I've checked out the resources on PayPal's site, but I'm having trouble figuring out how to setup recurring payments from a "create account" form I've created in C#.
My goals is to have a text field called "username" that's disabled and enables when the user processes their payment through Paypal by clicking on a link that opens the payment page in their browser. I want to then save some kind of ID associated with that transaction that my application can look up when the user logs in to make sure they still have an active subscription.
All that being said, I have two questions. One, is there a good walk though for someone who doesn't know much about SOAP or anything of the sort? Possibly geared toward Paypal? Second, does Paypal give some kind of static transaction ID that I can look up via Paypal when the user logs in?
I'm also open to other payment processing methods, but I want to stick with WinForms for a while.
You can use the CreateRecurringPaymentsProfile to create the subscription with PayPal. If you don't like working with SOAP you can use their basic NVP API, which is what that link points to.
When you make that call to create the profile you'll get back a PROFILEID. This profile ID can be passed into GetRecurringPaymentsProfileDetails to check the current status upon login.
Since you're using C# I'd recommend taking a look at this .NET SDK for PayPal. It makes the calls very simple for you.
Related
I have a web app (rest API) on azure, and I have a B2C setup that is securing it, requiring you to be signed in to access the API. This is good, as i wanted the API to be restricted to members. Basically, the entire web app requires authentication, and will prompt you for a sign in.
Heres the problem - my app has users (who have accounts) and clients (who do not have accounts). These clients might receive an email about a new appointment being set up with one of the users - this email should have one or more links/buttons (ie, a button to Confirm appointment, one to Decline, and one to request a reschdeule) and upon clicking this link I would like to update a field in my database via the rest api, so the USER knows the CLIENT's response. The trouble is, since the client wont have an account, I have no idea how I can give them a link they would be allowed to go to, and have the update happen.
I have tried to do a bunch of research - ive looked into AD external identities with a one time passcode - but i cant seem to find any info on how i would actually get this to work for my purposes.
Does anyone know how I might implement this in azure? Is there a way to call to azure form c# to generate a one time authentication that i can encode into a URL or something?
Any thoughts would be greatly appreciated.
Thanks!
You could do an anonymous authentication by using a magic link. The users account won’t even need to live in the directory. The link can be short lived, and potentially one time use. We call it id_token_hint or a magic link.
Sample here
https://github.com/azure-ad-b2c/samples/tree/master/policies/invite
And reference here
https://learn.microsoft.com/en-us/azure/active-directory-b2c/id-token-hint
I have a C# MVC (using Umbraco) site that I need to submit a payment through paypal. I have setup a sandbox merchant and buyer account. I am able to submit the payment and everything is working well there. However, my site needs to know when the payment has completed successfully as I will send an email and do some database operations, and here is where I'm having the problem. I cannot get paypal to auto return to my site. I need the return URL to be:
http://localhost:56733/payment-confirmation
This is not a duplicate of this question:
Setting PayPal return URL and making it auto return?
I am using C#, not PHP. Also, I am trying to run this locally. The solutions listed on the above question DO NOT WORK. The behavior and results are the same.
I do get the screen that shows the following:
You just completed your payment. XXXX, you just completed your payment. Your transaction ID for this payment is: XXXXXXXXXXXXX.
We'll send a confirmation email to XX#XXXX.com. This transaction will appear on your statement as PAYPAL.
Go to PayPal account overview
It is not recommended to handle post-payment processing on any return URL. Even with Auto-Return enabled there is no guarantee the user will make it there, and if they don't, that code will never run and you'll end up with tasks not getting completed like you expect.
Even if you're using Express Checkout API's so that you are guaranteed to end up on your own site, it's still not wise to handle all your data updates and email stuff there because the payment could be pending. You wouldn't want to deliver any product or anything like that until the pending payment cleared.
The way to handle all of that correctly is to use Instant Payment Notification (IPN). This will be triggered regardless of whether or not the user makes it back to the return URL, and you'll get multiple IPN's for transactions where the status updates so you can handle those automatically, in real-time as well.
Take a look at the documentation for IPN, but don't let it freak you out just because there's a lot of info there. It's really nothing more than a POST of data to a listener URL that you specify. In that script, you'll receive the data just like you would a form POST. It's really a pretty simple thing to setup, and you can do all sorts of cool things with it.
