Can I get users to enter credit card details on the PayPal site, rather than my own when setting up a recurring payments profile for direct credit card payments?
When setting up a recurring payments profile for a user who wishes to subscribe to my service, I currently follow the standard recurring payment flow (as shown in the PayPal API examples):
Use the REST API to create a billing plan and agreement.
Redirect the user to the PayPal site.
User logs in/registers on PayPal site and confirms their acceptance there.
PayPal redirects them back to my site for final confirmation of the billing agreement.
Once they have confirmed on my site, billing commences and we start listening for IPN's.
However, it seems that if you want to use direct credit card payments (i.e. the customer does not have/want a PayPal profile), you have to capture the credit card details on your own site and pass them through to PayPal on the API call. Is there a way to move the credit card detail capturing to the PayPal site itself?
Yes, PayPal supports this arrangement; they call it hosted pro or hosted sole solution. However, it's classic, not the new REST.
PayPal's newer direct credit card APIs use vaulting, but I don't believe they come with a fully PayPal-hosted page that would avoid all PCI complications for you.
You might also want to look at Braintree's solution, which integrates into your page but handles encrypting & tokenizing the card details so you don't have to worry about PCI.
Related
I would like to use Stripe to sell digital goods. User needs a licence code after completing payment. The Strip API allows adding a description to the PaymentIntent that is apparently shown to the user on the Receipt.
Are there better ways for managing supply of download details/ license keys through the Stripe API?
Does anyone know if you're allowed to use saved card details for MOTO payments?
The scenario is this.
Customer calls in.
Agent brings up customer details
Agent see that the customer has saved cards already on their account
Agent selects saved card
Agent uses that to start the payment (I believe CCV details will need to be
added to complete payment)
It was my understanding that all card details need to be keyed in (card number/date/CCV).
In my case, we're using Stripe API, but I'm more concerned about the rules of the process in general.
If you want to process MOTO payments with the Stripe API, you first need to contact Stripe to enable that feature as explained here. Otherwise, if your account is in the European Economic Area, payments made by manually entering card details in the Dashboard will be automatically marked as MOTO by Stripe.
However, as mentioned on this support page, note that:
You’re responsible for ensuring that you protect your customers’ card information in accordance with PCI compliance requirements.
Manually creating payments through the Dashboard must only be performed when there are exceptional circumstances preventing you from using your own integration. It cannot be your primary method of processing payments on your account.
Is there any way to integrate PayPal without redirecting user to PayPal's website for payment in case of debit cards or PayPal payment type ?
Yes you can, it is explained by Paypal here : https://developer.paypal.com/docs/classic/adaptive-payments/ht_ap-embeddedPayment-curl-etc/
There are paypal products available in some countries with this functionalisty. I heard that Payflow Pro and Paypal Payments Advanced have such functionality.
But actually from my developer experience, if Stripe platform is avaialble for country where your project is hosted, then better to use Stripe Elements - they found a way to securely place fancy controls to get CC info in a way your website can get just either a token or a payment method object, without redirects, and if necessary, show a popup with 3D secure window during payment flow.
I've a project which connects different businesses who can sell their own products on my app and the payment gateway I used is Stripe. They connect their stripe account to my app through Stripe Connect and I charge on their behalf.
Now I would love to let the users to embed the paying form into their website as well through an iframe.
Are there any security issues that I should be aware of?
Note: I'm using the Stripe.js to process the payments so I don't need to worry about PCI Compliance
Thank you
I have a node.js web application which at times needs to send a user money knowing only their email address. This is essentially the same thing as PayPal's send money interface, but needs to be programatically executed.
I've seen this post which suggest using their newer Adaptive Payments API to do this, however nowhere in the docs or examples do I see how to send money from my account to an email address.
Is my only option to dive into the MassPay API which paypal is moving away from?
You can use Adaptive Payments Implicit simple payments -
https://developer.paypal.com/webapps/developer/docs/classic/adaptive-payments/integration-guide/APIntro/
https://developer.paypal.com/webapps/developer/docs/classic/adaptive-payments/integration-guide/APCallsHeadersAndPaymentTypes/