cancel
Showing results for 
Search instead for 
Did you mean: 

PayPal REST Payment API with javascript only (using another server for handling requests)

Options
snowrain
Contributor
Posted on

I'd like to implement a payment process on a static website. Does this flow look safe?

  1. User opens a Payment page
  2. At this time, there is an ajax request is sent to remote server in order to retrieve Access-Token. This token is saved somewhere on the client (hidden field or localStorage)
  3. User fills up CC data (Name, CC number, CVV etc.) and clicks "Proceed" button
  4. Another request with this token is sent to PayPal payment API
  5. {
            "intent": "authorize",
            "payer": {
              "payment_method": "credit_card",
              "funding_instruments": [
                {
                  "credit_card":
                  {
                    "number": "00000000000000",
                    "type": "visa",
                    "expire_month": 08,
                    "expire_year": 2018,
                    "cvv2": 111,
                    "first_name": "Betsy",
                    "last_name": "Buyer"
                  }
                }]
            },
            "transactions": [
            {
            "amount": {
                "total": "33.33",
                "currency": "USD"
    
            },    
            "invoice_number": "123456"   
            }]
        }

    Does it look good? Are there any better approaches?

6 REPLIES 6

PayPal REST Payment API with javascript only (using another server for handling requests)

Options
angelleye
Advisor

Looks good to me.  Just make sure you have an SSL installed on the site and everything runs through it.  Also make sure you aren't saving any CC data in your database, log files, or anything like that.

Angell EYE - www.angelleye.com
PayPal Partner and Certified Developer - Kudos are Greatly Appreciated!

PayPal REST Payment API with javascript only (using another server for handling requests)

Options
snowrain
Contributor

Thank you. That's a precious opinion since I haven't been able to get any confirmation of my concerns for about 2 weeks. I'll go with this implementation.

PayPal REST Payment API with javascript only (using another server for handling requests)

Options
snowrain
Contributor

That's funny. It turned out I can't accept CC payments. I should have tried enabling live before.

 

Here's what I got:

Disclaimer: Unfortunately, due to recent product changes in the region, we are no longer able to allow Live DCC processing via RESTful APIs to Canada. We are continually looking for ways to expand our services, so please stay tuned. We apologize for any inconvenience this may cause.

 

Looking for another way of accepting cc payments.

PayPal REST Payment API with javascript only (using another server for handling requests)

Options
MTS_Ciaran
PayPal Employee

ouside of REST API's you could use the classic NVP/SOAP API's if you are based in US/Canada/UK. Otherwise Braintree might be the way to go:

 

https://www.braintreepayments.com/

PayPal REST Payment API with javascript only (using another server for handling requests)

Options
snowrain
Contributor

I need to upgrade my account to PRO in order to use NVP/SOAP API to charge credit cards, right?

PayPal REST Payment API with javascript only (using another server for handling requests)

Options
MTS_Ciaran
PayPal Employee

Yep, you would need a pro account for processing cards through the classic API's

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.