I want to add non gateway payment method other than of check.
As per my current scenario, I have my own payment server (other than of any payment gateway/check option) where I want to send the request for any product payment.
The only thing that is source which is getting nil. so do we any better way to achieving this scenario.
Related
I have e-commerce site that I am currently decoupling so it serves as pure backend.
For shopping cart to become an order there is a workflow(checkout) in place that the customer has to go through to place an order. With the checkout now being a backend service I wonder how should I approach it.
Specifically, each new order has to have: items, billing address, delivery address, payment method and shipping method. Admin can create additional fields, alter the flow(order of steps) and so on. With API-centric architecture, I am not sure how to communicate the flow with frontend.
Sure, the frontend will handle the flow, basically, on its own. But for example in the backend logic, the shipping method depends on the provided delivery address and payment method depends on the billing address - to prevent use of cash payment method for customer form different country or to use local bicycle carrier for international destination... for example.
How should I communicate to the client what data are needed, in which order(dependencies), what data I already have and what additional data has to be provided?
You basically handle this with exceptions if the front-end does something out-of-order. The statefulness of it means that you need to create something, then modify it multiple times. If you want to enforce this, you would basically create an order (with items),
POST /orders <new order>
POST /orders/<ordernum>/items
POST /orders/<ordernum>/billingaddress
POST /orders/<ordernum>/shippingaddress
GET /orders/<ordernum>/availableshippingmethods (throws an error code if billing address not set)
GET /orders/<ordernum>/availablepaymentmethods (throws an error if shipping address not set)
POST /orders/<ordernum>/shippingmethod (throws an error if billing address not set)
etc... Just set up your step dependencies, and throw errors if they do it wrong.
This way the business logic stays on the front-end, and the API requirements for the flow are fairly self-describing (trying to get the shipping method tells you what you forgot to do).
I have an application that requests Credit Card information to do a payment to a third party company.
My application captures the CC, CVV, Expiration Date, etc. and then passes that information to their API that charges the customer.
I've been reading about PCI Compliance but based on the following image, I am not quite sure what level of compliance I would need to meet.
Lastly, I would like to figure out what would be the best options for me in case I have a new purchase from the same client. Since I am not charging the customer but the third party does, how would be the best way to store the payment information so user doesn't need to enter his information every single time they want to use my service? What would be the implications of storing payment information on my servers from a PCI compliance point of view? Is there a way where I don't need to store the payment information for the user but I can pass their information (if they are a returning customer) to 3rd party API and still being PCI Compliance?
Since you're building a web application (even embedded into Facebook messenger), if you're building out the form that collects card data, you're going to either fall under "Shopping Cart - Payment Page Direct Post" (which is A-EP) or "Shopping Cart - Payment Page Not Outsourced" (which is D-Merchant). You really want to be under A-EP if you can, but you may not be able to.
The difference between the two is whether or not the card data crosses through your servers. With "Direct Post", the web page itself sends the data (usually via HTTP POST) to the payment API, and you have no way to capture it. With "Not Outsourced", the data comes back to your server, which then calls the payment API and passes it along. In that case, you're going to have to go through the entire D-Merchant questionnaire (by far the longest, other than D-Service Provider), and probably have a special environment set up to prevent anything from trying to read the card data as it transits your server.
There's really no part of the card data that is worth storing to try and identify a repeat purchaser, because you won't have the payment data to actually complete a payment. Instead, you should see if your payment provider provides any type of "token", which can be used to identify that payment data later. If so, you can associate that token with the customer (however you identify a customer) and reuse it when they return.
Further reading: https://www.pcisecuritystandards.org/documents/SAQ_InstrGuidelines_v3-1.pdf
I would like to make an API call to Big Commerce backend to complete a purchase on a customer's behalf. Based on the API reference:
https://developer.bigcommerce.com/api/stores/v2/orders#create-an-order
By default, I believe that one can only create an order that not yet paid by the customer. Please correct me if I am wrong.
So, my question is - How do you make a payment on behalf of a customer for the order? It is safe to assume that we have a tokenized credit card of our known customer in a payment gateway like Stripe.
My guess of how it could be done is when an order is created, I can set up a webhook to call the payment gateway to make a charge on the customer's credit card. Is this correct? Are there anything that I should watch out for?
Currently, you cannot use the BigCommerce API to process a payment or full transaction. We only allow payments through the control panel where you can enter credit card details or on the storefront made by the customer. If you'd like to make use of tokenization or recurring payments, it is better to use Rebillia or Recharge (apps).
As you stated, you would need to make a call to Stripe's API to charge the card on file with the customer's token. This should be fine. It won't make any calls back to BigCommerce, so I'd be mindful of error handling (such as if the card has expired) and how you'd retry or mark the order in BigCommerce. Depending on how it was configured, you would want to check order details to ensure you were only processing payments from API created orders.
I'm not sure of what PCI implications might be for the storage of the Stripe tokens. That would be another point for consideration.
I'm using Paypal rest api to make payment
the workflow is:
Create payment
Redirect to approval Url
User approved (return back to my site)
Execute payment
But there's one thing that I don't want users re-filling shipping address again because it was filled in my website.
So I change the workflow to:
Create web profile (set no shipping field)
Get web profile ID
Create payment with experienceProfileId given
Redirect to approval Url
User approved (return back to my site)
Execute payment
But I found this will create a lots WebProfile every time user request payment.
I think it is crazy to do:
create and delete it later again and again
attempt listing WebProfiles and check which is the one I want to use every time while creating payment
store experienceProfileId as a constant
What is the best practice for handling WebProfile or does there any solution just hiding shipping address while user approving payments?
Maybe this is not the answer regarding this "WebProfile". As a fact, I dont know what exactly "WebProfile" does or is.
I worked on the same Workflow these days. As you wrote I needed to predefine some address. For me it was obvious, that I have to do the database-stuff on my Website. Then I exactly define the order, shipping_address, etc. and send the users to Paypal.
If you predefine the new ShippingAddress() to your ´new ItemList()´ by
$itemlist->setShippingAddress($shippingaddress) the user cannot change it within the Process.
http://i.imgur.com/nAg8jxU.png
Maybe this helps you a little.
Consider the following use case
1. User selects a product to purchase on seller's site
2. Clicks on net-banking option and redirected to his bank website
3. Successfully makes the payment.
4. But before the payment gateway redirects him back to seller site the browser crashes.
5. Seller site reports that payment is not recived but the bank reports that payment has been made.
What are the best practices to handle such cases?
Return money to customer or deliver goods. Should be a rare occasion, and I dont really see it possible as automating.
What you could ALSo do is regularly check all open / pending payments from the website (as: the user was sent to the bank, so I can check in an hour whether I simply missed / never got the callback / for the payment.
Imagine 4 is : User closes interface and browser never returns.
The payment gateway should have an API to keep and identify those, including whether the payment was finally aprooved.