Handling Transaction Between Paypal and Local Datasase - database

What is the best practice to handle transaction between application and paypal.
Consider:
I'm Alice and I want send money to Bob
In my DB I see that Bob has $200 and I want to send him $150.
Once transaction is sent I want to update the Bob's account such that it would contain $50.
Now according to PayPal API I can send Pay and receive success. However what happens
if I for example send Pay it succeeds but I fail to receive a response due to network problem. So I assume that error happened and try again and technically I'll send $300 to Bob instead of $150?
How can I handle such a transaction - between a local database that keeps an account and the remote PayPal API?

I had this exact concern recently with an ASP.NET MVC project I was completing for a client.
I learned two things:
Communication between Paypal and your database cannot be trusted (well, didn't really learn this, but it was entirely reinforced)
I now understand why so many websites that have Paypal as a transaction type mention there could be a processing period between the time that the transaction was completed and shipping/delivery of the product is completed.
The way you handle the situation is similar to the way a business could handle personal checks:
A personal check looks like currency (and typically is), but many businesses would like some sort of verification from the bank that funds are available before they accept payment - so they use a machine that asks the bank if funds are actually available.
If the machine says the funds are available, the business trusts it and you complete the transaction. However, the machine can give an error message that typically means "the funds are not available or something went wrong" and the business has a decision to make:
We can trust the customer and accept the check, deliver the product, and hope for the best when later depositing the check to the bank.
Or we can tell the customer that it will take time for the check to clear, deposit the check, wait for the funds to actually arrive in our account, and (if successful) deliver the product after the business receives funding.
This sounds inefficient with the way many businesses operate today, but it is something that does come up. In fact, this is why a lot of businesses stray away from accepting personal checks, they are unreliable when compared to other methods of payment.
Now how does this correlate to handling a Paypal payment?
A Paypal payment looks like currency (and it typically is), but many businesses would like some sort of verification from the Paypal that funds are available before they accept payment - so they use Paypal PDT, IPN, or other method for checking that the transaction was handled appropriately.
If Paypal properly responds to one of the verification requests, the business can trust it and complete the transaction. However, your website may throw an error of some sort (i.e. Paypal could reply with an IPN response of NOTVALID, or you could never get a reply from Paypal). The business has a decision to make:
The business can trust the customer and accept that they have made a Paypal payment and everything should be alright (very bad decision in the case of a Paypal transaction)
Or the business can tell the customer at check-out time that there may be a 72 hour processing period for Paypal payments.
This may not sound like the best way to operate your business, but it is the way we have to deal with an imperfect internet.
I would set up the Paypal payment flow similar to this:
UserA wants to send $100 to another UserB using Paypal
UserA enters the value in the 'checkout field' and is sent over to Paypal to verify the transaction.
UserA is sent back to your website from Paypal and your website performs the IPN check with the details that Paypal has POSTed to your site(I chose IPN in this case - as if we were using Express Checkout as opposed to some other payment gateway that Paypal offers).
If the IPN is VALID, process the transaction as expected.
If the IPN is not VALID, mention to the customer that there may be a delay in processing, have your application send you a notification that a possible Paypal transaction issue has occurred (you may want to include a reference id so that you can quickly find which transaction this notification is referencing), and mark the transaction as pending as opposed to complete or something similar.
An admin of the site who handles these notifications will manually investigate the transaction (or force the website to check with Paypal again - see the Paypal API documentation for details on this) and manually mark the transaction as complete or failed.
Notify those involved of the status of the transaction.
It is annoying that we have to have extra steps involved to make sure the money was transferred, but, as mentioned earlier, we are using an imperfect system and we want to be very certain of the success / failure of financial transactions.
An added bonus to this process is that there is likely to be notifications when someone is tampering with the Paypal payment system - leaving you better equipped to deal with evil-doers in the future.

Please refer this link ,Hope PayPal Authorization & Capture method will be suitable for you ,since you don't want lose the response as well as miscalculated amount transfers, PayPal provides correlation id that can be referred for PayPal to confirm your order status,it will be better to pass the order id to PayPal API.
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/howto_admin_authcapture
http://www.scribd.com/doc/6303345/40/CorrelationID-for-Reporting-Problems-to-PayPal
Good Luck!

This is known as 2-phase commit. As long as paypal does not participate in the same transaction, you will run into problems.

