I have an ASP.Net website, and am attempting to re-implement our existing PayPal checkout flow (previously based on their Payments Pro product/SOAP APIs) to behave similarly under their Advanced Checkout flow with REST APIs. (PayPal is deprecating fraud filters in Payments Pro and it's forcing the change from a business perspective).
I've reviewed the PayPal v2 REST APIs. PayPal-based checkout is fine (and I have a working flow for it) but can find no means to directly accept credit cards for processing. The closest I've come is to use the PayPal.Net library and attempt to run the card as a FundingInstrument -- but this returns an "PAYEE_ACCOUNT_INVALID" in the Sandbox, even though that account Advanced Credit and Debit box checked in the app settings. I could simply direct all payments to the PayPal main page and let the user choose the funding source from there, but the user experience of doing a Visa payment this way is cumbersome and likely to lead to cart abandonment for users accustomed to simply running their stored Visa card as a method of payment.
The available JavaScript code I've seen appears to render the credit card buttons on the site by calling host code, and effectively executing the transaction entirely on PayPal's servers. If my own Javascript was better, I might be able to figure out the loop of how to stuff in the user's saved details into the rendered buttons, but I'd much prefer some sort of .Net-based solution. Has anyone had any experience building such a thing? Is it even possible in the current REST API?
Any pointers would be much appreciated--never had so much trouble locating sample code or resources for a project, and am starting to wonder if it's simply not supported...
Thanks,
-Pete
The best solution is to use Advanced Credit and Debit Card hosted fields. The CSS of these fields can be customized to match the rest of your site, but the actual number, cvv, expiry date fields are hosted directly by PayPal (in tiny iframes), which frees you from having to do a PCI SAQ-D assessment for that processing.
This does not give a solution cards you've already stored numbers for, however. You could vault all those cards, using the PayPal vault API and then later referencing each vaulted payment token to create orders with them. This way you'll be able to eliminate the storage of actual card information on your systems.
Related
Alright, A friend and I are developing an App where I'm developing the back-end and he is developing the front-end. The project is separated into two repositories the front-end and the back-end, and we need to implement a payment API.
Now, since we're using the REST API Concept, we communicate both ends through JSON data.
My question is, when we're making the connection to the payment API, who needs to execute that request? The front-end or the back-end?
I know it's a silly question, but first timer here.
The backend will obviously process the payment, I'm not sure which payment API you're going to use. But depending on the API you go with, the implementation will vary. But the actual processing of the payment will be processed in the backend for sure.
It completely depends on the API.
In some cases, a payment can be accomplished via a secure web service call, which would be issued by your friend's REST service. The front end will still need to collect data (e.g. payment amount and card number) and may also need to collect additional information to satisfy the API (e.g. IP address or browser signature, for risk management purposes).
In other cases, the payment is sent directly to the service from the browser. The role of your application would be to render an iFrame housing a page that is reached via SSO. The back end may need to call a service to retrieve an SSO token, or may have to compute an SSO token using a shared key.
You should probably refer to the payment API's documentation. They often have very specific guidance which you must follow carefully in order to achieve payment card (PCI-DSS) compliance. There is nothing special about "payments" that says that allows StackOverflow users to guess anything about its API.
What is the process of offline payment gateway. I got the one side process from internet.
User will enter first and final 4 digit of credit card and giving cvv code, filling other relevant details then submit.
It will reach to to the admin side, I want to know what is the process happening admin side for receiving and completing the process.
I saw some woocommerce plug in for WordPress, but I didn't clear what is happening in other side.
Thank You
I am going to treat this question as a business logic one more so than a technical one. Based on information provided, I see two possible scenarios:
Scenario One - Storing CC#s for later
You're wanting to collect credit card information to process later via a terminal. Like a POS system inside a store or a web portal where you can type in the information.
This would be very difficult to make compliant with PCI-DSS. The cost of maintaining a PCI complaint system, much less setting it up, tends to be prohibitive except for the largest of companies. You need to use a service, like PayPal, Stripe, Authorize.net, etc etc. Depending on the platform you're developing the website, all major credit card processors should have tools for a simple integration.
Scenario Two - Accepting offline payment methods
This would be a usecase where you want to allow users to pay via mailing a check or some other form of physical payment. This would just mean adapting your shopping / payment experience to allow an option to pay that method, provide a mailing address, and putting a hold on the purchase from processing further until payment is received.
This is what I have based on what was given so far, if I am off base, please elaborate!
