Any method of payments through the API requires credentials, but for security reasons I don't want to store credentials on my server.
Can I do payments like this:
1. Using the API make Mass Payments
2. After that, login to my PayPal account and confirm payments
3. Using the API get information about payments
From PayPal forum:
Unfortunately to use any of the API's
you would pass over the API
credentials in the API call.
Related
I have an application which uses Binance API. Now for the users to login, they need to go to Binance, get the API and secret keys and use them for authentication. I wonder if it's possible to prompt them with a login screen, where they can just enter their user name, password and a phone code in order to get in. Thanks.
You can integrate Binance Login through OAuth2.
As it's written in the docs page, the system is currently not opened, and you'll need to contact Binance to get your app credentials and possibly to discuss use cases, SLAs, pricing, and other params before the integration.
Docs: https://developers.binance.com/docs/login/web-integration
We're adding Stripe as one of the several providers for our payment gateway.
The workflow we currently use for processing Apple / Google / Samsung Pay payments is the following:
Mobile Client generates an encrypted payment token via API provided by the OS
Mobile Client sends a payment request to the Backend (user ID, amount, token).
Backend sends a request to Bank API
Bank API responds to Backend with either success or failure
Backend responds to Mobile Client
However, after reading Stripe's documentation, I haven't found a way to implement the same workflow. Apparently, the interaction is inverted:
Mobile Client requests a "client secret" from Backend
Backend sends a PaymentIntent request to Stripe's API
Backend returns the created PaymentIntent's "client secret" to Mobile Client
Mobile Client executes the payment by directly communicating with Stripe's API using the client SDK
This seems problematic, because it requires a major redesign for both our Mobile Client and Backend applications. Moreover, it makes the abstraction leak, because now the Mobile Client is bound to a particular payment provider.
Is it possible to implement our existing workflow with Stripe's API?
You definitely can obtain ApplePay/GooglePay token directly from Apple/Google, and use it to exchange for a Stripe token to "get into Stripe's world", similar to your original approach. However this approach requires some tweak and you would want to reach out to their Support.
Yes, it is possible to implement the flow you described with Stripe.
Refer to https://github.com/google-pay/pay-server-demos/blob/main/google-pay-psp-client/handlers/stripe.js for an example of how you might implement it for Google Pay:
return stripe(config.secretKey).charges.create({
amount: order.totalInt,
currency: order.currency.toLowerCase(),
source: order.paymentToken.id,
});
order.paymentToken.id is the payment token returned by Google Pay.
I am using angular.js for Stripe Integration.
I found a couple of libraries for anuglar.js but I think they don't provide features.
This is what I am trying to do on angular.js using Stripe API for subscription payment.
Create Customer.
Add credit card information on this customer.
Add customer with subscription plan.
Check customer's subscription is expired or not.
If expired, renew subscription.
Does stripe.js will handle this?
What libraries should I use? if not, is it possible using standard $http.post for stripe API?
Looking forward your help.
A payment flow with Stripe is divided in two parts:
client-side, in your frontend code, you collect and tokenize the customer's payment information using Stripe.js or Checkout. You then send the token to your server
server-side, in your backend code, you use the token in an API request, e.g. to create a charge or a customer
Except for token creation requests, all other API requests need to be sent using your secret API key, so you can't do this from your frontend code without revealing the secret API key, which you definitely don't want to do (because then anyone could retrieve it and use it to send API requests on your behalf).
We have a situation where our users will be logging into Paypal and then paying other people from their Paypal account via our dashboard. We have the connection setup to retrieve refresh & authTokens for them via simple-oauth2 module. What I don't see is how to utilize a token in the Paypal Node SDK. It seems to only support client id and secret configurations.
Is there a way to utilize the paypal.configuration with an authToken instead?
Should we be using the REST APIs directly instead of the SDK?
You cannot directly transfer amount to other people account.
You firstly need to transact it into your own buisness account and then you can transfer it to any other person account.
If a malicious user were to see the payKey token that is returned by the Paypal API, is there anything bad they could do with it?
Or does Paypal only allow my credentials to make queries against payKeys that are generated for my app?
No. The payKey expires in three hours and is available to your API user only.
In Express Checkout this is available as the 'token', and it's perfectly fine for this to be visible.