I am implementing the functionality where user can withdraw money from their account via PayPal.
The problem is that I can't wrap these actions into a transaction, since one of them is a call to an external service (PayPal).
Could you please suggest how to make it atomically to avoid data inconsistency issues?
Related
In my firebase web app I need to set up a checkout session than last max 10min. Stripe cannot do that as the checkout session has a minimum expiration time of 1h. Are there other options available or a way to overcome this limitation? I basically need my app to handle only one checkout session at a time and only once a session is completed then a new user can make a new purchase request. I therfore I need to impose a short timeout for the checkout.
EDIT: another option would be to cancel all the created checkout sessions as soon as one is succesful.
No, this is not supported. If you want to enforce such a time limit, you'll need to build a custom payment flow to achieve this.
If you can provide more context around why you want to structure your payments serially like this, perhaps we can offer some alternative approaches.
Update: Not long after this answer, Stripe released the /expire endpoint (API ref) for Checkout session, allowing you to explicitly "cancel" a session.
Depending on the exact situation you have with parallel customers and payments, you should also consider using manual capture in case two customer manage to pay before you can expire the sessions. Manual capture would allow you to evaluate a completed payment and check for others before capturing the payment.
The firebase documentation includes a warning that if you use a kill switch to stop using firebase when a budget cap is exceeded, as follows:
Warning: This example removes Cloud Billing from your project,
shutting down all resources. Resources might not shut down gracefully,
and might be irretrievably deleted. There is no graceful recovery if
you disable Cloud Billing. You can re-enable Cloud Billing, but there
is no guarantee of service recovery and manual configuration is
required.
I'm trying to investigate what gets irretrievably deleted. Does the datastore get deleted when the kill switch is activated? Is there any opportunity to save data previously stored in cloud firestore, before the deletion takes place? Is there a way to download the database so that I can keep a back up in this scenario?
Please review the following reply from Firebase Team member(samstern) to gain more clarity on this:
these things are handled on a per-product basis and each product has different thresholds for quota overages and different procedures for what happens to inactive resources in a bad state.
For instance I know in Realtime Database if your DB is too big for the
free plan after you downgrade from a paid plan we will not delete
your data automatically. Instead you'll just be stopped from using the
database until you restore your billing.
However that statement clearly says that some products may delete data
if you pull Cloud Billing. It could be for technical reasons, it could
be for policy reasons.
If you want to turn off a product without risking this pulling your
billing account is NOT the best way to do this. It's the nuclear
option if you get into a bad situation and want to get out at all
costs. Instead you should use per-product APIs to shut down the
individual product or service and prevent future usage. This could
include doing things like flipping off APIs in the APIs console,
changing security rules to prevent all further writes, deleting Cloud
Functions, etc
The best source of information I've been able to uncover in answer to this particular question is a discussion on reddit which indicates that you can't recover access to your data, until you pay the bill (including blow out charges) - so maybe that buys some time, but if you don't pay, the project gets deleted. There may also be lost data for things happening at the time the kill switch activates.
I am a newbie to firebase and need some suggestions on structuring data.
I am designing a database for an application where multiple people may share a bank account and can update the status of this account. The group of people sharing this account may also keep changing. So, multiple people may perform actions which will influence the balance available in an account. I decided to list the linked accounts under each user so that one pull is enough to get a list of all user accounts once user logs in. If user is interested in details of a specific account (like balance) then I will go and fetch that child from accounts sub-tree. It all seems fine until I think about notifying users in a smartphone app if the balance associated with any of their linked account changes. Since the balance attribute is not under any specific "user" sub-tree, how to monitor for this change at the application level.
I don't want to bring balance attribute under "user" sub-tree or else I will have to find the duplicate copies and update all of them whenever balance of an account changes. Moreover this approach will not scale well.
Any suggestion?
I am integrating a payment gateway; this is the first time I am integrating payment gateway functionality to my system, I am using Authorised.Net for the payment gateway.
As I have successfully integrated it but I see the user has to enter the following values to purchase his item, and the transaction id is returned.
