Paypal express checkout payed more (issue) - api

Hy guys.
I just implemented the paypal checkout express into my website.
All went good until i had test it live.(without sandbox becouse they didn't send me the confirmation email and i cannot get the api credentials)
- i used my own paypal account.
My question is:
Step 1) call "SetExpressCheckout" with required data.
Step 2) get the tocken and redirect the user to pay 0.01 USD. (all good, user saw $0.01)
Step 3) get the buyer details ..."GetExpressCheckoutDetails" and save them (all good )
here is the big problem:
Step 4) call api: "DoExpressCheckoutPayment" with TOKEN, PAYER_ID ...etc also PAYMENT TOTAL AMOUNT
In this step i added the TOTAL AMOUNT by mistake as $500 - hardcoded , after finalizing the order the $500 were transfered to my account from buyers account instead of $0.01.
How this is possible ??? Why paypal doesn't check the total amount from setExpressCheckout with the total amount from DoExpressCheckoutPayment, becouse the tocken is the same one.
In my opinion this is a major security issue.

That is by design. SetExpressCheckout sets up the payment, but your application won't know (in best practice scenarios) the shipping address of the buyer until after you've called GetExpressCheckoutDetails. At that point you could calculate shipping and sales tax accordingly and add it to the order, display a final review page, and then call DoExpressCheckoutPayment with the final order amount to be charged.
So, yeah, whatever you pass in DECP is what's going to get charged, so you want to make sure that's correct.
As for testing, you just need to create an account at http://developer.paypal.com and then create sandbox accounts within that. You can get the API credentials for sandbox accounts by clicking on the profile of each sandbox account. No need to wait on any confirmation emails or anything. Not sure what you're referring to there, but I definitely recommend testing on the sandbox.

Related

Handling payments in react-native

So I am building an app with react-native (expo) where a user fixes appointment with some other person and to do so, he has pay the other person.
Now how can I handle payments here. What i want is the user makes the payment and the receiver should be the other person but how much i understood the payment gateways, the payment is received by the app owner or in simple words, receiver is a single person.
I also tried deep linking to directly take the user to some UPI app like google pay or paytm but it seems that those apps require some special type of account (merchant account) to make the transaction if we access them using deep links (which is a problem as it is not necessary that every user will have a merchant account).
As I said, it is always better that you have your own payment gateway account, and all the transaction goes through your gateway, meaning you get the money and you build a system which will forward the payment to the receiver. I have worked on 2 such apps:
1: Where we have our own razorpay account, and we get the payment first, and then we forward it.
2: Where in we were directly having transaction between 2 users, but not through app, instead we display them the account details of the receiver and give them 48hrs time to pay that account. But we had to manually handle this scenario since one cannot know if the user has paid to the said account, since it's not your account.
3: There is one more method where in payment gateway has a webhook which consists of a virtual account number, and every user that lands on your app, you can create a virtual account number for him/her and store the user-virtual account number relationship in your db, whenever there is a payment, you can find out about the user through this virtual account number. Read about this.
The deep link is a good idea, but again, as you mentioned, it will require the end user to be a merchant user(have a merchant account), you can find more details here
Maybe you can ask your users to create a merchant account, which again I am not sure if it's possible, and if it's possible, if it's feasible?
The best way according to me is, you handle this through your payment gateway, and instantly forward it to the user who should have received it. Again there are some rules and clause to it(some commission is taken by those payment gateway,etc), check those things out.
I think the most close answer to my question is to use razorpay routes where we can link multiple accounts with our account and transfer money accordingly.
More details here

PayPal Sandbox transactions are not showing for seller

I've used my live PayPal account to login to developer.paypal.com where I created 2 new accounts buyer# (personal) and seller# (business). I've implemented a PayPal plugin for a shop (CubeCart + PayPal Standard Payment Gateway plugin https://www.cubecart.com/extensions/payment-gateways/paypal-standard). When I complete an order (sandbox testing) I sign using buyer# email and password and complete the order. I can then click to view account and it shows "payment to", "unclaimed" and the amount I've paid. When I logout of this account and login as my buyer#, I see no transactions. If I log back into developer.paypal.com and go to transactions under "Sandbox" section and select any of the email addresses I see the same statement for all of them "You don't have any transactions".
If I login to sandbox.paypal.com using james-facilitator# account (business) there are no transactions here either.
If I login to sanbox.paypal.com using james-buyer# account (personal) there is only the one initial transaction here for the initial 9,999 funds
I've obviously missed something but I can't think what, I'm not sure how a sandbox account knows who it's seller should be but I've checked both sandbox seller accounts. I find it strange that the buyer account I used has registered the transaction but it seems like it's orphaned as there isn't any other record of it any where else including the developer.paypal.com sandbox transaction. I've tried this several times to see if I could get it working and I've also allowed for 24 hours just in case there was a delay somewhere.
I just want to be able to test transactions before going live.
Any help/advice?
Much appreciated :)
Cheers
James
Solved - silly really now I know but it was simply the email address I used to test the API. I used my main live account and I should have used the fake email address in my API call. Since my live controls the test accounts I assumed that this should have been used.

