We Keep Coding

Which PayPal API and product shall be used for card payments with auth and capture - api

How shall I integrate custom shopping cart app with PayPal to accept indirect credit card payments without forcing buyers to register at PayPal?
There's a custom shopping cart web application and the task has been set to replace current credit/dept card payment with PayPal. The goal is to let the customers pay with their cards via PayPal. However, there are some constrains:
customers should enter their credit cards details (number, expiry date, secure code) not in shopping cart's page, but PayPal's page,
every payment must consists of authorization (blocking total sum) and subsequent capture if the ordered items are available and can be delivered,
customers aren't forced to create / login to PayPal account if they wish to pay via card.
The trouble is I'm really confused with the number of possible options at PayPal. The choice between REST API and Classic API isn't that problematic, but choosing the proper product from the whole list (like Classic API products or REST API products) isn't that obvious for PayPal newbie. Some other similar questions point to DoDirectPayment (but I don't know if it's the best choice) or suggest Website Payments Standard (I'm not sure if they're still available).
I was also considering Express Checkout, but the demo seems to force to create PayPal account.

ExpressCheckout is designed to be used in concert with a direct credit card acceptance method (such as PayPal's DoDirectPayment, or a non-PayPal credit card acceptance method), although it can be configured to also do guest payments. This is why the demos of the normal configuration handle only PayPal account creation; that's the normal usage.
One key question you need to ask yourself is whether you want to have access to the credit card information & be the "merchant of record" yourself or not.
YES: Doing this gives you the most flexibility, but will require you to go through some merchant vetting and carries some security obligations (PCI) even if you are using some solution which tries to distance you from the actual raw card numbers (e.g. collecting them via PayPal or Braintree code and immediatly encrypting & tokenizing them). In short: if you want full access to the card, then you have legal obligations re: handling that account access which technology can reduce but not eliminate.
NO: If you are content to always treat your customer's card information at arms length through PayPal, via the legal structure of a PayPal account (whether the user actually has a PayPal account or is just doing a "guest" payment on PayPal where they give PayPal their credit card for one-time use) then you can reduce your vetting & security constraints (no PCI requirements at all).
If you want (or need) access to the customer's card [YES above] then the "classic" API solutions are either DoDirectPayment (for when you collect the card info) or Hosted Sole Solution (for when PayPal collects the card info on their page). HSS meets all 3 of your requiremens above; DDP fails requirement #1.
If you can live with access to the customer & the payment but NOT the card account itself [NO above] then you can use Website Payments Standard, or EC with Guest Checkout option; both meet all three of your requirements.
All of the above solutions are not only still supported, but have tens or hundreds of thousands of integrated merchants and are the biggest/mainstream ways in which PayPal payments are handled.
If you prefer the newer products & are in the first category above (real card access, not guest payments) then you can also use Braintree or the RESTful APIs. These newer products don't yet have as much flexibility & coverage as the older products, but hey, less complexity can be a good thing as long as they have what you need. These products are generally designed around plugins for your web pages rather than entering card information on PayPal's site, however, so they don't meet your first requirement.
You can also do PayFlow (several variants) or Adaptive Payments or or or.... but in general I would advise picking either the most well-established or the new-and-growing options as being better supported & more future-proof.

Now that PayPal has acquired Braintree, the preferred integration method is v.zero. It is designed to be very easy to accept PayPal, Credit Cards and other options. (Venmo, Bitcoin, etc.)

Related

I would like to make an API call to Big Commerce backend to complete a purchase on a customer's behalf. Based on the API reference:
https://developer.bigcommerce.com/api/stores/v2/orders#create-an-order
By default, I believe that one can only create an order that not yet paid by the customer. Please correct me if I am wrong.
So, my question is - How do you make a payment on behalf of a customer for the order? It is safe to assume that we have a tokenized credit card of our known customer in a payment gateway like Stripe.
My guess of how it could be done is when an order is created, I can set up a webhook to call the payment gateway to make a charge on the customer's credit card. Is this correct? Are there anything that I should watch out for?

