Re: Taking online payments, address validation?

icicic · ‎Jan-05-2023

I have the following, pretty standard, flow from product selection through to payment:
1. Customer adds a product to cart
2. Customer views cart
3. Customer selects ‘Checkout’
4. Customer enters shipping address
5. Shipping fee is calculated
6. Customer views full costs selects ‘pay now’
7. Cart item, and shipping details are sent to PayPal
8. Customer logs into Paypal, views purchase details and authorises payment
9. Customer returns to site

I’m wondering what security issues I should be considering, the payment is PayPal’s responsibility, and I’m not storing any customer details apart from sale tokens/details, but:
Is there anything should I be double checking?
What if a customer enters a shipping address that is different to the one they have stored at Paypal, are there any issues regarding Paypal seller guarentees, should I only send to the Paypal stored address?

MTS_Jennifer · ‎Jan-08-2023

Hello @icicic,

Thank you for posting to the PayPal Community.

You can use the shipping_preferences setting to assist you with passing the shipping address from your shopping cart into the PayPal transaction, and not allowing the shipping address to be changed.

Here are the possible values:

https://developer.paypal.com/docs/api/orders/v2/#orders_create

`shipping_preference`

enum

The location from which the shipping address is derived.

The possible values are:

GET_FROM_FILE. Get the customer-provided shipping address on the PayPal site.
NO_SHIPPING. Redacts the shipping address from the PayPal site. Recommended for digital goods.
SET_PROVIDED_ADDRESS. Get the merchant-provided address. The customer cannot change this address on the PayPal site. If merchant does not pass an address, customer can choose the address on PayPal pages.

If you use use SET_PROVIDED_ADDRESS and pass in the shipping address in the payment request the buyer cannot change the address when they are in their PayPal Account

Thank you,

Jennifer

MTS

PayPal

icicic · ‎Jan-10-2023

Thank you @MTS_Jennifer

has the create order request changed recently? I've been using application_context rather than experience_context

MTS_Jennifer · ‎Jan-12-2023

Hi @icicic ,

Good catch! According to the documentation it looks like the fields in application_context are now available in experience_context, according to the documentation.

https://developer.paypal.com/docs/api/orders/v2/#definition-application_context

experience_context

object

Customizes the payer experience during the approval process for the payment.

I did test in sandbox if you change application_context to experience_context, although you will not receive an error message when creating the order, any details you normally have in application_context are completely ignored. This causes the buyer to be unable to complete the payment, since the return url is being ignored. As far as I can see experience_context has to do with experience profiles. If you are not using experience profiles, do not use the experience_context.

Thank you,

Jennifer

MTS

PayPal

icicic · ‎Jan-15-2023

Hi MTS_Jennifer,

but application_context has been deprecated, so what should I use?

icicic · ‎Jan-15-2023

In fact the sample request in the API documentation seems to have changed and displays an example that uses experience context, can application context still be used!?

curl -v -X POST https://api-m.sandbox.paypal.com/v2/checkout/orders \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <Access-Token>" \
-H "PayPal-Request-Id: 7b92603e-77ed-4896-8e78-5dea2050476a" \
-d '{
  "intent": "CAPTURE",
  "purchase_units": [
    {
      "reference_id": "d9f80740-38f0-11e8-b467-0ed5f89f718b",
      "amount": {
        "currency_code": "USD",
        "value": "100.00"
      }
    }
  ],
  "payment_source": {
    "paypal": {
      "experience_context": {
        "payment_method_preference": "IMMEDIATE_PAYMENT_REQUIRED",
        "payment_method_selected": "PAYPAL",
        "brand_name": "EXAMPLE INC",
        "locale": "en-US",
        "landing_page": "LOGIN",
        "shipping_preference": "SET_PROVIDED_ADDRESS",
        "user_action": "PAY_NOW",
        "return_url": "https://example.com/returnUrl",
        "cancel_url": "https://example.com/cancelUrl"
      }
    }
  }
}'

JackieDaytona · ‎Jan-15-2023

Here is a great way to capture all data: var buyerInfo = [details.purchase_units[0].shipping.name.full_name, details.purchase_units[0].shipping.address.address_line_1, details.purchase_units[0].shipping.address.admin_area_2, details.purchase_units[0].shipping.address.admin_area_1, details.purchase_units[0].shipping.address.postal_code, details.id]; Hope this help you JD

Taking online payments, address validation?

Taking online payments, address validation?

`shipping_preference`

Taking online payments, address validation?

Taking online payments, address validation?

`experience_context`

Taking online payments, address validation?

Taking online payments, address validation?

Taking online payments, address validation?

Haven't Found your Answer?