I'm trying to build up an android platform that takes in user credit card info and charge it on use without inserting the credit card details after saving one. But I don't seem to actually see any possible work ways in the "In-App Payment" SDK and I think I see it under Square's java SDK. But as researched in github, their official reply is that I'm unable to use java SDK in android app.
So I'm trying to figure out has anyone done this before or face the same issue?
In-App Payments SDK is solely meant for generating a card nonce on your mobile application. All other API endpoints must be done on a server or service due to security reasons (you don't want to store your personal access token within your application). Once you have that nonce, you need a server or service running that your mobile application will talk to. Ie the most basic is passing the nonce to the Charge endpoint to charge a customer.
On that same note, we have another endpoint called CreateCustomerCard, which you can pass the nonce as well as customer_id to in order to save the card to this particular customer's profile. So, at the very least you'll need to create a customer in order to have their id.
For info around saving cards on file, see this post: Hot to generate card nonce for repeated transactions without making users to enter card details?
Related
I am currently looking into the W3C Payment Request API as part of a project for a new e-commerce checkout flow (mostly for supporting faster check-out using Apple Pay and Google Pay).
From looking at the API specification's change history, it looks like this change instituted earlier this year removes support for requesting the buyer's address with a payment request. The documentation of our payment service provider still shows this option, and it seems to work for now. That being said, I don't want to rely on a feature that browsers might start dropping soon because it's no longer in the standard, breaking our checkout flow.
Does anyone know if there is a recommended new way to handle this via the API, or if it is advisable to move the collection of the buyer's billing and shipping addresses back to a form on our page even when using the payment request API?
As far as the Payment Request API is concerned, I think there three primary options:
Apple Pay
Google Pay
basic-card
As you may have seen, basic-card is being deprecated (https://blog.chromium.org/2021/10/sunsetting-basic-card-payment-method-in.html) so you probably want to avoid this option.
Both Apple Pay and Google Pay provide access to billing and shipping address, and can be accessed as payment methods in the Payment Request API, and both provide their own alternate APIs (Apple Pay JS API and Google Pay Online API).
I don't know about Apple Pay, but the advice for Google Pay is to use Google Pay Online API (which makes use of the Payment Request API when available). Google Pay provides a consistent API for browsers that do and don't support the Payment Request API.
Does anyone know if there is a recommended new way to handle this via the API, or if it is advisable to move the collection of the buyer's billing and shipping addresses back to a form on our page even when using the payment request API?
The guidance for Google Pay is to place the Google Pay button above manual entry fields and to collect shipping information from Google Pay so that users can users don't start filling in the form before realizing there was a faster checkout option available.
So prioritize the digital checkout options for users that choose to use it, and make use of billing/shipping information from the digital wallet APIs. Make manual form fields available (suggest that form fields also make correct use of autofill attributes) for users who don't have access to or choose not to use the other payment options.
Demo site available with this in action: https://paydemo.withgoogle.com
FYI, if you're looking to integrate Google Pay into your site and are using a JavaScript framework, consider using the framework specific components from Google Pay for easier integration: https://github.com/google-pay/google-pay-button
I am working on Stripe's React Native SDK to accept payments on my App. It's working perfectly when I am trying to add a card and pay. In the process I am adding setup_future_usage to save the card (payment method) for future usage. But I am not sure how to charge the saved card in future.
In the Stripe docs, they have mentioned about off-session payments and the recovery flow in case the off session payment fails because it requires authentication but I could not find any information about on-session payments with saved cards.
I have the PaymentMethodId and Client Secret (from the PaymentIntent) but I am not sure how to confirm the payment.
PaymentMethods objects are designed for one-time usage unless attached to a customer.
In this particular case, you'll need to attach the PaymentMethod created from your PaymentIntent to a pre-existing (or new customer). You can then pass the pm_xxx ID to confirmCardPayment.
Currently, I'm using the following third-party libraries to integrate with Braintree:
https://github.com/ferndopolis/react-native-braintree-card
https://github.com/kraffslol/react-native-braintree-xplat
But I'm not able to find any method to save card details. Is there a rest API call available to save card details?
Full disclosure: I work at Braintree. If you have any further questions, feel free to contact
support.
