I would like to know if this is possible to add new payment method for Bigcommerce. I tried to contact their support without any luck. If anyone is familiar with bigcommerce and know if this is possible, i would appreciate any advice.
I already read their API docs and didn't found anything useful - only method to obtain list of available payment methods.
I already tried to signup for their partner. Without any luck.
We've done this before for a couple stores to allow clients to process payments through their own processor. The way we achieved this, is essentially through the following high-level steps:
Allow payments by Check (or similar offline method). We are going to replace this with the custom processor.
You'll notice that if you attempt to checkout via Check, that BigCommerce automatically creates the order for you, but sets the order status to Awaiting Payment. Upon submission the user is automatically sent to a 'Thank You' Order Confirmation page that contains both the Order ID and some payment instructions (such as where to send the check to).
Here's the trick -- Modify this 'Order Thank You' page to prompt the user for her or his credit card information. A simple HTML form will suffice here, performing the actual request via JavaScript.
Once you have the user's credit card data, you can then POST it to your own external server, where you would connect to and send data to whichever processor you are using. Additionally, you should make sure to send the Order ID to this program, so that you can connect to the BigCommerce API to load billing information, and then subsequently adjust the order status to either approved or declined depending on the response from your processor. Finally, you should send back some sort of response to the client to inform of the result of the charge attempt.
That's pretty much it in a nutshell. The way you integrate with the payment processor (step 4) is unique to whichever processor you are using. I hope this makes sense.
Although opinion based, I'm a huge fan of serverless technologies, and would suggest looking into AWS Lambda + AWS API Gateway. The benefit here is that you don't need to worry about creating an infrastructure or the associated concerns of security and scale. Rather, AWS Lambda allows you to simply upload your software, and allows it to be executed via an HTTP request to some defined endpoint set through the API Gateway. Lambda will scale automatically for you, and you don't need to worry about system level security concerns - only security at the application level. It's truly a set and forget setup, and a bleeding edge technology. Not to mention dirt cheap!
Implementing a new payment method is unsupported and requires hacky workarounds since we implement payment gateways via the core app. You can do this on blueprint by using an offline payment method and then using the API to update payment statuses, etc. I'd recommend using ActiveMerchant if you do wish to go down this path.
Related
I am using STRIPE as my payment processor, in an REACT + nodeJS app. I already have something that already works, but I would like some feedback, maybe I'm doing something wrong.
So... I have this Redirect-To-Checkout functionality thats made available by STRIPE, basically I redirect the user to this STRIPE page where all card-data (sensitive information) is processes in order for the payment to full-fill.
What I do in my nodeJS server part is the following:
Once the user acces the redirect to check-out page, I already create a PendingOrder, with the products selected by client (Here I save some information based on client/stripe payment-intent, in order to check in later steps)
Once webhook gives me the 'payment_intent.succeeded' I check for the payment-intent information to see if it exists in my PendingOrder collection, then proceed to add in to ConfirmedOrders and remove it from PendingOrders.
I have to do this whole process because Stripe no longer gives me access to some information I require when the user is checking-out his order(such as observation that the user has based on the type of service he chooses).
Are there any down-sides to this approach or is there any other way to do it?
Thanks in advance!
You’re not really far from the best practices that Stripe recommends here. The only thing that I would change is listening to checkout.session.completed instead of the payment_intent.succeeded event. As of the latest API version, a PaymentIntent is no longer created upfront so a better to way to handle order fulfillment is to either store the Checkout Session ID (e.g. cs_live_xxx) or you could add some metadata when creating the Checkout Session and use that instead to identify the order.
I have to do this whole process because Stripe no longer gives me access to some information I require when the user is checking-out his order
As for this, I’m not sure what you mean, you can always use your app with the success page customization described here alongside webhooks. I wouldn’t use that to fulfill the order though since the user might close the page before the redirection completes which means that the fulfillment wouldn’t be done in that case. As such, webhooks are essential to order fulfillment.
How can I use PayPal to charge users for feature(s) in my MV3 Chrome extension?
I'm specifically looking for PayPal as Stripe isn't supported in my country.
This is the first-ever time I'm trying to charge money for anything, so I wish to do it the right way the first time.
Also, my extension is open-source, so if I could make the code in a certain way to prevent the user from bypassing the storage to enable the feature without paying, it'd be cool.
You need a web server that provides services and payment verification if you want to prevent the user from bypassing anything.
Current versions of the PayPal Checkout require loading external JS resources, which browser extensions typically frown on. So the simplest solution, again, is going to be to have your extension direct over to a web page to handle the payment.
If you insist on processing the payment directly from your extension, the only possible way would be using a legacy HTML-only PayPal flow, most simply opening a tab to a link such as:
https://www.paypal.com/webscr?cmd=_xclick&item_name=payment%20purpose%20goes%20here&amount=100¤cy_code=USD&business=receiverofpayment#emaildomain.com
This would not be at all secure or verifiable, other than perhaps if you were to also integrate the legacy IPN service on a server (also a bad idea).
So in summary, to do what you want to do you ought to pair a server and web page with your extension for payment processing/verification.
See the full stack example at https://developer.paypal.com/docs/subscriptions/integrate/ , and do API calls from your server's backend (in whatever programming environment, the node js there is just an example) for the order creation and capture. Your 2 server routes should be called from your web page, ideally using this approval flow includes a sample of error handling code for if the capture fails.
Background
I am integrating stripe API into my site to take one off payments. My site will be API first on server side with a separate web and mobile front end. I am working on the API server side code. I will eventually use stripe payment pages to take credit card payments. I am trying to automate the testing of my APIs and am bamboozled by the documentation (which are thorough) as I just can't see what steps to take next.
