I'm trying to create an application using Java with PayPal.
Scenario: There is a webshop, a buyer and my application. I want to create the application such that the buyer and the webshop firstly give the app permissions to pay and receive money respectively. Then in the future when the buyer buys something from the webshop, my application has all the information needed to execute this action without involvement of the buyer or webshop.
Now there are two things that are not clear (and I can't find it in the PayPal documentation):
Using the Permissions API you must select the GroupIDs to get permissions for the different API sets. I don't know which one to select for the buyer or for the webshop.
Then, using the authorization header, you can perform the API call. In the case of the buyer, I want to perform a PayPal payment (NOT using a credit card). How do I do this? Which API call do I need to call? (something in Adaptive Payments maybe?)
Thanks in advance.
Classic API has a third party authorization system you can use.
When you give permission to a third party, you grant access to specific information that is account-related or transaction-related and may also be authorizing the third party to take certain actions on your behalf. These services allow the third party to make different kinds of payments, refund payments, search for transaction data, and more. You should be very selective about the type of access you grant to specific third parties.
Once you have obtained authorization, you can then run calls for their PayPal account on their behalf. The catch there is that you can only do what they have authorization for. So if, for instance, you want to run cards on their behalf, they would have to subscribe to payments Pro.
Related
I have a website and my own server and database, I also have an native Android app. I need to allow users to be able to sign-in with their account from the website inside the app in order to sync information and other things they need to use. I've been stuck for a couple of days trying to figure out how to do that. I've found a lot of content regarding OAuth and AppAuth but they are focused on using an OAuth API to the job. Back on my server, I use Hybridauth for social login, but users can also register directly on the site. How would be the proper way to allow my users to sign-in to their website account through the Android app?
You're overthinking it. OAuth isn't meant for users to log in, it's meant to enable external services to access data on behalf of a user.
To make a user log in? Create a POST endpoint on your webservice named login. It should take two parameters- username and password. The body of the login service should salt and hash the password, then check if the hash equals the hash stored in the db for the same user. If so, you're logged in and you return a success packet with a unique token to authenticate you for later requests. If not, you return a failure. The Android app would ask the user for their data, then send a request to the endpoint. On success it saves the token and sends it in all future requests to authenticate yourself, either as a parameter or as a header.
This is of course the simplest possible version. More advanced features would include expiring of login tokens, refresh tokens, possible lockout if you have too many bad requests, etc. But the above is the basic idea. Although really I'd look for an open source solution you can take, as there's quite a lot of complexity when you get into all the stuff mentioned above, and its a place where a mistake that leads to a vulnerability is probably the most dangerous.
Good day to all. I'm currently integrating PayPal payment gateway (BackEnd) in one of my projects. This is my first time working in a payment gateway. I want to integrate 3D Secure authentication using Orders API of paypal. Can anyone enlighten me on the flow of using the API for integrating Paypal using 3D Secure authentication?
For example:
I have tested using POSTMAN the normal flow without the 3D Secure authentication. And the flow is like below.
I get the amount and currency from the Front-End.
I create the Access token using clientID and secret which I receive from the company DB.
Then I create an order using https://api.sandbox.paypal.com/v2/checkout/orders API.
I get checkOut link from the response like https://www.paypal.com/checkoutnow?token=5O190127TN364715T
I redirect the user to this link which redirects the user to the Paypal page to make the payment. After completing the payment I redirect the user to the success/failure URL which also consists token and payer ID.
Then I use https://api-m.paypal.com/v2/checkout/orders/<token/orderID>/capture to complete the payment.
Now I want to add the 3D Secure authentication to it. From the documentation of integrating 3D Secure, I found that I need to add the payment source inside it and add SCA_ALWAYS as the verification attribute in the Card object. But how can I get the payment source to provide in the body as a request? (FYI I'm not supposed to use any libraries from PayPal as a company policy)
When redirecting to a PayPal checkout page such as https://www.paypal.com/checkoutnow?token=5O190127TN364715T in your example (or for a better UX, never redirecting away and instead using an in-context popup that keeps your site loaded), there is no need to implement 3D Secure. PayPal will present any 3D secure flow if needed, which will depend on the buyer account and its country and the credit card used, and might only happen the first time the card is used.
Implementing 3D secure only applies to direct card integrations such as Advanced Credit and Debit Cards (with or without hosted fields), or the Braintree Gateway.
I am writing my first PayPal app with the Classic API for Adaptive Payments. It's using Java Servlets with Tomcat.
The code seems to working correctly except I cannot see any transactions in the Seller sandbox account. The transactions are processed and do show up correctly in the Buyer's sandbox account.
I am using the sandbox credentials for both Buyer and Seller. I've tried credentials for the default "facilitator" account as well as creating a separate Business account as Seller. In either case, no transactions show in the Seller's history. I'm also using the testing AppID APP-80W284485P519543T.
I'd like to move on but without being able to see where the money goes, I'm not convinced this is working.
Any ideas?
Thanks
Sounds to me like maybe you've just got your accounts mixed up and the API credentials you're using in the app don't belong to the same sandbox account you're looking at when you check the history.
Or it could be a case where the API credentials do match the account you're logging into, but your app is actually sending the money to a 3rd party account..??
If the calls are working successfully then the money is going somewhere. If it's not in the account you think it should be then it's gotta be something like what I mentioned.
Looking at the way " PayPal uses OAuth 2" (https://developer.paypal.com/webapps/developer/docs/integration/direct/paypal-oauth2/), I don't see how using basic user name and password server integration can ever give me the ability to collect on behalf of over PayPal users.
Basically I want to be able to have a user with a PayPal account go through an access flow (ex. OAuth) which then gives me the ability to post payments to their accounts from customers.
This is what Stripe Connect does in a very easy straightforward way, does PayPal offer this in their REST API or in another developer API? Thanks!
I think Login with PayPal or Pay / Preapproval (or a combination of both) might be what you're after.
I'm trying to add a payment option for an application to allow users to donate/pay for certain features. To do this, I want to have the application periodically check PayPal for recent payments, preferably using a PayPal API.
I've looked at the PayPal IPN, and that seems to require that you own a web-server which PayPal can send an HTTP request to. However, I'm trying to avoid linking the application with a web-server. The other PayPal APIs I have looked at (I'm only looking at official APIs), from what I can tell, don't serve the purpose I seek.
The user experience I'm seeking is that the user will give the application their PayPal email address, donate/pay on the Paypal website to my account (or whoever's account). My application will then check PayPal for the past X donations, and reward the user accordingly if their email address is found on there and that payment has not yet been rewarded. The reason I want to do this is for security. I'll probably be publishing my work as open source, and I don't want someone modifying it and keeping the user's PayPal credentials.
So, a recap, which (if any) PayPal API would I use to check if there are any recent donations to a given account? Ideally, the user will donate/pay money on the PayPal website to an account, and the application will identify that transaction and reward the user appropriately. I intend to do this in Java, so I can use any Java APIs or web APIs that I can subsequently call with HTTP requests.
If I'm going about this the wrong way, or if it's impossible, let me know.
You can use the TransactionSearch API endpoint referenced here:
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_nvp_r_TransactionSearch
to find transactions in a certain date range.
If you need more information about one of the donors, you can use the transactionID you get from the search request to query the TransactionDetails end point here:
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_nvp_r_GetTransactionDetails