I'm working on a project and they have are planning to add a feature web payment. I'm glad to say that our client is a technical person and told me to use the paypal. This is my first time integrating a web payment. I've read some docs in developers.paypal and i'm planning to use the paypal express checkout.
Furthermore I'll be developing this using only client side (Angularjs), is it right decision for me to use paypal express checkout? Will I encounter some security issue here since its client side? The main idea is upon successful payment I have to sync an http request that will trigger that the user has paid.
Sample idea
.success(function(){
$http.post(...)
});
Here it's a complete example that will help you:
http://www.codeproject.com/Articles/576246/A-Shopping-Cart-Application-Built-with-AngularJS
Related
I have taken a look around the internet and all the solutions emphasize using Express and Node Js API in place to able to send an email. I would love to see any suggestions on how to best go about it because I don't have a backend in place. Thank you.
You're going to need some sort of backend otherwise the API-Key will be exposed.
From the SendGrid documentation:
When you have a browser-only application that reaches out to APIs, the API key has to be embedded in the application. Anyone with access to a browser-only application can access all of the Javascript source code, including your API keys.
Making your API key publicly accessible could result in anyone authenticating API calls with your API key — this is a significant security concern both for you and SendGrid.
You could use a serverless AWS lambda function or google function which would be a "backend" but without having to support the infrastructure / use a big framework.
The Stack:
Client: AngularJS & Firebase
Server 1: Microsoft Exchange Server
Server 2: NodeJS
AngularJS app loosely communicates with NodeJS through async task-queues. Client does not directly interact with NodeJS instances.
The Problem:
Perform simple operations on a User's calendar, with a task queued on a client and executed on a NodeJS instance.
What I've Tried:
ews-javascript-api: Works well, except there isn't a streamlined authentication mechanism. That is, it doesn't support OAuth authentication. In my opinion, managing each User's Exchange credentials is not a suitable solution.
iCalendar Events Subscription: (Still evaluating this approach.)
I guess fundamentally, what I am trying to do is have a User subscribe to calendar events in my app. I don't mind writing an API for Exchange Web Services but, it seems like overkill.
I am going to keep working on this, but if anyone knows of a simpler solution, it would be greatly appreciated.
I am the author of the library ews-javascript-api.
have you taken a look at https://stackoverflow.com/a/43785262/5884960?
I have provided information on how to use OAuth in the answer to the question in link. caveat is that you have to on-board each Office 365 separately, you can not run a node daemon and connect to multiple Office 365 Organization (without complex environment setup with org on boarding steps). This is quirks of Office 365 OAuth requirements not limited to the library itself. c# version have same limitation.
I have provided another library for helper authentications for ntlm and cookies, for Office 365 you just need ews-javascript-api.
I would like to show number of visitors on a site since beginning of the month, number of users on the current day and currently on site.
I have Google Analytics installed, I tried to solve this issue with Embed API by enabling Google Analytics API from developer console - but I requires user authorization, etc.
What would be the easiest way to show analytics on-site without user authentication and accepting access by Embeded API, etc. Application is written in Angular, so Javascript API is the one I look for.
Thank you for any suggestion.
Authorization has to happen in order to get the data you want. Either you can let visitors to your site authorize themselves, or you'll have to authorize server-side on their behalf.
Once authorized, you can do something similar to what the Third Party Visualization Embed API demo shows. It uses a custom ActiveUsers Embed API component and includes the source code to show how it works.
Whether you use the ActiveUsers component or not, the basic gist is that once the users is authenticated via the Embed API, you have access to the method gapi.client.analytics.data.realtime.get, which you can use to query this data.
Here's where that happens in the source code for the ActiveUsers component:
https://github.com/googleanalytics/ga-dev-tools/blob/master/src/javascript/embed-api/components/active-users.js#L69-L87
Authentication with the Analytics service is mandatory. But the OAuth 2.0 Service Accounts (for Server to Server Applications) can be used to automate it in many cases.
It's unclear to me (from a quick scan) if the Auth options of the Embeed API would work with the automated authentication scheme, you may want to go through the details.
You should be able to use the Analytics Core Reporting API and maybe the Analytics Real Time Reporting API (beta) which work with the automated authentication according to their guides (look for the Authorisation sections on the left frames of the respective guides).
Donno if this qualifies as easy, tho, YMMV :)
I am trying to find a parallel payment implementation for my mobile app, where the payment should happen with in my application and not redirected to any browser.
I have seen few options like paypal parallel payment, but this doesn't provide native app purchase support.
Can some one please point me to right direction. I am wondering am I only one trying for this option? :)
Your help is greatly appreciated.
Thanks,
Ramesh.V
You are looking for an API payment gateway rather than a checkout page solution. There are numerous services such as Stripe, BrainTree, BlueSnap and even PayPal that offer this.
The reason this is not popular for apps is that you'll need to become PCI compliant for that, which is a pain. Non of the above services will grant you access to the API without it, but they will be happy to give you a checkout page (browser) to drop the PCI compliance requirement.
I've successfully used a service called Zooz for my mobile checkout and it works nicely.
You can goto www.zwitch.co . This is an Indian payment startup which offers in-app payment natively.They have mobile SDK with which you can accept payments in your app.You can design your own payment page.They say you will be reduced from the PCI Scope
I am trying to implement mobile express checkout using this guide
I am first making a php call from my web server to call setExpressCheckout with required parameters, and getting back a valid token which I then use to reditect onto paypal using call
https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_mobile-express-checkout&useraction=commit&token=EC-2BH4731318131920V
which redirects to PayPal but sandbox is telling me
You have requested an outdated version of PayPal. This error often results from the use of bookmarks.
If I call
https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-2BH4731318131920V
this is opening a valid PayPal page asking user to login.
Can any one please tell me where am I wrong or missing any parameters?
I would advise using the standard _cmd=express_checkout and letting PayPal automatically detect the mobile browser and give the appropriate mobile view.