:
a) Is the last point possible in this scenario?
b) If so, is this just a matter of setting a custom URL scheme as the redirection callback so the app will be open on the user's device?
c) Will it be easy then consume the id token and access token by the app so we can call the API?
d) Can https://pub.dev/packages/flutter_appauth be configured to work with this scenario where we have an additional website in the middle of the process?

How to log in to PayPal Sandbox account as buyer (using REST - Postman)

My purpose is to automate (as buyer) login into PayPal Sandbox(1) and confirm payment(2) using REST requests (with Postman) after being redirected from third-party payment service.
From there a got a link like: https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-5AU897953H105581R
I have login and password for buyer account.
I was able to import request from devtools network and it leads me to confirm form, but I cannot make it generic. I found out that the minimum body values are (on screen), but there are some changes in cookies at headers. I am not sure if my approach is even correct. Do you have any ideas?
If you find out the first very easily, maybe you will also have some tips for confirming payment.
I already searched a lot for answers. There are some instructions for sandbox API, but it looks like it needs clientId and secret(?). See those on the PayPal Sandbox development page, but I do not have credentials for dev dashboard, only for my test customer.

Integrating PayU payments gateway

I am trying to integrate PayU payment gateway on my website, referring their documentation.
They are recommending to use merchant key as a hidden input field but should i really put my merchant key on the frontend as a educated user can easily find it out. I tried making the payment request from my backend and sending the HTML recieved to the user but the script file is not loading is stuck on the loading page. What can i do to load the script file so that it redirects to the payment page.

PayPal - switching from Sandbox to Live account using REST API

We tested our web application successfully using a sandbox REST API account (and test credentials).
When we wanted to put the application into production (using REST API live credentials visible on the same PayPal web site where the sandbox/text credentials were shown), we received an error from the production PayPal server on a live credit-card transaciton:
Error code : 401 with response : Server returned HTTP response code: 401 for URL: https://api.paypal.com/v1/payments/payment
We have a Business Account that is not yet 100% verified (75% verified at the moment), so we are not sure if this is caused by some technical issue or the fact that the account is not yet 100% verified.
PayPal web site is quite confusing and the process of moving the app from test to production is not clearly explained. It seems that they are migrating from some old web sites to new ones and the user is prompted to login multiple times, redirected to different URL-s... E.g. we can see our application test and live credentials on the developer.paypal.com, but not on apps.paypal.com where no apps are listed, even though the same user is logged in (owner of the business account)???
For future readers, you have to use Live Credentials, on https://developer.paypal.com go to My apps and in App details there is a link at a bottom of the page :
Click on that link and you will see live credentials.
You now click on your sandbox application and then click live at the top of the screen to get your live credentials.
For the PayPal REST api use the credentials provided on developer.paypal.com (new version of PayPal dev experience). Live calls require the account to be vetted which includes fully verified.