I am using the hosted form payment approach to accepting payments from users on my site. I dont see any examples of how to go about verifying the payment once the user is redirected back to my site. Here is how I'm trying to approach it:
Generate a token/form based on the cart
Post to the form url and send the user away
User returns to a verifying page
I have set up a webhook for all payment notifications
I receive the notification
?????
Verify the payment status and price are correct
Navigate the user away from the verifying screen to the next page
In step 6 all i have is the token that was generated for the transaction and the webhook doesnt provide that token back to me. How do I say "this transaction belongs to this user who is waiting to be verified"?
You can use the getTransactionDetailsRequest in their Transaction Reporting API to get the transaction details. The best place to put this information is in the refTransId field which is a value you can pass in as part of your transaction.
Related
Basically I understand how to integrate Stripe payment into Flask, I'm using the official website (https://stripe.com/docs/payments/accept-a-payment?integration=elements) as a guide. In the guide the user is taken to a success page after the payment is successful. What I want to do upon a successful payment is collect the user's email, create a randomized password, and then email that password to the user. I've learned how to grab information from the session id using this page (https://stripe.com/docs/payments/checkout/custom-success-page). What I'm concerned about is that a user might go to the success page, get an account, and bypass the required payment.
My idea to solve that is to get the session info using this line:
session = stripe.checkout.Session.retrieve(request.args.get('session_id'))
and then before doing anything else check if it's none. If it's none, it will display an error page, if it is not none then it will create an account for the user. Would that work? Or would people just be able to change the session_id in the url until they find a number that is a valid session?
If that doesn't work, all I really want to do is upon successful payment create an account for the user using their email and a randomized password. How do I do that?
You're on the right track. Generally the flow is:
Customer is redirected to Checkout
Customer pays
Checkout redirects customer back to your success_url
You fetch the Checkout Session using the ID in the URL to confirm a valid payment
For #4 you can do various things to make sure people can't guess a Checkout Session ID (which would be unlikely due to their length and complexity). I suggest checking to see if the successful payment happened within a certain timeframe, like the past hour or past day, for example.
I am using Stripe to handle my payments for my own rental website. (Backend - DJANGO)
Previously, I was using Stripe ChargesAPI and was manually sending out payouts to the Host of the property but I came to know that it can be automated by using Stripe PaymentIntentsAPI.
I have successfully managed to onboard my customers to receive payments in their bank accounts using Stripe Express.
After creating the payment intent and passing to the client I can charge their account as well as update my database for the booking.
The problem I am facing here is after the payment is done, I want to redirect the customer to the success page or payment failure page which I was able to do it by passing my reservation ID and updating it as payment received which I now do by using Webhooks.
How can redirect my customer to the success page showing the receipt of the booking?
You'll have to setup Payment Intent using a custom payment flow.
Briefly, how it works:
Capture your user's credit/debit card information and send a request to Stripe to authorize the card. If any additional verification checks are needed, Stripe provides you with an easy way to handle this
After authorization is complete, you capture the payment
If payment is successful, you show the user a success page, if not you show them an error message
Here's a link to the documentation: https://stripe.com/docs/payments/accept-a-payment?integration=elements
I'm using the hosted payment form with getHostedPaymentPageRequest
After successful payment the browser opens by success url correctly.
However, i dont know how to verify that payment was actually completed. I have the token from getHostedPaymentPageRequest, but i cant find an API to call to get the result of that transaction.
I can see that when using an IFrame we can use the IFrameCommunicator, but we would prefer to not use that.
How can i verify the transaction succeeeded after redirect back from the hosted payment page?
If you don't use the iframe you won't get the results of the transaction in real time. Your best option then is to use a webhook to receive a notification of the successful payment. You can then get the transaction info using the transaction ID provided by the webhook. But that would mean the user won't know the status of their payment when they arrive back at your site. For that to happen you'd have to build a mechanism that does the above and have your receipt page poll your backend until it has the results of the transaction and then can display them to the user.
I am creating a website through which people can buy tickets via paypal – I want to send a confirmation email once the payment is complete.
I already set up auto return.
My problem is that it takes too long to redirect – I'm afraid that the users will click off the page before it is redirected and before the email is sent.
Is there a way to make the process faster, i.e allow me to send the email as soon as the payment is confirmed?
We currently accept credit cards by phone (entering the order info into the Virtual Terminal) as well as on the website (OpenCart, using the built-in Authorize.net AIM module).
Problem: when order is placed on website, the customer receives 2 E-mails - 1 from our site, 1 from Authorize. The Authorize E-mail, being plaintext, looks ugly AF, and my boss wants to have it disabled.
Attempt # 1: looked in the Authorize.net AIM plugin/module settings. No such option.
Attempt # 2: in the Authorize.net account, under "Settings -> E-mail Receipt", there is a checkbox "Email transaction receipt to customer (if email address is provided)".
Result #2: unfortunately, this disables ALL transaction E-mails - from website transactions (OK) and from Virtual Terminal phone-order transactions (NOT cool). We have to provide an E-mail receipt to phone customers.
Attempt #3: in the OpenCart system, editing file:
catalog/controller/extension/payment/authorizenet_aim.php
to comment out the line
$data['x_email'] = $order_info['email'];
Result #3: during checkout, even if a valid E-mail is entered, upon trying to submit the order, the "Email address is required" error message appears.
So...
Can't disable it in Authorize plugin/module in OpenCart.
Can't disable it in Authorize Account Settings.
Can't just delete the E-mail from the array of data that OpenCart collects during checkout.
How can I disable the Authorize.net E-mail (and ONLY the Authorize.net E-mail, I still want the website receipt to go out) on a site built on OpenCart 3.0?
Found the solution (via Authorize.net Developers Forum). Simpler than I expected:
Open file: public_html/catalog/controller/extension/payment/authorizenet_aim.php
Find line: $data['x_relay_response'] = 'false';
Add after: $data['x_email_customer'] = 'false';
This allows the checkout process to complete without errors, and sends the transaction to Authorize.net along with the instruction to not E-mail the customer.
This isn't a great solution but could you change the email address that gets sent to Authorize.net to be the store admin email, in that case it won't give you the "Email address is required" error message and you'll get that email instead of the customer.
In attempt number 3, can you confirm whether OpenCart gives the error about the email being required or if Authorize.Net gives that error? If Authorize.Net provides the error it may be reconciled by adjusting the payment form settings in Authorize.Net:
1. Sign into Authorize.Net
2. Account > Payment Form > Form Fields
3. Make sure the email field isn’t checked as required.
4. Save your changes at the bottom of the page