I would debit Alice the $150 and reflect the transaction is "Pending Confirmation", then periodically poll PayPal to synchronize your DB, since you have no control of when the network or PayPal may be available, post, reverse or adjust the transaction. Once PayPal processes the transaction, you can change the status in your DB from "Pending" to "Completed". BTW, this how bank accounts and credit cards are processed. You could apply a double-entry accounting method to your DB. (see this Q&A)

From what i see you need to make sure the transaction is complete otherwise nothing should be done .
If you deposit the money into PayPal API and you do not receive an response from PAYPAL API then you need to rollback the transaction in you DB.

Related

handling data loss from third party integrations

Just curious on best practices for handling potential data loss with a third party integration.
For example, lets say that im integrating stripe for payments. If our platform has a credit system (a user needs X number of credits to do an action on the site), how would you reconcile a loss of data between the platform and after a purchase is made? Going into the example: a user is on the site, purchases a pack of credits for $10. Our platform calls stripe payment when the user clicks "purchase," the purchase is successful but all of a sudden a loss of power happens. We receive the $10 in our stripe, but on our platform the purchase was never "complete" because the loss of power happened immediately after the purchase was made, and there was no time for our system to receive the authorization code to store as completed. I'd imagine this could be common, or in another case where the purchase is complete, but there is some issue between receiving the success code from the payment processor and it causes delay. So, how do you handle this loss of data?
I could think of maybe storing a payment intent on our database with payment status "incomplete" and once a payment is made and we get a code back from stripe, then we update our database with "complete" and we have some job that polls this database every hour or something to check for "incomplete" payments.
What is common in this case?

Create custom paypal button with link direct after payment

I am trying to create a custom paypal button for selling digital goods, that will direct the buyer to a link that will allow him to download the file.
I've read a bit this paypal article about advanced html variables but I am not sure which I have to use to make it work: https://developer.paypal.com/webapps/developer/docs/classic/paypal-payments-standard/integration-guide/Appx_websitestandard_htmlvariables/
Obviously the download should only initiate based on the payment ID to prevent free downloads, or is that done automatically by paypal?
What I would recommend us utilizing Instant Payment Notification (IPN) to handle all your post-payment processing tasks like updating your database, sending out email notifications (including one with a download link), etc.
Instant Payment Notification (IPN) is a message service that notifies
you of events related to PayPal transactions. You can use IPN messages
to automate back-office and administrative functions, such as
fulfilling orders, tracking customers, and providing status and other
transaction-related information.
This will allow you to not only automate the procedures, but also correctly handle things like e-checks or any other type of payment that may originally be in a "pending" status. You wouldn't want to deliver the digital goods until that payment actually clears. With IPN you will get 1 notification that your script can handle when the payment comes through as pending, and you would get another one when the payment updates to Completed, or Failed, or whatever.
The IPN's happen in real-time so buyers won't have to wait on anything. Whatever you're doing within the script would happen instantly upon the transaction completing.

Re-activating Paymill subscription, and updating Credit Card info

Paymill's API is awesome. It's a blaze to work with, and I should be up&running, were it not for an edge case. Context is a SAAS app, with a demo trial, and the ability to upgrade & downgrade at will.
User cancels her subscription: at this point, her account remains active until the pre-payment date. Paymill receives 2 API calls:
DELETE call for https://api.paymill.com/v2/subscriptions/
DELETE call for https://api.paymill.com/v2/payments/
Scenario: She changes her mind, and tries to upgrade again. So far, I've tried modeling this via:
Doing a POST to https://api.paymill.com/v2/subscriptions with client, offer, and payment info -similar to the original subscription- returns Payment error: Subscription already connected
Doing a PUT to https://api.paymill.com/v2/subscriptions/ with payment info (according to Paymill API: How do I update a subscription's credit card? ) returns Payment error: the Subscription was canceled
Desired output is Continuing Subscription: no credit card charges are made until the next monthly period, and further CC charges are applied via the new payment info.
In what ways can this be achieved?
Many thanks!
Let me start by saying that the POST you described should be possible to execute. This is currently a bug, and this will be fixed sometime next week.
But your use case is, unfortunately, not supported at the moment. We are working hard to make our subscriptions feature more powerful, while retaining the simplicity of usage. We cannot offer a timeline for this, but we would love to hear more about your case.
Currently, merchants are encouraged to manage the subscriptions on their own, as this is not a simple matter of changing the amounts being charged on the next subscription's due date. For instance, if a client of yours decide to downgrade, would you make a pro-rata refund of the excess? Same for upgrade: would you charge the full amount of the new subscription on the due date, or a pro-rata of the old subscription + pro-rata of the new?
That said, I'd encourage you to keep an eye on our blog for announcements of an improved subscriptions handling.
Disclosure: I work at PAYMILL.

