Does the Dwolla API Webhooks Notification send the wrong transaction id? - webhooks

I think that the Dwolla API sends the wrong transaction ID in notifications. In a normal dwolla money transaction, two transaction IDs are created (this is weird to me, but that's how dwolla does it). Because these two are created at the same time, they are always (in my experience) consecutive numbers.
So e.g. if account X sends money to account Y, Y will see transaction id M, and X will see transaction id M+1.
But Dwolla's notification webhook will send Y details of the transaction with id M+1. While ID M+1 is still unique to this transaction, ID M+1 cannot be used by Y via the API - because M+1 is supposed to only be used by X.
Here is a specific example:
Via my webapp, I send money from my personal dwolla account to my organization's via the off-site gateway api.
My webapp is sent the transaction details in both callback and notification form. The transaction id generated by step 1 is 1431566. This is the transaction id sent to both callback and notification. My web app stores this Id for future use.
Via my webapp, I decide to refund my personal dwolla account from my organization's so:
My webapp tries to query dwolla about transaction 1431566, to get the SourceId, but this fails - dwolla reports "Transaction not found for account". My automatic refund cannot continue without an ugly kludge like subtracting one from the Id and trying again.
The manual workaround is to login to my organization's dwolla account via the web interface. Here I can look for the transaction based on datetime and I can see that the transaction ID is actually 1431565 (correctly reported in the web interface). If I go into my organization's database and replace 1431566 with 1431565, I can repeat step 4 and it works this time. After that I can initiate a send() and the refund goes through.
I reported the same problem here before dwolla moved support to stackoverflow: https://getsatisfaction.com/dwolla/topics/callback_and_webhook_notification_sent_wrong_transaction_id_off_by_one
I figure it will be fixed faster if other people have the same problem. Or maybe I'm missing something obvious and someone will point it out.

Thanks to Michael's help, we were able to get around this issue by using the receiver's OAuth token when getting the transaction details instead of the sender's OAuth token.
For example, say I send some money using the API and transactions 1202 for the money sender and 1201 for the money receiver get created. If you make the API call to get details for transaction 1202 but use the receiver's OAuth token, it will give you details for transaction 1201, including fee information.
I'm not sure if the situation is exactly the same since we are acting as the facilitator between two transactions, so no guarantees that this will work in your situation. But it's worth a try.

So, your application's key & secret can access the transaction ID posted to you by passing the transactionById() method your application's client_id and client_secret, as opposed to the oauth_token. Meaning, when you poll for the transaction, instead of querying this URL:
https://www.dwolla.com/oauth/rest/transactions/{transaction_id}?oauth_token=x
Query this url, instead:
https://www.dwolla.com/oauth/rest/transactions/{transaction_id}?client_id=x&client_secret=y
Makes sense?

Related

Stripe create Subscription with payment method in one go instead of two

for my subscription based product I want to have a possibility to subscribe and enter payment details at once with stripe and struggle with that with the api.
In https://stripe.com/docs/billing/subscriptions/build-subscriptions?ui=elements I see an option to create a subscription with payment_behavior='default incomplete' and then enter the details to confirm the payment intent. So far so good. However if I create the subscription like that even before the customer confirms payment details stripe already generates an invoice which is not really what I want before final confirmation by customer.
Options I see:
create setupintent, have this filled by customer via elements and then have the customer subscribe. Technically works nicely but for a sales and customer perspective is not good as it has two steps thus probably reduces conversion.
create the subscription in the background before final subscription confirmation by customer and use the clientsecret of it to pass back to browser and then have customer enter his payment data and submit that and finish the setup of subscription and payment info. Technically works - however I realize that when I create the subscription to get the clientsecret to pass to elements before the customer enters his payment data and confirms the subscription the subscription is not only created but an invoice too - which would be really, i.e. an invoice created before customers really confirms the contract
create setupintent and submit it via elements and in metadata of it add the info of product that customers wants so that when the paymentmethod gets created and I get webhook event I do the booking of the product given in metainfo. May however mean the customer gets to success page but the webhook has not notified yet and thus the customer is not really subscrubed at the point in time but gets a success message he is
same as 3 except do not pass info via metadata but via successUrl parameters which refers to and endpoint at my backend which upon being called after setupintent was setup will do the subscription and then redirect to my frontend which shows success page. That seems like a error prone workaround however.
Create a workflow which is a 2 step sign up and asks for paymentinfo, sets that up and then brings customer to a final confirmation page where the submit triggers subscription creation. Seems a bit complicated from a user flow, but so far probably the best option?
Any better options?
Cheers
Tom
ps: Interestingly enough on discord stripe support told me #2 is the way to go - find it hard to believe ...
As far as I know, there isn't a workaround for this unfortunately. It is just how Subscriptions API is designed by Stripe. You can learn more about that here where they talk about "how subscriptions work".