Can the PayPal API track inbound payments in real time?

I'm planning to create a web application that allows a user to track donation amounts to their PayPal account that are posting in real time towards a goal.
I need to know...
A. If it's possible
B. If the path I'm using is the best path
c. What is the best path is b isn't.
The flow would work like this.
1) User visits site and enters their PayPal Email address / password / goal donation amount. I'd then be able to make api calls on behalf of this user.
2) I'd use the API call and make a webhook on this users account for when donations come in (The webhooks only say it can fire when sales come in, but maybe donations count as a sale?)
3) I'd have a function on my website ready to accept the post data and update the tracker.
So if the tracker starts out saying 0/300 (user entered 300 for goal amount at the start), then a 15 dollar donation comes in it will update to 15/300, and if another donation for 5 dollars comes in it will say 20/300 etc...
Thanks for any suggestions / help!
Instead of using the user's PayPal email address and password, PayPal has something called a client id and client secret. These work like passwords to make API calls and allot safer than asking for the real email address and password from your user. If you revise your #1, then it is certainly possible to make API calls and receive webhooks just like you described.
Link to PayPal Authentication & Headers: https://developer.paypal.com/docs/api/#authentication--headers
Link to PayPal Notifications for managing webhooks: https://developer.paypal.com/docs/api/#notifications

Shopify / Paypal Express: Shipping cost not showing until after payment

Ok so I got the following problem with my Shopify shop: Because my shipping varies based on weight paypal does not show the shipping rate until after the customer has logged in and paid for it. It then gets send back to Shopify where it receives the message that it will be billed an additional $10 for shipping, which already got me some complaints.
So what I want is that it will already shows the shipping cost before the customer logs in and pays for it. I imagined that more people had this problem and perhaps found a solution to fix this?
Thank you
There are a number of ways to handle this with the PayPal system, but I'm not sure if Shopify is open enough for you to make any changes. You'll probably need to ask them how it's configured and see if you have any option to adjust it.
The standard flow for Express Checkout is that you would show the user their cart and any fees you've gathered at that point so you can generate the subtotal. Then you send them over to PayPal where they login and agree, and are then sent back to your site. Back at your site you would obtain the shipping address from PayPal and you could then display a final review page that breaks down any additional shipping, tax, etc. that might be applied now that you know their shipping address. No money would actually be charged until they approve this final review page.
In order to skip the additional review page on your own site, PayPal introduced the Instant Update API a few years ago. This gives you the ability to generate a web service that PayPal's review page will call and send the shipping address so that the service can calculate shipping and tax and return it back to PayPal. The PayPal review would then update accordingly so the buyer can choose their shipping option and see the grand total on the PayPal review page. That way they can finalize and would still be returned to your site, but you wouldn't need to show another review. You could simply show the thank you / receipt page.
I'm not sure if that first method I outlined is in fact what you're getting..?? It sounds like you're saying that Shopify is skipping the extra review, finalizing the payment, and then simply notifying the user that more money was charged than they agreed to. If that's the case, I would say that's very sloppy checkout design.
Again, though, as Shopify is a hosted solution, you probably won't have the ability to adjust this on your own. It's possible they have the Instant Update API available, though, and maybe you just need to enable it..??
You'll need to check with them for more details about your options.

variable monthly charges to users

I have a situation where I am to bill the site users monthly. But the invoice amount that is raised depends on the the leads that our site generates for his business. For example if the user gets 5 leads from my site and I charge him $10 per lead, at the end of month he will be charged $50. similarly leads might vary each month so will the amount.
Now I cant store his cc/ paypal credentials on my site for security reasons nor can I pre bill him or ask him to take credits and then use it. Please let me know the way to handle this situation. How can I handle this using paypal?
There are a few different ways to handle this, but I would recommend Preapproved Payments, which are part of the Adaptive Payments API.
With this method your users would create a profile with you (using the Preapproval API) when they first create their account on your site. That will give you a preapproval key that you can store with your user account. Then in the future when you need to bill them you can use the Pay API with the preapproval key to process funds immediately without further approval.
If you're working with PHP my class library for PayPal will make these calls very simple for you. You would just use the Preapproval.php template to setup the profiles for people, and then use PayWithOptions.php to process payments using the preapproval key(s) accordingly.
If you end up using it and need more help you can contact me directly for support.