Both of the third-party libraries you linked to are wrappers for our client SDKS and have documentation that show that you will need to return the resulting payment method nonce to your server-side to use. A payment method nonce is a secure, one-time-use reference to payment information. It's the key element that allows your server to communicate sensitive payment information to Braintree without ever touching the raw data.
Braintree does not have a REST API at this moment, however you can use one of our server SDKS to run a Customer Create API Call, which will save that customer's payment information into the Braintree Vault. Additionally, you could run a Payment Method Create API Call as well to save the card details.
I am developing an app for iOS. I am planning to publish this app in app-store as free app. I would like to authorize app users via outside RESTful webservice. Is this practice against any Apple official guidelines and can be not approved by Apple app review?
The Apple Review Guidelines 11.1 states:
Apps that unlock or enable additional features or functionality with
mechanisms other than the App Store will be rejected.
It sounds clear, but I believe it is open to interpretation on behalf of their reviewers. My company has produced an app exactly as you describe and it not only passed but has been versioned up very recently. Like yours, this app consumes a web service and while the launch screen is public facing, the user must immediately authenticate on the screen after that to go any further.
Our app was not a good candidate for the enterprise store model, since the intention is to distribute to customers, not employees.
Also, and perhaps most telling, when you prepare to upload your binary the iTunes Connect portal has a place for you to enter demo account credentials for the testers to access protected content in your app. So I think you're OK. Screencap below taken from iTunes Connect.
UPDATE
Apparently, when submitting your app you can provide demo account information (#erikr98), implying that an app like yours could be tested by Apple and be approved in the store. I've seen apps like this and worked on them before, but was under the impression that you also had to provide some sort of functionality in the app outside of your "pay wall."
....
I think the answer is maybe. It sounds like you're hovering the line between a public app and an enterprise app. I'm going to assume your question could be rephrased like this:
"I make money from my customers through an existing process (probably on the web) and I want to allow them to use that functionality on iOS without giving 1/3 of that money to Apple via a paid-app or through In-App Purchase. If I build a free app and provide my current customers access to its content via their existing accounts (and through a login process) will Apple reject it?"
Apple's App Store Review Guidelines, Section 11, clearly states that if you allow users to upgrade the content, unlock features or abilities, or purchase content through your application, that purchase must be done through In-App Purchase.
However, in my experience I have found that Apple will not reject an application if it provides value to everyone, not just those with an account. If you provide some sort of benefit for someone without an account you stand a much better chance. In my case we had, 5 features available to the people without an account, and 10 features available for those that could login. Our app was approved and released to the App Store. This was last year.
Also, think about this from a reviewer's perspective at Apple: When you sit down to review an app, its probably not a good sign that you can't access any part of the app without a user name and password.
Look at the model that the newspapers use. Washington Post, for example, has a free app with a $15 In-App purchase that provides you access to their content. You get a limited number of free articles, first, though. See, they provide content for everyone even if on a limited basis. You can also sign into the application, which unlocks all content, if you already have a paying account.
I am developing an application where I have a section only for paid users where they purchase for the section using the in-app purhcase system in iOS. I know that I need to keep track of the purchase history myself, and this is where the problem begins. I have a database and I am capable of storing users in my database, with a web service interface. How can I create a system where a URL is pinged only when a user has made the purchase.
As an example, I have the URL:
http://example.com/registerUserPremium/userid=123456
How can I get this to be called only when a purchase is made? The most elegant way seems like Apple pinging the URL with a special user ID upon purchase, but I can't find a way of doing it. It is obviously not a solution to make the user call that URL within the app, as it can be cracked/pirated. What is a good way of providing such a mechanism that is piracy-proof. My service is web-based, so if I can get this part done, the rest relies on my server-side mechanism (the user will just send a special key that is stored in its keychain, to the server) so I'll be able to finish the project. In short, I need a way to call a URL only when a purchase is made. What are some possible solutions?
Thanks,
Can.
I see two solutions:
"Server product model" (doc): the appstore contact your servers every time a user makes a purchase. In this case you have all of the information right away.
"Builtin product model" (same doc) in which the application gets the receipt from the appstore. In this latter case you can contact your server special URL, providing the receipt information, and the server can verify that the receipt has not been tampered with asking the app store to verify (it's a simple post, see here).