payPal subscription transactions not showing up immediately

I'm creating recurring payments through payPal subscriptions flow. On the frontend, I have a button auto-generated by payPal which redirects me to their domain. After that, it correctly returns the subscriptionID; after that, the frontend calls a backend API which should verify that subscriptionID, to check fields such "status" and so on.
In this backend API, I need to store some "paymentID" (one per month, always unique, if the subscription is automatically renewed monthly), which I found to be called "transactionID" on payPal. I use the REST API GET /v1/billing/subscriptions/{id}/transactions, which should returns an object with a field transactions, which should be an array of transactions. The problem is that sometimes, just after the successful payment, this array is empty. If I wait some time (from few ms to minutes), then every subscription has it's own transactions, in the end.
Is there a way to fix this? Or, alternatively, is there something like transactions on the PayPal environment which can uniquely represents a specific payment?
When a subscription starts it takes time for the first transaction to be created.
Instead of querying the subscriptions API, create a webhook to be notified of PAYMENT.SALE.COMPLETEDevents. This will be useful for the initial transaction as well as all future transactions.

Apple Pay "mass enablement" error when requesting a Payment Session

I'm working with a web application that allows our customers to integrate with Apple Pay on the web. The customers setup their own Apple Pay merchant accounts, a third party handles the actual payment processing, but our servers are responsible for web hosting and obtaining the payment sessions.
Sporadically for some customers, we receive a 400 error when obtaining the payment session, with a message of:
Payment Services Exception merchantId={id} unauthorized to process transactions on behalf of merchantId={id} reason="{id} never authorized mass enablement transactions to occur via {id}"
(Here all the {id} values will be the same).
Despite sounding like a configuration issue with the account, this will only affect some otherwise identical requests. (Same domain, merchant identity, etc.) It affects some customers but not most; when it does affect a customer, somewhere between 10% to 50% of the session requests will fail in this manner. We have several customers never hitting this error even after processing thousands of transactions.
The phrase "mass enablement" doesn't seem to show up in apple's documentation, and the exact phrase "never authorized mass enablement transactions to occur" produces no results at all when searching the web. The closest I can find is this thread on Apple's developer forums but its not an exact match, and has no answers in any case.
Has anyone seen this error and resolved it?
(I'm also pursuing this matter via Apple support; if that eventually proves fruitful I'll update with an answer.)
This happens when a domain has been registered to a merchant using Apple Pay's Mass Enablement API.
The domain (not the merchant ID) will need to be deregistered by whoever claimed the URL before you are able to proceed, although I would expect Apple Pay's support team would also be in a position to remove the registration for you.
https://developer.apple.com/documentation/applepaywebmerchantregistrationapi
I got this error when using my localhost (not registered for Apple Pay) as the front end of the website making a session token request via the back end whose domain had been registered for Apple Pay.
There are few things that needs to be considered here:
Are you using the correct TLS config (the cert and the key) to make the request ?
Are you using the correct merchant validation file send to you while approving mass enablement for the merchant ?
Once you confirm on these 2 things, there's a hole in the documentation provided by apple.
After hitting https://apple-pay-gateway.apple.com/paymentservices/registerMerchant with above proper config and data this requires a param called partnerInternalMerchantIdentifier this is a unique merchant id that you can use on your end.
register merchant
By default, to get a payment session (https://apple-pay-gateway.apple.com/paymentservices/paymentSession) we might send the primary merchant id that we use for merchant registration in above API which is fair as per their docs.
docs
But to make it work we need to send the partnerInternalMerchantIdentifier which we sent in the above API. This acts as a sudo merchant id to get payment sessions.
Get payment session for newly registered domain

Does a non accepted (by me) google wallet transaction not get charged or get refunded?