Currently, you cannot use the BigCommerce API to process a payment or full transaction. We only allow payments through the control panel where you can enter credit card details or on the storefront made by the customer. If you'd like to make use of tokenization or recurring payments, it is better to use Rebillia or Recharge (apps).
As you stated, you would need to make a call to Stripe's API to charge the card on file with the customer's token. This should be fine. It won't make any calls back to BigCommerce, so I'd be mindful of error handling (such as if the card has expired) and how you'd retry or mark the order in BigCommerce. Depending on how it was configured, you would want to check order details to ensure you were only processing payments from API created orders.
I'm not sure of what PCI implications might be for the storage of the Stripe tokens. That would be another point for consideration.

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
Please explain the difference between all the different PayPal API's that are offered, and why they have so many different ones. If you were to build a new marketplace website in comparison to Amazon or Etsy, or an SaaS such as Volusion or Shopify, and you were to charge a per-sale fee, could it be done using PayPal's services? Also, do they offer OAuth, such as login with google, I see they have a permissions API what does this entale. And above all else, What is different between PayPal and Braintree they appear to be very similar from the outside?

I want to start off by saying, that even though your question regards PayPal I would probably off the top of my head tell you to look at a different service...(Stripe http://www.stripe.com was what I’d recommended originally, but I’ll teach that another day). But regardless, for now I’m going to limit my response to PayPal and what sort of Application Programming Language Interfaces (API)’s they offer; as that what you asked about, and that in and of its self is a good sized undertaking.
Over the years PayPal’s API has gone from being a very simple system to one of the best in the industry. It encompasses so many things that it’d be easy to get confused. So while your question is broad, I believe I can provide some bit of guidance.
It sounds to me that what you are asking for is how can you do split payments or mass payouts to your customers. I also must say, that it sounds very similar to a so called marketplace service, such as Amazon.com or many other major ecommerce sites. These sites generally act in a bit of a collaborative way, allowing customers to buy products from them, as well as sell products themselves. That’s not the rule, but rather just what has evolved in the online economy over the years.
First we need to understand what is an API, and what does it do, and how can it be utilized. We’ll also need to have a good basic understanding of how data driven websites work, and the concepts of how they talk to each other. In addition, you’ll want to have an understanding of the underlying languages needed to use an API. If you don’t possess this knowledge, I would suggest you’ll want to start there.
But in talking about PayPal’s API, it supports a wide variety, and includes NVP/Soap (which would be considered their “classic” API) as well as their shiny new REST API. Depending on what language your web application is being developed in, you’ll want to choose the appropriate language.
Next, you’ll need to understand the functions of what their API can do, and how it can be utilized to make your business work more efficiently and provide better services to your customers. Once you understand the functionality, you’ll be able to better understand how to achieve your end goal, and you’ll probably find some other things along the way, which you didn’t think of until you dive into it.
As you know, PayPal can In-fact provide the service which you’re looking for. In order to achieve that functionality, I think you’re going to want to research and become familiar with a few things. First, you’ll want to think about how many customers you will have, as this will be something that is important as you develop your service. For example, there are account limits on certain functions, and occasionally you may find that understanding what technology is available, will allow you to come up with better, more creative plans while in the architecture phase of your application.
As I said earlier, they offer quite a variety of different API’s to choose from, however, if your goal is to act as either a “marketplace” website such as Amazon or Sears.com, or if you want to act as a SaaS solution such as Amazon Web Stores, Shopify or Volusion. I assume that either way you go, you’re going to be wanting to allow your customers to get paid, and that to be realistic we need to assume that in order for your service to be considered as a realistic option, you’ll need to offer more ways to pay than only PayPal. Credit Cards, Checks, Bank Transfers, BitCoin, Etc. The list goes on. You might be sitting there thinking “Uh Oh” I just am not sure where to begin with that!” Regardless the fact that the original PayPal might not offer every method, as we learn when they say
“Our payments technology lets you accept credit cards, debit cards, and PayPal payments via mobile devices, computers, and storefronts”paypal
I assure you that there is no reason to panic. PayPal got its success originally by providing a service to small sellers such as someone selling on eBay and that was their niche for many years. As a result of being so successful in their niche PayPal to me is one of the services that has really helped contribute to making the internet be the internet we see today, they helped millions of people build businesses, and consequently they have grown over the years, and now offer a whole variety of payment services, each of them marketed as separate “products” and a couple that are even their own brands. While technically they are not a bank, (if we don’t count their subsidiaries), they are absolutely to be considered a giant in the payment industry. Yet when we compare their website to the sites of some of the larger banking institutions, we find it to be much more user friendly. In spite of the user friendly design, with so much to choose from, a novice can easily get
overwhelmed, and so for quick reference sake, join me for a semi-quick flyover of what services PayPal offers which can help an aspiring marketplace, or software as a service company.
Let’s start by reviewing some of the most common and in my opinion important services to be familiar with when it comes to using PayPal, and let me give a brief overview of what each is. When we’re done with that, we will go over which of these services will be best to use if you want to run a company with a web application that does split-payments, marketplace services, or any other service where by one might need to accept money from a third party, keep a percentage and forward the rest onto his client.
