Are there any restrictions to charge using only html, vanilla javascript and php with rest api?

Pumita70
Contributor
Contributor
Posted on
‎Nov-07-2024 05:27 PM

Hello

I am looking for the best method to capture a payment in PayPal using rest API... the process should be the following:
An HTML page (1) with a form where the user enters the name, card number, expiration date, and security code.
when sending this form the data is sent via javascript (2) to a php script (3) that processes the submission via curl to the PayPal rest API (4). The rest API (4) returns to the PHP script (3) if the transaction was approved or not and this PHP script (3) returns to the javascript (2) the result and this shows the result in the HTML (1)

 

this is the code I have so far and it works with my testings

 

 

 

 

<?php

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

require 'vendor/autoload.php';

use Dotenv\Dotenv;

// Carga el archivo .env
$dotenv = Dotenv::createImmutable(__DIR__);
$dotenv->load();

$PAYPAL_CLIENT_ID = isset($_SERVER['PAYPAL_CLIENT_ID']) ? $_SERVER['PAYPAL_CLIENT_ID'] : 'CLIENT_ID';
$PAYPAL_CLIENT_SECRET = isset($_SERVER['PAYPAL_CLIENT_SECRET']) ? $_SERVER['PAYPAL_CLIENT_SECRET'] : 'CLIENT_SECRET';

// Paso 1: Autenticación
function getAccessToken($clientId, $clientSecret)
{
$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, "https://api-m.sandbox.paypal.com/v1/oauth2/token");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_USERPWD, $clientId . ":" . $clientSecret);
curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=client_credentials");

// Configura TLS
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); // Verificar el certificado del servidor
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); // Verificar que el host coincida con el certificado

$headers = [];
$headers[] = "Content-Type: application/x-www-form-urlencoded";
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$result = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
}
curl_close($ch);

$json = json_decode($result);
return $json->access_token;
}

// Paso 2: Crear la orden de pago
function createOrder($accessToken)
{
$ch = curl_init();

$orderData = [
"intent" => "CAPTURE",
"purchase_units" => [
[
"amount" => [
"currency_code" => "USD",
"value" => "110.00"
]
]
],
"payment_source" => [
'card' => [
'number' => '4032033504909073', // Número de tarjeta de prueba
'expiry' => '2025-11',
'security_code' => '526',
'name' => 'Rosa Perez',
'billing_address' => [
'address_line_1' => '123 Main St',
'admin_area_2' => 'San Jose',
'admin_area_1' => 'CA',
'postal_code' => '95131',
'country_code' => 'US'
]
]
]
];

curl_setopt($ch, CURLOPT_URL, "https://api-m.sandbox.paypal.com/v2/checkout/orders");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($orderData));

// Configura TLS
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); // Verificar el certificado del servidor
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); // Verificar que el host coincida con el certificado

$headers = [];
$headers[] = "Content-Type: application/json";
$headers[] = "Authorization: Bearer $accessToken";
$headers[] = "PayPal-Request-Id: 123e4567-e89b-12d3-a456-426655440011";
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$result = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
}
curl_close($ch);

return json_decode($result);
}

// Obtiene el token de acceso
$accessToken = getAccessToken($PAYPAL_CLIENT_ID, $PAYPAL_CLIENT_SECRET);

// Crear la orden y capturar el pago
$order = createOrder($accessToken);

print_r($order);

if (isset($order->id)) {
echo "Payment OK. Order ID: " . $order->id;
} else {
echo "Error in payment: " . $order->message;

print_r($order);
} ?>

 

 

This code effectively charges with a test card number and the payment successfully reaches my business account in sandbox

My concerns are the following:

1) first of all, is it allowed in paypal to charge this way? because I read in some post that it was prohibited.

2) Is there any problem with using vanilla javascript or jQuery to send the data of credit card number, expiration date, etc. from the form to the PHP script on my own server? The server script would be like the code I posted above but more complete to better return errors and other problems, but among other things it already has TLS and also has the client ID and secret stored in a .env file.

3) In case I can't use this way, which one is the most appropriate that comes close to what I want to achieve?

Thank you very much for your help.

Login to Me Too
Login to Reply or Kudo
2 REPLIES 2

JayOn_Chiang_T
Contributor
Contributor
‎Nov-07-2024 09:51 PM
Saa)jg
Login to Me Too
Login to Reply or Kudo

Pumita70
Contributor
Contributor
‎Nov-08-2024 04:54 AM

I'm sorry but I don't understand

Login to Me Too
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.