//post_values.Add("x_card_num", "4111111111111111");
//post_values.Add("x_card_num", CreditCard);
//post_values.Add("x_exp_date", "0115");
////post_values.Add("x_amount", "19.99");
////post_values.Add("x_amount", );
////post_values.Add("x_description", "Sample Transaction");
//post_values.Add("x_amount", txtAmout.Text);
//post_values.Add("x_description", txtDesc.Text);
////post_values.Add("x_first_name", "John");
////post_values.Add("x_last_name", "Doe");
////post_values.Add("x_address", "1234 Street");
////post_values.Add("x_state", "WA");
////post_values.Add("x_zip", "98004");
//post_values.Add("x_first_name", txtFName.Text);
//post_values.Add("x_last_name", txtFName.Text);
//post_values.Add("x_address", txtAddr.Text);
//post_values.Add("x_state", txtState.Text);
//post_values.Add("x_zip", txtZip.Text);
These values just fix his transaction and purchase of item, so my confusion is that if the web site owner put all this information into his database and made more transactions using his details, then what? Is it safe and secure, or something else happens that I could not figure out?
Here are some basic guidelines to follow:
Keep all information in your database except for the credit number. Never keep the credit number unless you feel that your encryption systems are safe.
Store Authorize.net successful or failed transactions
You need to create a transaction table where you will create a new line for each transaction, regardless of being the same user, or transaction result.
Encrypt some portions of the transaction: Address is good thing to encrypt. This will avoid identity theft if you ever get hacked.
Make sure all user passwords are hashed
Store the Web Site Database connection encrypted as well
Communicate with the database using only stored procedures. This should avoid SQL injection, if the stored procedures are built correctly.
This is how it is, website owner can put all the information into his database, if the transaction mode is present on the website, thats why I and I think most of others either do transactions from trusted sites or sites that redirect to some trusted gateway like paypal or authorize.net for financial transactions.
Thanks for the clarification. I'm currently working on a project that is using PayPal in this same manner. We store only the authorization code and transaction ID in our database.
In my opinion, the 30 seconds or so that the user will save by having their information stored isn't worth the risk associated with storing their information. If you're doing recurring transactions, the vendor will store the information securely for you (at least PayPal does) so there's no real reason to store the credit card information in your system.
[EDIT] As Imran pointed out, storing the last 4 digits of the number would be fine for display on a report.
You can do nothing to prevent the DB owner from misusing the information if they're storing it aside from contacting your credit card company and reporting fraudulent charges. The payment gateway has no idea who is inputting the payment details, other than ensuring the transaction is coming from one of their authorized customers (i.e., the customer authorized to use the payment gateway).
I am building site for a client in .NET. The site has a monthly subscription service, wherein customer pay for the services with debit/credit card details. Money will be deducted from the account regularly. Customers can cancel the subscription service at any time and the collection should be stopped.
Is there any service that I can use to accomplish this?
Any information on how to go about developing this will be much appreciated.
Thanks in advance.
If you want to outsource the entire billing system (which is certainly advisable, as they can be an extremely complex distraction), I would recommend working with a company like http://spreedly.com/ or http://chargify.com/, who do exactly this and provide an extremely simple API (especially compared to PayPal) to integrate with your .NET app.
Bear in mind that with these solutions you still need to bring your own payment processor and merchant bank account.
PayPal is ideal for this. See:
https://www.paypal.com/en_US/ebook/PP_NVPAPI_DeveloperGuide/Appx_SDKDotNET.html
Most payment processors I have worked with support recurring payments. This means that you don't have to store the credit card information. Typically you just store a reference to the credit card and just send the process the amount and the reference number to complete the transaction after the initial payment.
This is one of the companies I have worked with and their details of how recurring payments work. PayPal also does recurring payments.
Can i suggest you review all the other posts on SO regarding monthly payments? This search does bring back a number of questions that may be of help to you (it also brings back a few non related ones, just ignore those :)
If the merchant account is US based you should consider Authorize.Net's Automated Recurring Billing API. It handles the subscriptions for you and has a very easy to use API. They offer working sample code to get you started.