I'm trying to add a payment option for an application to allow users to donate/pay for certain features. To do this, I want to have the application periodically check PayPal for recent payments, preferably using a PayPal API.
I've looked at the PayPal IPN, and that seems to require that you own a web-server which PayPal can send an HTTP request to. However, I'm trying to avoid linking the application with a web-server. The other PayPal APIs I have looked at (I'm only looking at official APIs), from what I can tell, don't serve the purpose I seek.
The user experience I'm seeking is that the user will give the application their PayPal email address, donate/pay on the Paypal website to my account (or whoever's account). My application will then check PayPal for the past X donations, and reward the user accordingly if their email address is found on there and that payment has not yet been rewarded. The reason I want to do this is for security. I'll probably be publishing my work as open source, and I don't want someone modifying it and keeping the user's PayPal credentials.
So, a recap, which (if any) PayPal API would I use to check if there are any recent donations to a given account? Ideally, the user will donate/pay money on the PayPal website to an account, and the application will identify that transaction and reward the user appropriately. I intend to do this in Java, so I can use any Java APIs or web APIs that I can subsequently call with HTTP requests.
If I'm going about this the wrong way, or if it's impossible, let me know.
You can use the TransactionSearch API endpoint referenced here:
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_nvp_r_TransactionSearch
to find transactions in a certain date range.
If you need more information about one of the donors, you can use the transactionID you get from the search request to query the TransactionDetails end point here:
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_nvp_r_GetTransactionDetails
Related
I have a website and my own server and database, I also have an native Android app. I need to allow users to be able to sign-in with their account from the website inside the app in order to sync information and other things they need to use. I've been stuck for a couple of days trying to figure out how to do that. I've found a lot of content regarding OAuth and AppAuth but they are focused on using an OAuth API to the job. Back on my server, I use Hybridauth for social login, but users can also register directly on the site. How would be the proper way to allow my users to sign-in to their website account through the Android app?
You're overthinking it. OAuth isn't meant for users to log in, it's meant to enable external services to access data on behalf of a user.
To make a user log in? Create a POST endpoint on your webservice named login. It should take two parameters- username and password. The body of the login service should salt and hash the password, then check if the hash equals the hash stored in the db for the same user. If so, you're logged in and you return a success packet with a unique token to authenticate you for later requests. If not, you return a failure. The Android app would ask the user for their data, then send a request to the endpoint. On success it saves the token and sends it in all future requests to authenticate yourself, either as a parameter or as a header.
This is of course the simplest possible version. More advanced features would include expiring of login tokens, refresh tokens, possible lockout if you have too many bad requests, etc. But the above is the basic idea. Although really I'd look for an open source solution you can take, as there's quite a lot of complexity when you get into all the stuff mentioned above, and its a place where a mistake that leads to a vulnerability is probably the most dangerous.
I'm trying to create a web service to use the Google Plus API. I'm writing it in java, however I can't figure out what files I need and how I would go about posting to Google plus groups using Java
If you have any insite please could you post relavent links and helpful tips to help me out.
EDIT 1:
I have been playing around with the GooglePlus API provived by Google and have written a project based on the sample code given from this page: https://developers.google.com/+/domains/posts/creating
The code runs fine until it gets to the GoogleTokenResponse tokenResponse = flow.newTokenRequest(code).setRedirectUri(REDIRECT_URI).execute(); line. Where it returns a null error. I am copying the link provided in the console and pasting in the code, however everytime it just returned a null error, is there a specific part of the returned code given that causes an issue?
Posting to Google+ is only supported for accounts in a Google Apps Domain (and even then, with restrictions).
If you are logging in using a GMail account - you don't have an Apps Domain account. If you're logging in using some other email address (ie - you have an email address, but you can't use Google account features such as GMail or Google Drive with it) then you don't have an Apps Domain account. If you are using a Domain account, your Domain admin may need to enable Google+ for your Domain before this works.
See https://developers.google.com/+/domains/getting-started for the differences between what you can do with the Domains API and the regular Plus API.
Note that neither API lets you post to a Google+ Community or post publicly. The Domains API does let you post to a user's circle, as long as the members of that circle are also part of the Domain. The Domain API also lets you post to everyone in the Domain. The normal Plus API does not allow posting at all.
There is a third API, knows as the Pages API, which allows Pages to publicly post on their stream. This API, however, is available to a limited number of partners such as Hootsuite. You can read more at https://developers.google.com/+/api/pages-signup, but there isn't much more available publicly.
Your web service should first authenticate against Google. This authentication can either be using a service account (if you want to post only through one account) or users's account (if you want to post via user's account) using oAuth mechanism.
For more details about how to authenticate, refer to How to authenticate our users in our website with Google Account
Have a look at https://developers.google.com/+/api/ for detailed information about how Google Plus APIs can be used.
I'm trying to create an application using Java with PayPal.
Scenario: There is a webshop, a buyer and my application. I want to create the application such that the buyer and the webshop firstly give the app permissions to pay and receive money respectively. Then in the future when the buyer buys something from the webshop, my application has all the information needed to execute this action without involvement of the buyer or webshop.
Now there are two things that are not clear (and I can't find it in the PayPal documentation):
Using the Permissions API you must select the GroupIDs to get permissions for the different API sets. I don't know which one to select for the buyer or for the webshop.
Then, using the authorization header, you can perform the API call. In the case of the buyer, I want to perform a PayPal payment (NOT using a credit card). How do I do this? Which API call do I need to call? (something in Adaptive Payments maybe?)
Thanks in advance.
Classic API has a third party authorization system you can use.
When you give permission to a third party, you grant access to specific information that is account-related or transaction-related and may also be authorizing the third party to take certain actions on your behalf. These services allow the third party to make different kinds of payments, refund payments, search for transaction data, and more. You should be very selective about the type of access you grant to specific third parties.
Once you have obtained authorization, you can then run calls for their PayPal account on their behalf. The catch there is that you can only do what they have authorization for. So if, for instance, you want to run cards on their behalf, they would have to subscribe to payments Pro.
I am writing my first PayPal app with the Classic API for Adaptive Payments. It's using Java Servlets with Tomcat.
The code seems to working correctly except I cannot see any transactions in the Seller sandbox account. The transactions are processed and do show up correctly in the Buyer's sandbox account.
I am using the sandbox credentials for both Buyer and Seller. I've tried credentials for the default "facilitator" account as well as creating a separate Business account as Seller. In either case, no transactions show in the Seller's history. I'm also using the testing AppID APP-80W284485P519543T.
I'd like to move on but without being able to see where the money goes, I'm not convinced this is working.
Any ideas?
Thanks
Sounds to me like maybe you've just got your accounts mixed up and the API credentials you're using in the app don't belong to the same sandbox account you're looking at when you check the history.
Or it could be a case where the API credentials do match the account you're logging into, but your app is actually sending the money to a 3rd party account..??
If the calls are working successfully then the money is going somewhere. If it's not in the account you think it should be then it's gotta be something like what I mentioned.
Looking at the way " PayPal uses OAuth 2" (https://developer.paypal.com/webapps/developer/docs/integration/direct/paypal-oauth2/), I don't see how using basic user name and password server integration can ever give me the ability to collect on behalf of over PayPal users.
Basically I want to be able to have a user with a PayPal account go through an access flow (ex. OAuth) which then gives me the ability to post payments to their accounts from customers.
This is what Stripe Connect does in a very easy straightforward way, does PayPal offer this in their REST API or in another developer API? Thanks!
I think Login with PayPal or Pay / Preapproval (or a combination of both) might be what you're after.