I'm starting to use Paypal SDK to implement the payment service for a ASP.NET site. I wrote the code following the SDK example and everything worked fine, of course I'm managing the whole process (credit card data entry and submission included). The site owner however complained about credit card data management and thus asked me to re-implement the whole procedure without managing the credit card data 'internally' at all but leaving Paypal doing this part of the job.
This mean that NO data of the credit card should be entered in forms belonging to the site I'm coding.
As far as I can see (but I'm just a newbie in Paypal SDK) there's not a way to do what I'm asked for using SDK API calls.
Given my lack of experience I'm not sure about what I'm stating then I can only suppose that I'm missing something so... there's a way to do so trough API calls?
Best Regards,
Mike
What your site owner is likely asking you to do is to leverage PayPal's Vault API (part of its REST APIs) to store credit card information so your site doesn't have to. If you store the credit card information on your site, you have to ensure the data is stored in a PCI-compliant manner, which may be too costly for some sites. The Vault API will return a credit card token that can only be used by your REST application for making payments. The API also allows you to get the details of the credit card using the token, but will mask the full credit card number.
There are some examples on how to do this in the PayPal .NET SDK Samples. If there's a use case that's missing, feel free to let us know over on GitHub.
PayPal basics for ASP.net c#
http://www.codeproject.com/Articles/42894/Introduction-to-PayPal-for-C-ASP-NET-developers
http://www.codeproject.com/Questions/718003/How-implement-Strong-cryptography-with-associated
http://forums.asp.net/t/1977404.aspx?Integrate+with+Paypal+account+within+Net+project
http://www.west-wind.com/presentations/PayPalIntegration/PayPalIntegration.asp
We have a client using Volusion as a storefront/e-commerce solution. We need to export purchase data, including credit card information, from it into a fulfillment provider who will then run a customer's credit card only when/if the item they ordered ships.
We have access to the server running IIS, we have the API on the fulfillment provider side to send this data over HTTPS, and we can build a simple polling ASP.Net app that runs on the same PCI-certified server that holds the CC data that moves data from Volusion to the fulfillment provider securely.
What remains is how to get the data out of Volusion. We've had several answers and none have panned out:
Use the API. The API documentation is very light, and doesn't make clear how to get CC data out.
Fill out a verification form and you can "view" it. This came from their customer service department, but they were very shaky on details.
Query the database directly. It's not clear whether this is feasible.
If someone here has handled external credit card processing on Volusion before, we're interested in how to get this done. What the process is to get these fields enabled in the XML API and the format of those fields would be enough, or some other approach - whatever gets us to the finish line.
I am pretty sure that Volusion will not ever release customer's Credit Card information to you via an API or any other means.
maybe this will help you do more research:
http://devwiki.volusion.com/index.php/Customers_Export
http://devwiki.volusion.com/index.php/Orders_Export - the closest you can get is the last 4 of the CC number.
A better design pattern would be to charge the customer at purchase time, if the drop shipper cannot fulfill the order cancel the order and refund the transaction.
You cannot extract the credit card number through the Volusion API. The only way to do it is contact Volusion Support have them enable the displaying of credit card numbers within your Admin. They will probably have you sign a wavier that you will follow PCI compliance.
I am building site for a client in .NET. The site has a monthly subscription service, wherein customer pay for the services with debit/credit card details. Money will be deducted from the account regularly. Customers can cancel the subscription service at any time and the collection should be stopped.
Is there any service that I can use to accomplish this?
Any information on how to go about developing this will be much appreciated.
Thanks in advance.
If you want to outsource the entire billing system (which is certainly advisable, as they can be an extremely complex distraction), I would recommend working with a company like http://spreedly.com/ or http://chargify.com/, who do exactly this and provide an extremely simple API (especially compared to PayPal) to integrate with your .NET app.
Bear in mind that with these solutions you still need to bring your own payment processor and merchant bank account.
PayPal is ideal for this. See:
https://www.paypal.com/en_US/ebook/PP_NVPAPI_DeveloperGuide/Appx_SDKDotNET.html
Most payment processors I have worked with support recurring payments. This means that you don't have to store the credit card information. Typically you just store a reference to the credit card and just send the process the amount and the reference number to complete the transaction after the initial payment.
This is one of the companies I have worked with and their details of how recurring payments work. PayPal also does recurring payments.
Can i suggest you review all the other posts on SO regarding monthly payments? This search does bring back a number of questions that may be of help to you (it also brings back a few non related ones, just ignore those :)
If the merchant account is US based you should consider Authorize.Net's Automated Recurring Billing API. It handles the subscriptions for you and has a very easy to use API. They offer working sample code to get you started.