PayPal for a beginner who needs to accept payments from someone, but
may not need any sort of API access to integrate with.
PayPal Business – Used by the individual who starts selling more than he can on his personal account.
PayPal Here – Used to accept payments on your phone with a card
reader.
PayPal POS Solutions – Used as a cash register in a physical store.
PayPal Online Invoicing – Used to send email invoices to your
customers
The products we just listed may be a viable solution for some sellers, however this is about which API’s to use and which services can an e-commerce website, or a marketplace website utilize best and find the most benefits from. There are only certain options for API access. So as to not be confused, we will quickly go through them as well. So if your goal with using PayPal is to create the new Amazon.com Etsy or EBay, these are the services you should learn to use, and learn more about.
PayPal Accounts and Services for a more developed company, a start up
with a more complex application or workflow, or anyone who needs to
integrate PayPal’s services into their computer systems in some way:
** Paypal Payments Standard ** – This one is pretty self-descriptive,
however it is PayPal’s most e-commerce capable service. Learn more by
visiting this link
Express Checkout - Allows you to let a customer check out through PayPal from your shopping cart, and also allows you to build a shopping cart of
sorts within PayPal. Limited API access
PayPal Payments Pro is the type
of account that many e-commerce companies find they need in order to
utilize PayPal’s services, and it offers pretty good API access. If
you have a PayPal Payments Pro account, there are also a couple of
services which you can get in addition for a small extra monthly fee.
PayPal Virtual Terminal - Allows you to take a “phone order” from a customer and to enter charge card info in manually. Does not require a customer to know you are using PayPal.
Payflow Payment Gateway Fully Integrated Payment solution, comparable to a regular merchant account. Pay Flow, can actually be utilized with your own banks merchant services account but that’s a subject for another time.
While all of the services I listed above only allow you to accept the most common payment methods, in today’s online economy, we usually do want to accept more types, and as I said earlier, there is much more to PayPal than meets the eye, and they definitely have been spending their time and money spreading their wings. Thanks to a new service they recently rolled out, called Braintree, PayPal has evolved, they’re no longer the restrictive payment service that they seemed doomed to become for a period of time. Braintree is just one of their many “extracurricular” service offerings that they now have, and I while I don’t have time to go over them all today, I will touch on the few of those lesser known PayPal services that I find most useful to an e-commerce store, or marketplace website.
Braintree zero – Braintree was acquired from PayPal not that long ago, and has been touted as an “open source” payment system. They’re goal is to re-invent how payments are exchanged, allowing the process to become more seamless. It has very advanced API functionality as well, which we’ll discuss, and is definitely “the new kid on the block”
Paydiant – This one is complex, but allows for mobile payments, loyalty programs, and more. It is marketed to merchants, Banks, and Partners. To learn more go here. It’s not going to be covered in this post, but may be worth looking at.
PayPal also has services such as the service that was mentioned by the person who asked the question prompting this post, such as the way shopify has you give permissions to them. While I’m not sure of Shopify’s exact use for it, I can think of many. The way they describe it is
“PayPal offers several services to help merchants easily manage authentication for their customers in a secure way. PayPal services enable merchants to set up PayPal accounts for customers, configure and manage permissions for customers, store customer credit card details with PayPal, and also streamline the login process.”
Paypal Authentication Security Docs
The services that are available through the Authentication API include:
PayPal Vault – This service allows you to securely store your customer credit card and transaction information whether or not you’re payment processor is PayPal, Braintree, or your own bank. They describe it as
*”The Vault API provides a secure way to store customer credit cards. By storing cards with PayPal, you can avoid storing them on your servers.” *
While whether or not it can be used to directly accept card payments varies by country, it is still a service that can be a valuable asset no matter what.
The Identity API or Log In With PayPal – With this Customers can use
Log In with PayPal buttons to log in to your website with their
PayPal credentials. It is used for a few different things including:
Log In With PayPal – which allows you to authenticate customers into
your system through their credentials with PayPal, similar to the
Login with Google or other Open Auth systems on the market.
Seamless Checkout – If you use Login with PayPal, you can
also use seamless checkout, allowing as they describe it
“The PayPal Identity API supports the seamless checkout feature, which
gives customers the ability to directly checkout using their PayPal
account. Once logged in to your website through Log In with PayPal,
the buyer can seamlessly checkout with PayPal without the need to log
in to PayPal again.”
PayPal Adaptive Accounts API – “Use the Adaptive Accounts
API to build applications that create and manage PayPal accounts.
Merchants and developers can use the API to create PayPal accounts,
add payment methods to accounts, and verify a PayPal account status."
Permissions API – Last but not least, PayPal’s Permissions API,
allows
“…you to request and obtain authorization to make API calls
and take action on behalf of your customers. The service is automated
and easy to use, walking customers through the permissions being
granted and what they mean, minimizing the time required. Permissions
are organized in groups that are self-descriptive and help lower the
barrier to on-board your customers. When the customer finishes the
permissions flow, they are redirected back to your site.”
Permissions API is used for many things, which you can learn more
about through the link, but the most common are getting permissions
in a workflow, Disbursements or Payouts, Refunds, Recurring Payments,
Obtaining Transaction Information and Tracking Group Dues. For a
complete overview, see the PayPal Permissions Service Integration
Guide.
The final services I will cover are the payout services. These are the services that PayPal Offers to let a company that is a marketplace, such as a split pay transaction, or other business that needs to pay many people, disburse funds to them through a variety of methods.
