I am using Paypal api for my Django website.I am able to make payment but don't know how to get payment response from paypal server as either True or False.
Without knowing what you are currently doing, I can only share the best solution.
Create two routes, one for 'Create Order' and 'Capture Order', documented here. These routes should return/output only JSON data (no HTML or text).
Pair those two routes with the following approval flow: https://developer.paypal.com/demo/checkout/#/pattern/server
In the Capture Order route, before returning the JSON, examine the response for a PayPal transaction ID in the payments object and store this information in your database. If there is a new transaction ID, its status should be 'COMPLETED' or 'PENDING'. In the latter case, flag it for manual review in PayPal.com
Related
I am using the hosted form payment approach to accepting payments from users on my site. I dont see any examples of how to go about verifying the payment once the user is redirected back to my site. Here is how I'm trying to approach it:
Generate a token/form based on the cart
Post to the form url and send the user away
User returns to a verifying page
I have set up a webhook for all payment notifications
I receive the notification
?????
Verify the payment status and price are correct
Navigate the user away from the verifying screen to the next page
In step 6 all i have is the token that was generated for the transaction and the webhook doesnt provide that token back to me. How do I say "this transaction belongs to this user who is waiting to be verified"?
You can use the getTransactionDetailsRequest in their Transaction Reporting API to get the transaction details. The best place to put this information is in the refTransId field which is a value you can pass in as part of your transaction.
I'm using the hosted payment form with getHostedPaymentPageRequest
After successful payment the browser opens by success url correctly.
However, i dont know how to verify that payment was actually completed. I have the token from getHostedPaymentPageRequest, but i cant find an API to call to get the result of that transaction.
I can see that when using an IFrame we can use the IFrameCommunicator, but we would prefer to not use that.
How can i verify the transaction succeeeded after redirect back from the hosted payment page?
If you don't use the iframe you won't get the results of the transaction in real time. Your best option then is to use a webhook to receive a notification of the successful payment. You can then get the transaction info using the transaction ID provided by the webhook. But that would mean the user won't know the status of their payment when they arrive back at your site. For that to happen you'd have to build a mechanism that does the above and have your receipt page poll your backend until it has the results of the transaction and then can display them to the user.
I have created a REST web-service using springboot. It has users resoruce for below urls
/users => get the users in system.(GET)
/adduser => Post a new user.(POST)
/addFriend/{friendID} => this method is to add the friendID into the current logged-in friend(the user resource has friend list) now my doubt its Its a POST request of a GET request. Currently GET method has solved my problem. But I am not sure about the correct method which is right one logically.
No, Restful API targets resources and does not contain actions in the URI.
Example:
GET /users
=> get user list
GET /users/:userid
=> get info of a user via userid
POST /users
=> create a new user
DELETE /users/:userid
=> delete a user via userid
POST /users/:userid/friends
=>create a friendship and you can send body include ID of another user.(JSON/XML)
GET /users/:userid/friends/:friendid
=> check friend between two user maybe return friendshipID or true/false
It is a POST Request.
According to Wikipedia:
The GET method requests a representation of the specified resource. Requests using GET should only retrieve data and should have no other effect.
and
The POST method requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI. The data POSTed might be, for example, an annotation for existing resources; a message for a bulletin board, newsgroup, mailing list, or comment thread; a block of data that is the result of submitting a web form to a data-handling process; or an item to add to a database.
I am setting up an Authorize.Net DPM (Direct Post Method) payment gateway for a site. There is something I am fundamentally not understanding, and can't tie up the pieces.
The basic operation of DPM is that the merchant site - my site - provides a credit card form. That form is posted direct to Authorize.Net. After the CC and other posted details are authorized, Authorize.Net will POST the results back to my site. I'll refer to this as the callback post. Now here is where things don't quite tie up for me.
The callback POST comes direct from Authorize.Net and does not share a session with the user, so the POST handler only has the information that has been posted to hand. The amount (x_amount) and the Authorize.Net generated transaction ID (x_trans_id) are hashed with a pre-agreed secret and the Authorize.Net account login ID. This can be used to check the authenticity of the system providing that callback. From what I can tell, it is really just checking that the sender knows the pre-agreed secret.
So the only data I can trust in the callback is the amount and the gateway generated transaction ID (and this is the first point at which that ID is available to my site, so its value is meaningless).
What I cannot see, is how to tie the results of the authorisation back to the transaction that the end user is paying. There is no other data in the POST that can be trusted not to have been changed, and it does not pass on the merchant-generated ID anyway (a combination of x_fp_sequence and x_timestamp).
What I am expecting to be able to do in the callback is to take the result of the card authorisation, be sure that the result can be trusted, tie it back to the pending transaction stored in the database before the user posted the form to Authorize.Net, so that the transaction can be confidently marked as complete. But how?
I have worked with the SagePay Server gateway, and that also has a callback. However, the callback contains all the fields needed to tie the result back to the transaction being processed (it includes the merchant-generated transaction ID) and importantly it provides a hash of ALL the POSTed fields that need to be trusted so they can be checked.
So what am I overlooking? I can provide sample data if that helps to explain the issue. I'm using OmniPay and am extending the driver for this gateway.
This question is derived based on Django-Rest-Framework updating a foreign key BY Id.
I have a somewhat similar problem. I love HyperlinkedModelSerializer. I could navigate through all the links of the API from my web browser (e.g. Chrome, FF, etc.) but when I try to use the API, I have a much work to do in the client app. I have no issue with the GET request. In POST request when updating a model with ForeignKey, I need to construct the URL from the client app (e.g. AngularJS, Android, etc.) before making the POST request to the server. I'm aware of the ModelSerializer which solve the problem from the client app, but it is not navigable from the web browser.
I'm not sure what is a good approach in designing browsable REST API. I'm not sure how most people solve this problem, when they want to create a browsable REST API, at the same time, they don't want to add the complexity on the client app by having to parse the URL-ID before making POST request. Or could this be just my problem that no body encounter.
Why not HyperlinkedModelSerializer does the following instead.
return all the ForeignKey in URL upon GET request. So that developer could navigate the API from their web browser.
accepting ID upon POST request. So that developer could just pass the ID rather than having to construct the full URL from the client app.
Example:
c = Client()
data = {
'user': '1',
'industry': '1'
}
c.post('http://localhost:8000/favorite_industries/', json.dumps(data), 'application/json')
response = c.get('http://localhost:8000/favorite_industries/')
print(response.content)
# [{"id": 1, "user": "http://localhost:8000/users/1/", "industry": "http://localhost:8000/industries/1/"}]
Question:
What could be the advantage from the current design of HyperlinkedModelSerializer?
What could be the drawback from my suggestion?
How can it be done?
I don't see a need to construct URLs at all. When you are sending foreign keys, you are basically referencing another object. This other object you should already know its identifier. In your example, the user id is 1. If you build your API around HyperlinkedModelSerializer, user object will come with its own identifier: url. Before creating your favorite_industries object, you need to know which user to associate with. In normal situations you will have the user object including its url:
{
"url" : "http://localhost:8000/users/1",
"name": "Yeo"
}
All you need to do is sending this identifier as a foreign key:
data = {
'user': 'http://localhost:8000/users/1',
'industry': 'http://localhost:8000/industries/1'
}
I say in normal situations because usually in your client app ids are not entered by users but other info like name are displayed for the user to pick which mandates having the full user object including its url.