PayPal REST Payment API with javascript only (using another server for handling requests)

snowrain
Contributor
Contributor
Posted on
‎Jan-01-2017 07:56 PM

I'd like to implement a payment process on a static website. Does this flow look safe?

  1. User opens a Payment page
  2. At this time, there is an ajax request is sent to remote server in order to retrieve Access-Token. This token is saved somewhere on the client (hidden field or localStorage)
  3. User fills up CC data (Name, CC number, CVV etc.) and clicks "Proceed" button
  4. Another request with this token is sent to PayPal payment API
  5. {
        "intent": "authorize",
        "payer": {
          "payment_method": "credit_card",
          "funding_instruments": [
            {
              "credit_card":
              {
                "number": "00000000000000",
                "type": "visa",
                "expire_month": 08,
                "expire_year": 2018,
                "cvv2": 111,
                "first_name": "Betsy",
                "last_name": "Buyer"
              }
            }]
        },
        "transactions": [
        {
        "amount": {
            "total": "33.33",
            "currency": "USD"

        },    
        "invoice_number": "123456"   
        }]
    }

    Does it look good? Are there any better approaches?

Login to Me Too
0 Kudos
Login to Reply or Kudo
6 REPLIES 6

angelleye
Advisor
Advisor
‎Jan-02-2017 01:53 AM

Looks good to me.  Just make sure you have an SSL installed on the site and everything runs through it.  Also make sure you aren't saving any CC data in your database, log files, or anything like that.

Angell EYE - www.angelleye.com
PayPal Partner and Certified Developer - Kudos are Greatly Appreciated!
Login to Me Too
Login to Reply or Kudo

snowrain
Contributor
Contributor
‎Jan-02-2017 01:56 PM

Thank you. That's a precious opinion since I haven't been able to get any confirmation of my concerns for about 2 weeks. I'll go with this implementation.

Login to Me Too
0 Kudos
Login to Reply or Kudo

snowrain
Contributor
Contributor
‎Jan-02-2017 07:14 PM

That's funny. It turned out I can't accept CC payments. I should have tried enabling live before.

 

Here's what I got:

Disclaimer: Unfortunately, due to recent product changes in the region, we are no longer able to allow Live DCC processing via RESTful APIs to Canada. We are continually looking for ways to expand our services, so please stay tuned. We apologize for any inconvenience this may cause.

 

Looking for another way of accepting cc payments.

Login to Me Too
0 Kudos
Login to Reply or Kudo

MTS_Ciaran
PayPal Employee
PayPal Employee
‎Jan-04-2017 01:21 AM

ouside of REST API's you could use the classic NVP/SOAP API's if you are based in US/Canada/UK. Otherwise Braintree might be the way to go:

 

https://www.braintreepayments.com/

Login to Me Too
Login to Reply or Kudo

snowrain
Contributor
Contributor
‎Jan-04-2017 01:27 AM

I need to upgrade my account to PRO in order to use NVP/SOAP API to charge credit cards, right?

Login to Me Too
0 Kudos
Login to Reply or Kudo

MTS_Ciaran
PayPal Employee
PayPal Employee
‎Jan-04-2017 01:36 AM

Yep, you would need a pro account for processing cards through the classic API's

Login to Me Too
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.