Permissions API - One way as we mentioned earlier is to authenticate into the customer’s account and send disbursements within PayPal.
Payouts API - The Payouts API is a REST interface that enables you to not only send up to 500 disbursements in one API call, but also ensures you can easily send, track, and search for previously issued payouts. In order to get started with the Payout API, you should visit, and For More information as far as integrating it into your website, see Payouts documentation and Payouts REST API reference
PayPal Mass Pay API - With Mass Pay, you can submit mass payments
directly from your PayPal account or use the Mass Pay API to submit
them. Mass Pay includes NVP/SOAP API operations that enable you to
easily create a set of payouts by identifying each individual
recipient and the amount of each payout. With Mass Pay, you can take
care of commissions, rebates and rewards, and even make all the
general payouts that come with running a business. It’s important to
note, that with the Payouts API you do not necessarily have to be a
PayPal seller to use it, but with the Mass Pay API, you need to be.
PayPal Mass Pay API is one of the best options for a
marketplace business. Merchants use the Mass Pay API to send money
instantly to up to 250 recipients at once. To send payments to
multiple recipients, merchants only need the recipient's PayPal
account email address, the payment amount, and the currency code.
Merchants can manually upload a file listing payments or create them
programmatically using the Mass Pay API.
To get started with Mass Pay API, you should visit the “getting
started guide”
For more information on integrating it in your web application, you
should see: the Mass Payments User Guide
the Mass Pay NVP API Documentation
Or if using SOAP API, the SOAP API Documentation
You can also check out their section for Sample Apps at GitHub
Finally, let me go into some more detail regarding PayPal’s new service Braintree v.Zero. What is Braintree you might ask? Well, as paypal describes it, it is
“…a full-stack payments platform that makes it easy to accept payments
in your app or website. Our service replaces the traditional model of
sourcing a payment gateway and merchant account from different
providers. From one touch payments to mobile SDKs and foreign currency
acceptance, we provide everything you need to start accepting payments
today.”
So after reading that you might be thinking “This sounds pretty good, what types of payments can I accept with the Braintree service?” They also answer that question in a different point stating:
“Merchants in the US can use Braintree to accept PayPal, Apple Pay,
Android Pay, Venmo, Bitcoin and most credit and debit cards, including
Visa, MasterCard, American Express, Discover, JCB and Diner’s
Club.”
You will find while reading that question that you might have concerns about your locality and whether it’s available in your country or not. They give us that answer in pretty clear terms, stating
“Your business must operate out of a US, Canadian, Australian, Europe,
Singapore, Hong Kong, Malaysia, New Zealand-based office. You must
also have a bank account with a US, European, Australian, Canadian,
Singapore, Hong Kong, Malaysia or New Zealand-chartered bank. The
location of your customers has no effect on where you are domiciled.”
So after reading all that, I’d imagine you’re thinking, okay that sounds pretty good. So then which API do I use in order to integrate with it?” If we read a little bit more through PayPal and Braintree’s website, we will be able to learn that the Braintree V.Zero API supports a multitude of languages including:
“On the client side, we have a JavaScript library for mobile and
desktop web, plus mobile SDKs for iOS, Android, and Windows Phone. On
the server side, we have libraries in six languages: Ruby, Python,
PHP, Java, Microsoft .Net, and Node.js.”
And if you needed one last reason to seriously consider using PayPal’s new Braintree v.Zero API, it also seems that if you succeed in building your SaaS as you describe, you could become a so called “partner” with them, and be featured on their websites, and that’s something that definitely won’t hurt your SEO. To learn more about that just visit the links.
While looking at Braintree’s documentation, I see that if you want to run a marketplace or do split payments with them, that you will need to notify them and contact sales, but beyond that there is not a whole lot. From my experience, starting your account with PayPal and migrating into Braintree is the easiest approach. They actually let you know exactly what your responsibilities and their responsibilities are in that type of relationship by saying
“You maintain the relationships with the customers of your
marketplace, and Braintree will be there to support you every step of
the way. That means that you will work directly with your customers to
provide refunds and handle any chargebacks or disputed charges. You’ll
also be responsible for knowing who your sellers are, and ensuring
that they deliver products/services that don’t break any laws.
Braintree will back you up with all of the reports and information you
need to support your customers.”
PayPal also details how the Braintree API can be used for payouts, stating:
Braintree Marketplace streamlines payments for your market-style
business, enabling you to effortlessly split payments between you and
your providers. Marketplace is transparent and built for mobile
first, empowering you to build an elegant, custom checkout experience
on any platform.
Learn more about Braintree Marketplace features.
To learn more about the Braintree Marketplace services
visit
For the Developer Documentation on the Braintree Marketplace
API Visit Here
The last service I’ll cover are for larger accounts, and for paying out large numbers of customers at once.
PayPal’s Adaptive Payments API
With the Adaptive Payments API, merchants and developers can create applications that manage payments, payment pre-approvals, and
refunds. Merchants and developers also can send money peer-to-peer,
and can split payments in both parallel and chained models. The
Adaptive Payments API is robust enough to support numerous use cases,
including distributing payroll online, managing a storefront for
physical or digital goods, and tracking payments of group dues. Learn
more about the use cases supported by Adaptive Payments and how to
get started.
You can find developer documentation for Adaptive Payments Here
PayPal’s Adaptive Payments API
I hope you found my overview of PayPal helpful, and I hope this gives you somewhere to start while planning how to build your new web application. If you find that PayPal is not the service provider for you, you may also want to consider Stripe.com With all of the services PayPal has to offer, you may find it hard to believe there are companies that have certain solutions that might be better suited, however, in the case of stripe vs PayPal, I would say it’s a fair match.
Good Luck.