I'm currently implementing an Automation system for software selling through Paypal API. I have got the IPN portal working so it recieves IPN Messages from Paypal and is passed to a back-end service which files it in a SQL DB, Generates a license yadda yadda yadda. It also checks against an internal entry to confirm the payment recieved matches the actual price of the product purchased (Stopping them sneaky hackers). I have now got to a stumbling block where i would like to reject payments that are the incorrect price and i've trawled the Paypal API Developer documentation and can't seem to find what i'm after. My guess is making a call to the Adaptive or merchant API URLs but I cant find what info past auth credentials i'd need to send. Can anyone point me to the right page or 3rd party website with the information I can use to get this setup? an NVP solution would be preferred.
You can't really reject a payment at that point because the transaction has already been completed. All you can do is refund it, which you can do via the RefundTransaction API within your IPN script. This way you'll also get your PayPal fee refunded.
You've already got your logic in place to check if the prices match, so just add a call to RefundTransaction if the price does not match. You may also want to send an email notification to the buyer in such cases letting them know something was wrong with the pricing on their order so it's been refunded, and maybe even provide a checkout button for them to re-buy at the correct price if you want to.
I am confused by PayPal's developer info. I have a website. I want the User to be able to click the PayPal icon and when they made a payment the payment notification is sent to my URL.
I have created a button for this but I want the notification of payment to be sent to one of my URLs.
I also want to test this using a sandbox account. But after creating the sandbox account and I click 'create button' on the developers website it redirects me to the 'live' PayPal website where the construct of the button is as it was before.
I created a sandbox account and I have the criteria details.
Yet, despite much research I cannot find a simple easy to understand C# example of what I want to do. One minute I am looking at their developers' BETA web site, the next I am looking at an example code on CodeProject that is four years old and not replicated in any of the examples I can see elsewhere.
I'm using PayPal's Website Payment Standard in my ASP.NET website.
What I do is when the user clicks on the "Pay Now" button, I do the following in the codebhind:
DB status changes
Generation of the PayPal form, hidden fields for the items
Call ScriptManager.RegisterClientScriptBlock() to call the javascript function that submits the PayPal form to PayPal.
I'm worried that the user can press stop on the web browser and then edit the values in the hidden forms and then submit the form. Is there a way to prevent this? Or a better alternative?
Thank you so much in advance!
I haven't done PP Standard. I've used Gateway and Pro/Express Checkout but its been quite a while - still, your question can be handled in a more "generic" way...
Unfortunately your plan will not do anything to protect you - just like any other HTML Form on the web, HTTP requests and responses can be inspected and tampered with using readily available tools.
The common way to prevent tampering is to do server-side validation of submitted values coming from any client/browser (the rule of thumb is "trust no one"). In your scenario, you are doing things on the server side, but that's still prior to the actual submission target of the data - which is PayPal. The step that actually sends the data to the "target" is still the browser/client - and there lies the issue so to speak. The data to be validated is meant for a system other than yours (so you can't validate for PayPal).
Unless there is an added layer of security, e.g. signature or encryption, it will always be vulnerable to tampering (viewing is a foregone matter, it can be viewed).
I don't believe (but I could be wrong) PP Standard has a server-to-server option for POSTing data. This would effectively "hide" the data altogether from the client/browser - nothing to see, nothing to tamper with. Data transfer is in the background - client/browser knows nothing of it.
However, their PayPal Payments Standard and Button Manager API seems to be the right/secure way of doing this.
In essence you will be creating what they call "encrypted buttons" on the fly. This way the data will look like gibberish to anyone inspecting it - it will only make sense to PayPal because they can decrypt the data accordingly. That's how the data is secured/protected from tampering (not viewing - but again, what can be seen is gibberish)...
Hth...
Update:
Also, you should consider PayPal IPN for storing data. You are making the assumption above (I think) that everyone who clicks the button will actually go through with the payment (or can pay successfully). With IPN, you will "listen" for data coming from PayPal only after successful payment (which is where you should store order related data and/or inventory updates, etc.) ....
Even though I'm working with PHP, using the NVP API you can get links to redirect using a token which can only be used by paypal. All the links will look like https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=TOKEN, where TOKEN is a token retrieved previously by calling the PayPal API.
I've only developed it for ExpressCheckout. You can check the API here:
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/howto_api_reference