Paypal express checkout without shipping address using rest api - paypal-rest-sdk

Can anyone tell me how to hide the shipping address in the checkout prozess using REST Api.
All examples i found are quite old and use the classic API.
To create my payment i follow the example here from Github:
http://paypal.github.io/PayPal-PHP-SDK/sample/doc/payments/CreatePaymentUsingPayPal.html
No shipping address is specified in the request, but one is shown in the checkout window from paypal.

Related

Recaptcha for stripe checkout

I'm facing card testing attack lately on a website that uses stripe checkout.
After two days of being under attack, I finally deactivate the concerned page which leaves my website without any way to pay for services.
Now I would like to add a recaptcha to protect the stripe button, but just can't seem to understand how to do it.
I have a page with three services, under each one is a stripe checkout button. What I would like to do is to prevent bots to access the Stripe checkout page, which is external and hosted on stripe servers.
I did recaptcha integrations before in php and with a regular form. Here I'm working with nodejs and there's no real form to query. Is it possible to prevent bots from accessing those buttons ?
I saw some tutorials online but everytime the form is hosted on local server.
If you have a clue, it would be a great help.
Thank you
Have you followed the official Google docs for reCAPTCHA v3? They provide code snippets and go into detail about how to do this.
https://developers.google.com/recaptcha/docs/v3
It's easiest to implement it in the payment flow before your customers ever get to the page with the Checkout button (e.g. on the shopping cart page), but you can also bind it to the form action that triggers the creation of the Checkout Session.

How to get details of an express checkout - PayPal / Postman

I'm trying to get the details of payment after test an express checkout.
When I go to
https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-0CS36485JR5738828
It shows the checkout and I click on confirm.
After that, I'm being redirected to http://return.url/?paymentId=PAYID-MHKJM6A3W026542BR076654N&token=EC-0CS36485JR5738828&PayerID=HUGNJ49ZGF8CU
Here I have the paymentID, but I can't find an endpoint to see the details of that payment.
And I have a Webhook too with the event Checkout checkout buyer-approved, if I simulate an event, the webhook responds and sends the data to my backend, but it doesn't do it when I do an express checkout.
Now I'm trying almost everything with Servistate (Postman-like), but the idea is to make an express checkout, and confirm that payment on the backend.
Note: On my backend, I'm using paypal-rest-sdk package to generate the payment and with that, the checkout url
The PAYID token was created using the v1/payments API.
Use that API to get the status of the payment.
Note that the v1/payments API is deprecated, you should use the v2/checkout/orders API for payment processing instead. See the current PayPal Checkout documentation, and be sure to read through the 5th bullet in 'Add and modify the code' which discusses a server integration.

How can i use stripe.redirectToCheckout in my asp.net webforms?

I want to redirect my users to stripe secure checkout option instead of getting their credit card details in my website using stripe gateway. How can i accomplish it using stripe.redirectToCheckout. Didn't found and proper example or documentation.

How does a Checkout Page take the user input information and pass it to Stripe?

So far I've created a product modal and upon proceeding to checkout, Stripe popup appears and the user can proceed with the payment.
https://streamable.com/30p4eh
Although, I have to change the checkout button to popup a checkout page first so the user can enter his delivery address and so on. How does a checkout page deliver the information the user has input, into Stripe? How does the whole process work? Do I have to add all my products into Stripe product page? Can Stripes checkout page be used like in this Firebase video? Firebase
The Checkout payments guide now includes a nice diagram that I think should help understand what you're asking about.
You create a Checkout Session with the payment information and then redirect your customer to Stripe. Stripe displays the information about the purchase and collects payment information from your customer, then redirects them back to the URL you specify. In the background, you're notified about the success of the payment and you can manage order fulfillment.
If you need more information about a particular piece of this, please feel free to ask with more details!
Update: on a second review, I see that I missed that your video is showing the Legacy Checkout integration. Stripe has a new Checkout integration that supports a wide range of payment methods and supports SCA-compliant authentication challenges. Take a look at the migration guide to update your integration.

Security concerns with using Stripe checkout over Cordova

I'm looking into using Stripe.js for payment processing in a mobile web application wrapped in Cordova. According to the Stripe documentation all checkout pages should be served over https. Since Cordova will technically be serving these pages locally in a webview, are there any security concerns I should worry about?
Note: I will still be using https to submit the tokenized card details from Stripe to my remote API server to actually complete the charge.
I'm an engineer at Stripe.
Cordova/PhoneGap isn't a platform we actively support with Stripe.js, but after talking it over with the team, we have two suggestions for how to mitigate potential vulnerabilities:
Configure your Domain Whitelist sensibly, to limit the possibility of other scripts maliciously sending payment data to an untrusted third party. You should only need to add https://api.stripe.com to support communicating with Stripe.
Always load the latest version of Stripe.js from our servers, per the Stripe.js documentation. This will ensure that you're always up-to-date with any bugfixes and patches we add to Stripe.js
Beyond that, I believe your exposure is similar to using Stripe.js in a normal webpage, loaded in-browser.
(I should note that I assume you're using Stripe.js and not Stripe Checkout—the latter would require the https://checkout.stripe.com domain to be added to the domain whitelist, as well.)
I posted an answer related to this in a similar question. If you control a custom API, give it https protection and send your whole checkout form down into an iframe (source set to your API endpoint).
Then use a plugin like Cordova-HTTP for SSL pinning, and you should be more secure!
Original answer:
Implement Stripe Payment Gateway in Cordova/Phonegap Application

Resources