I am growing frustrated with the lack of features and poor documentation of the Google Wallet for digital goods subscription API.
My question is the following:
If Google wallet sends a postback to my URL, and I do not acknowledge the payment (send status 200), does the payment get refunded or not appear on the card statement in the first place?
It seems rather strange that there is no way to programmatically cancel subscriptions. A work around would be to manage subscriptions on my end and only accept the postback payment if their subscription is valid. This would of course be frustrating to a user if they canceled a subscription, yet they still see a charge to their card and then a refund. I would like to avoid that.
Thanks in advance again everyone.
I'm not a Googler so this is subject to being crucified :)
To get an official response, it would be best to contact Google directly - you should see a "HELP -> Contact Us" in your Wallet Merchant Center.
Important: If you specify a postback URL, your server must respond promptly and correctly to the HTTP POST messages that Google sends for each transaction. Otherwise, the transaction will be canceled.
REF: Official documentation on handling postbacks
This somehow/probably relates to the old question in credit card processing of the difference between an AUTHorization and an CHARGE (aka "capture").
An AUTH for x amount would need to be sent for processing. Otherwise, how would Google send you a positive result for the transaction (aka Google would send you a postback after such successful "Auth" transaction for x amount - re: does account have enough funds to cover x)?
So there would be a "pending AUTH" for x value on card holders' account, subject to "capture" (finalizing, turning that AUTH into a CHARGE) at some later time (perhaps after you successfully acknowledge the postback).
What Google does (e.g. "Void" or "never capture") to that pending AUTH if you don't acknowledge (aka "...transaction will be cancelled"), or whether or not the above scenario is actually what occurs in Wallet for Digital Goods, can only be answered by Google. The above is only a personal (mine and mine alone) insight to standard credit card processing...
Hth....

How to charge credit card AND set up automated recurring billing in one step with Authorize.Net

I’m integrating authorize.net into my web application. I’ve used the direct post method (DPM)to charge the account initially. However, for each transaction I also need to set up automated reoccurring billing. How would I go about doing this without asking for the information again, particularly when after DPM posts the initial transaction, the credit card data is no longer available?
I also would like to get the status of each reoccurring transaction so it can be confirmed and followed up on if necessary.
You can't do that with DPM as it takes the user's credit card information off of your website so you don't have access to it. If you want to make an initial payment and then use ARB to create a subscription you need to use AIM with ARB.
You need to use the ARB interface in order to do recurring transactions but there are a lot of problems with it, like lack of support (send an email and wait a couple of weeks for a non-helpful response for example) and weak documentation.
Documentation for SOAP interface for Authorize.net ARB:
http://www.authorize.net/support/ARB_SOAP_guide.pdf
And for the XMl interface:
http://www.authorize.net/support/ARB_guide.pdf
ARB programming documentation:
http://developer.authorize.net/api/arb/
I just switched off of Authorize.net to USAEPAY. Here are some reasons why:
1. When you use Authorize.net ARB, your customer comes on the site to sign up, and you send the ARB request to create the subscription and you get back a success code so you give the user the subscription. Then later that night they actually try to collect the first payment and a lot of times this fails, so you get a spreadsheet emailed to you the next day about the problem. This is terrible because now you lost the opportunity to say to the customer at sign up time that the card is declined. Goodbye sale!
2. I don't know if they added this recently but they didn't have a way to verify if a customer's credit card is still valid. Imagine 3 months into a subscription the card is over the limit, or cancelled, or expired etc. You don't know so how do you prompt the customer to put in a new card? You just stop getting paid, unless you want to manually open these spreadsheets and start emailing customers. YUCK.
USAEPAY works much better, the API is easier, its much better documented and you get email responses in 1-2 days and its less expensive. For example, you can query USAEPAY to get a list of successful payments, and verify that you shouldn't deactivate the account for non-payment:
http://wiki.usaepay.com/developer/soap-1.4/methods/getcustomerreport
Before you go too far with AuthNet I highly encourage you to save yourself a lot of pain and contact FranchisePaymentNetwork (FPN) to get set up with USAEpay.
They can even POST BACK to your website to let you know if a transaction is successful or not for recurring billing transactions and you can query it to verify that customer payments are getting collected so you know if you should expire an account or not.
I am not affiliated with USAEpay or Franchise Payment Network except as a satisfied paying customer / consumer of their services.

Resources