I'm considering setting up a eCommerce website and was wondering about the payment side of things.
After some searching I came across Stripe, which seems very similar to PayPal and Google Checkout.
I have a few questions about Stripe and eCommerce in general.
What do I need to take payments on my website? Presume that I have the shop set up, and the buy button in place. Do I need an SSL certificate, I've read something about being PCI complaint? What is and why would I need a merchant account.
Stripe appears to handle a number of things for me, and it stores the users card details. How would this work with things such as logging in to a website. Would I store the users email and password and then when they wanted to buy something Stripe would just handle the credit card side of things or would the entire user details be stored on Stripe.
Can you build and style your own payment form that then connects to Stripe or do you have to use their form on your page?
Do you have to upload all of your products to Stripe or can you store these in your own database and just pass the value of goods purchased to Stripe for payment?
What are the advantages/disadvantages of Stripe and is there any competitors that I should know about?
Thanks

Stripe requests that you should serve up payments pages over SSL. Anyone involved in payment processing must comply with PCI, if you use something like Stripe you will need to serve the payments page on SSL, but Strip will handle the payment info. Check out https://support.stripe.com/questions/do-i-need-to-be-pci-compliant-what-do-i-have-to-do for more details on what you'd need to do.
Not entirely sure on this front, perhaps someone else can comment?
You'll be able to style your page and use Stripe for the payment piece.
You can use Stripe's checkout or build your own (sounds like this is what you want to do) via Stripe.js.
Stripe is generally recognized as one of the most developer-friendly ways to accept payments online. They've worked hard to build a simple service that a developer can get up and running a matter of hours. Braintree is a competitor that may offer some valued added services and you might want to take a look at Balanced as well. I work at LevelUp, which has been used in conjunction with Stripe (as another payment method, similar to PayPal) and as a stand alone solution for apps processing online or mobile payments.