My server side initiates a call with stripe using stripe sdk to create a stripe Session object - this contains a URL to redirect to checkout.stripe.com/pay/..., a success URL when payment is successful and a cancel URL (these I set to handle the callback).
Problem
I can automate in Postman all my API calls from Browse Products, Select Product, Place Order but the next step I am stuck. After Placing Order I get back the stripe session but how can I mimick making the payment with stripe for the session and then call my Success URL ?
When the site is complete I will redirect the UI to stripe to take payments but I am testing and completing the back end flow first.
I have copied and pasted the session URL which is returned by the stripe Session object to bring up the page in a browser and used Dev tools on Chrome to inspect Network to see which APIs are being called by stripe in an attempt to reproduce and I can see a POST to stripe.com/api/payment_methods and I can see the posted values but I can't reproduce this in Postman. Also, the documentation (https://stripe.com/docs/api/payment_methods/create) says
"Instead of creating a PaymentMethod directly, we recommend using the
PaymentsIntents API to accept a payment immediately"
Question
Which stripe APIs do I need to call to automate the flow from a stripe Session object to make a payment and then check that it was successful? Payment Methods? Make a Charge? Payments Intents? ...and how. Happy to be pointed to the documentation if you can help me understand the flow.
TIA
Checkout is a Stripe product that looks like a "box" and you can't know (and shouldn't need to know) what happens inside. It is created for the purpose that merchants won't have to think about what's being done under the hood.
Speaking from an automation perspective, you can try to reproduce the whole process but there's no guarantee it won't change in the future, and it could leave you with more problems later.
For options to reproduce:
The closest way is simulating browser filling and submission, using automated browser tools (ie Selenium). But it's not as straightforward as PostMan. Generally you would want to simulate every browser action that a human could do.
Or you can try to accomplish the same with the logs and events you receive on Stripe's Dashboard, when you test a Checkout Session by yourself. From now there are 3 requests.
And your goal is to receive the same 5 events in Webhook:
TBH I recommend to reconsider the need of this test, to see if it worth your efforts.
A client has asked me to set-up card payments through authorize.net. However, I've noticed the node SDK hasn't been updated in a year and their Node SDK is only mentioned on some of their doc pages (so I get the impression it's not a primary focus for them).
I have many years of experience using Braintree Payments and Stripe. They both have great support for Node, plus drop-in/hosted fields for React (frontend). This approach removed much of the PCI compliance requirements from my server.
However, my client cannot use Braintree or Stripe because they are selling restricted items which are not allowed by Braintree's and Stripe's ToS. They currently use Authorize.net and would like me to continue to support that on their new website.
It seems my only option is to directly send card details from my React frontend to my Node API server. Which makes me uncomfortable. As Stripe's PCI guide says there are 300+ security controls in PCI DSS which need to be met if send PCI data on servers.
Here is an example of their creditCard inputs on Node, taken from their examples GitHub repo.
var creditCard = new ApiContracts.CreditCardType();
creditCard.setCardNumber('4242424242424242');
creditCard.setExpirationDate('0822');
creditCard.setCardCode('999');
var paymentType = new ApiContracts.PaymentType();
paymentType.setCreditCard(creditCard);
My question is:
It doesn't seem the best practice in 2020 to send card details through my server anymore with so many providers out there offering hosted fields. Is this a valid concern?
Would I need to get my Node.js code and PCI compliance validated by QSA?
more link:
Node.js SDK: https://github.com/AuthorizeNet/sdk-node
Their PCI compliance list (last updated three years ago?):
Hey I believe that the accept.js suite would be what you need. https://developer.authorize.net/api/reference/features/acceptjs.html Basically it takes a payment nonce after receiving your post request from the client side and sends it to your server instead of sensitive credit card in formation. I am trying to work with it myself. Maybe we could collaborate. I'm a node payment novice. I posted a question about it here.
I would like to automatically hit an api with dynamic values from my client side via a post request using javascript files. How can I achieve this?
let me know if this helps
While writing this question I found out that someone had the same concern as me in PHP/Magento in another Stack Overflow post.
Using Authorize.net's Accept.js you can send payment details directly to their servers and use a payment nonce (like Braintree/Stripe) in place of the card details.
Accept.js is a JavaScript library for sending secure payment data
directly to Authorize.Net. Accept.js captures the payment data and
submits it directly to us, in exchange for a one-time-use token, or
payment nonce. You can use this payment nonce in the place of payment
data in a follow-on createTransactionRequest API call.
Our JavaScript library offers developers two workflow options for
accepting payment:
Option 1: Host your own payment form for a PCI-DSS SAQ A-EP solution that gives you complete control of the customer payment experience.
Option 2: Embed our hosted, mobile-optimized payment information form in your page to collect the card information in a PCI-DSS SAQ A
compliant way. For a fully hosted payment solution that you can
redirect your customers to or embed as an iFrame within your page, see
our documentation for Accept Hosted.
The Square documentation for updating webhook events shows this URL format: PUT /v1/{location_id}/webhooks. However, creating a webhook event listener for every merchant location could be a lot of separate API requests, and it would be far easier to use the merchant_id instead of the location_id (even though this is not documented) and make one request for each merchant.
Attempting to do this actually works - when I PUT /v1/{merchant_id}/webhooks the webhook is saved in Square and transactions for any of that merchant's locations successfully send the webhook.
My question is, since this is undocumented (although it works) is it safe to rely on this approach?
While it may work currently, since it's undocumented, the behavior may change in the future and cause unintended side-effects. I strongly encourage you to follow the current documentation for subscribing to webhooks.