Paypal Integration in Web application

The scenario is that users of web application can purchase digital items. The web application will use Paypal Instant Payment Notification.
The IPN protocol consists of three steps:
PayPal sends your IPN listener a message that notifies you of the event
Your listener sends the complete unaltered message back to PayPal; the message must contain the same fields in the same order and be encoded in the same way as the original message
PayPal sends a single word back, which is either VERIFIED if the message originated with PayPal or INVALID if there is any discrepancy with what was originally sent.
Let's say it's VERIFIED, how could I know who have completed the transaction or purchased the item (user of the web application) if the user used other email address in his/her paypal? I have stored the email address of the user in session but what if he/she have different paypal email? Paypal email is included in IPN message.
For other details, maybe not useful, the application is written in Struts2 in Google-App-Engine.
You'll need a way to correlate the IPN data coming back with the user. Either by asking them to provide their paypal email or using the username/password generation facility in the IPN service. Here is a somewhat inelegant but functional approach:
When the IPN comes in off the wire, persist the paypal generated username/password and payer_id (in perhaps the datastore).
If you can't correlate by email, then when the user comes back to your site request that they enter the username/password generated from paypal's site once (just to correlate).
Lookup the username/password and then correlate their userid from the UserService back to the payerid.
The reason to use IPN is for subscription services as you can get IPN messages when the subscription is terminated, cancelled, or when payments come in (for an account that stopped paying).
The most important thing to think about is how to correlate a user of your site back to the payer_id (or even payer_ids in some cases) that are used to pay for the services they are using.
On another note, I wouldn't use the session to store information for IPN callbacks, those actually can take a LONG time sometimes (say when the x.com conference is on and everyone is hammering paypal).
If you have a running application or a better description of the look & feel, I might be able to come up with a more elegant suggestion. Let me know if this helps at all.
Why don't you use PayPal's express checkout? This way you negotiate server2server a token and then you can check with PayPal the result of that token on user's return.
If users are buying directly from your application it's easier to implement.
And I think it'is more robust than the method you're using (I never heard of it before :D )

Implement a paid subscription service on a website

I have a website and I would like to implement a paid subscription service. Its a simple service with only 2 types of plans. For now, ill just use Paypal. But im a little lost before start, mainly with the data model.
My main question for now is, what information do I need to keep for each subscription? Do I need to implement a shopping cart for this (dont think so)? Im not asking for a detailed explanation, just a few lights or resources to find a way to start. Thanks.
Depends on what technology you're using. Basic payments work a bit like this
-> You send them to paypal with a plan (you define the plan on paypal)
they know which amount to charge
you can pass custom parameters which they will pass back
Customer fills in application
<- paypal tells you that your predefined plan got purchased
in this same request, they send a lot of info about the payment including a GUID and your params
-> you ask paypal "hey, some one just told me this plan GUID got purchased, can you confirm"
<- paypal service returns 'yes'
-> you take the customer's ID from the params that you attached when you sent them to the paypal service and update them to "paid" in the database, or whatever
That's it in a nutshell...
Look at any subscription card mailer from any magazine and you can get an idea of what kind of data you will have to record. Start and end date for the subscription would be a good thing to keep, and what kind of plan the user is subscribed to. Once you have the end date, you just need to run a query to get the records of the users that have access. Something like
Select * from users where subscription_end_date is >= today
I'm sure there will be a lot of other columns that will go into your final product, but that will be up to you to decide what data you want to keep. What are the different states that a subscription can be in? Can someone be subscribed to both services at the same time?
PayPal does a decent job if you want to charge the same amount every month. However, if you anticipate your users making changes to their subscription plans (upgrades/downgrades) or needing to provide credits to their account for customer support purposes, PayPal would require that you cancel the subscription...and then have the customer re-subscribe.
[Full disclosure - I am a co-founder of Recurly.com]
Recurly handles the upgrades and downgrades, and provides automated customer emails to be sent out to your customers (on your behalf) for every event confirmation, and invoice that occurs. You also have a full account management dashboard and reporting so that you don't need to build this yourself.
Best of all, if you ever decide to leave PayPal, and move your business to a standalone payment gateway, Recurly stores all of your credit cards in a PCI compliant vault so you don't need to ask you customers to come back and re-subscribe. (PayPal will not return your customer credit card information). You simply configure your new gateway in Recurly, and payments will be processed without any interruption to your business.
Here is a blog post we wrote on the topic:
http://blog.recurly.com/2010/08/top-ten-reasons-to-use-recurly-vs-paypal-for-recurring-billing/
-Best of luck.
-Dan

Resources