I've always been super confused when it comes to mapping between PayPal's APIs (both "Classic" and the new REST APIs) and the actual PayPal business products (the account level ones seem to be Standard, Advanced, and Pro; there's also Payflow Link and Payflow Pro which acts as a gateway; and then Express Checkout which seems to straddle everything).
Specifically, do the "accept and store credit card" bits of the REST API require an Payments Advanced or Payments Pro account (the ones that require a monthly fee), or is any standard business PayPal account eligible to use them?

For anyone else running across this, it looks like a Payments Pro account is required.
Accepting credit card payments via Rest API's would need a pro account. Please let me know your contact information, if you're interested to have a pro account. One of our sales executives would reach out to you.

I am so confused about the services and over here the paypal website also seems to be serving up 400's and 404s.
This is how the webpage looks for customers on my site when they are ready to pay:
As far as I know, I don't have Express Checkout, but I'm not sure if I have Website Payments Pro (my company created this account).
Now I have two questions:
1- This is just the sandbox. But on the real site, does this solution that give users the opportunity to pay by credit card? I've actually successfully done a credit card transaction in the sandbox, I'm just worried because I've heard that customers can only do direct credit card transactions in PayPal Website Payments Pro. The PayPal website is overloaded with information and I can't find my way around it to answer simple questions like this.
2- Is it possible to do negative testing for transactions on this page? Such as simulating the events that the user's credit card or Paypal account doesn't have enough balance? If it is possible, and I am using the ButtonManagerAPI, then is the technique below the correct way to go about it?
I put an error code in the amount variable that is passed on to IPN via via an NVP api call, like this (lots of value pairs in the middle excluded as irrelevant):
$nvpReq = "BUTTONCODE=HOSTED&..............&L_BUTTONVAR1=amount=".$err_code
EDIT
So it appears I have PayPal Website Payments Standard, which means I cannot incorporate cannot have credit card payment forms directly on my website, but customers have to be directed to PayPal. I'm fine with that, as long as customers have the option to pay with credit cards.

The screenshot looks like PayPal Standard, which is an HTML-only (non-API) integration.
Any regular business account that can receive money can make use of the Express Checkout API.. typically by authenticating with an API USER/PWD/SIGNATURE. For businesses with programming/development resources, EC is by far the recommended way to accept PayPal payments.
If you pass SOLUTIONTYPE=Sole in the initial SetExpressCheckout call, it will accept credit cards from "guest" customers who don't have a PayPal account, similar to the Standard screenshot you're displaying above.
The main reason to choose EC over Standard is that it's a much tighter handshake between your checkout software and PayPal's servers. With Standard's HTML-only, the customer is redirected away from your site and might not return to your site after a successful transaction is committed (they may stay on paypal.com and not click to return or their browser might crash before return --- whereas with EC the return to your site is built-in before anything touches the financial system)
With the recent beta of developer.paypal.com, all new sandbox Business accounts are full Pro accounts by default. Signing up for a live Pro account would be useful if, in addition to accepting PayPal payments, you wished to create a credit card entry form directly on your own site.
Here are some EC links for programmers:
https://tryit.paypal.com/guide/ec
https://paypal-labs.com/integrationwizard/ecpaypal/main.php
The button manager API is unlikely to be useful to you. And there are ways to do negative testing with the sandbox, but it's really not an important concern when you're still deciding on a product/API.