CODEWITHSUNDEEP
phpwordpresspaypal-rest-sdkpaypal
Nick Li
Nick Li

Reputation: 312

Paypal Express Checkout for my developing wordpress plugin

Situation: I am developing a wordpress plugin where on http://example.com/edit-order, customer can upload an image, modify the image, resize it and have it printed by the printer. The user will then need to pay for the good base on the the final image size. For the purpose of shortest workflow, I would like to have the "checkout" button on the same page as well.

I was hoping to integrate paypal as the payment gateway, and I believe the paypal express checkout button integration would be the 'easiest'. I have read the paypal document here. What really confused me is it can integrate for client-side REST or server-side REST, and even after reading all the example codes and example, I don't know how to integrate into my plugin.

For client-side REST: I know I can callback on 'onAuthorize' to redirect to a pre-defined page to confirmed payment on server-side, but how do I pass the success payment detail back to the server? and more importantly, how do I know the payment detail passed back is from paypal and genuine instead of being sent from malicious site?

For server-side REST: this make more sense to me to call the paypal API from server side, but how do I pass the payment amount and order detail from edit-order page to the create-payment page? from the example code

    var CREATE_PAYMENT_URL  = 'https://my-store.com/paypal/create-payment';
    var EXECUTE_PAYMENT_URL = 'https://my-store.com/paypal/execute-payment';

    paypal.Button.render({

        env: 'sandbox', // Or 'sandbox'

        commit: true, // Show a 'Pay Now' button

        client: {
            sandbox:    'xxxxxxxxx',
            production: 'xxxxxxxxx'
        }

        payment: function() {
            return paypal.request.post(CREATE_PAYMENT_URL).then(function(data) {
                return data.id;
            });
        },

        onAuthorize: function(data) {
            return paypal.request.post(EXECUTE_PAYMENT_URL, {
                paymentID: data.paymentID,
                payerID:   data.payerID
            }).then(function() {

                // The payment is complete!
                // You can now show a confirmation message to the customer
            });

since paypal.request.post(CREATE_PAYMENT_URL) seems to accept only one argument, how to pass along the order detail in order to create the payment?

FYI, I have used stripe SDK and API before and they were so straight forward...I just don't understand how paypal express check out is done! Especially for client REST which makes no sense to me...why would anyone want to client REST which finish the whole process in client side and pass nothing back to server to determine if the good is paid for? What did I missed and did not understand?

Upvotes: 0

Views: 763

Answers (1)

bluepnume
bluepnume

Reputation: 17108

For client-side REST: I know I can callback on 'onAuthorize' to redirect to a pre-defined page to confirmed payment on server-side, but how do I pass the success payment detail back to the server? and more importantly, how do I know the payment detail passed back is from paypal and genuine instead of being sent from malicious site?

You're correct that there's no 100% reliable way to do this. The recommended approach here would be to pass the paymentID and payerID back to your server and to make the call there the to paypal REST api to validate the amounts.

For server-side REST: this make more sense to me to call the paypal API from server side, but how do I pass the payment amount and order detail from edit-order page to the create-payment page? from the example code

The way I'd recommend is:

  1. Do execute() in onAuthrorize
  2. Redirect the page
  3. Make a server-side call to get the payment details

https://developer.paypal.com/docs/integration/direct/express-checkout/integration-jsv4/advanced-payments-api/show-payment-details/

You also have the option of building a single page app, and showing the details returned by client-side execute() on the same page

since paypal.request.post(CREATE_PAYMENT_URL) seems to accept only one argument, how to pass along the order detail in order to create the payment?

You can actually pass a second parameter, which will be passed to your server as key-values:

paypal.request.post(CREATE_PAYMENT_URL, { foo: 'bar' })

paypal.request.post is actually just a wrapper to make ajax calls more easily.

why would anyone want to client REST which finish the whole process in client side and pass nothing back to server to determine if the good is paid for?

You should still do server-side validation to make sure the item is paid for. The client side integration just makes it simpler to create and execute the payment.

One thing to note -- both the client and server-side integrations use the same REST api. So there's nothing stopping you from using both in conjunction with each other. The client-side calls just make it a little bit easier to do some of these calls without additional server-side logic.

Upvotes: 1

Related Questions