I want to process electronic payments. I am currently using PayPal but it costs too much. Many companies are able to provide electronic payments without using gateways. I imagine they use banks web service directly.
How does it work? Should the beneficiary of the payment open an account in that particular bank?. For instance how does "Pay with Square" work? Does it implement call to different banks?
Does any documentation exist?
Thanks
Many companies are able to provide electronic payments without using gateways. I imagine they use banks web service directly.
This is incorrect. Basically all web sites which process credit cards (including integrated services like Square) are using a payment gateway. There is generally no way for an average user to determine which one they use, as the details of the payment gateway are not generally exposed anywhere.
Note that PayPal's Express Checkout web frontend is not a gateway. PayFlow Pro is, though.
The customer's bank is never involved directly at all. A typical credit card transaction involves a number of different parties:
The customer
The merchant (e.g, you and your web site)
The payment gateway (e.g, PayPal w/ PayFlow Pro)
The payment processor (typically a bank, but not necessarily the customer's bank)
The credit card issuer (Visa, Mastercard, etc, possibly under contract with the customer's bank)
Of all of these parties, the one which you will communicate with directly is the payment gateway. Everything else is behind the scenes.
Related
i have successfully integrated coinbase commerce into my django app for receiving cryptocurrency payment from the users. However the site payment process involves receiving payment from a User A which is intended for User B into the site coinbase commerce wallet and then only after User B has completely handed over whatever was the value/asset been paid for, then the payment would go on to be forwarded finally to User B.
But the issue is that coinbase commerce has no facility for sending payments. and though payment can be sent with a python api on COINBASE, they are two seperate things and the money/coin in coinbase commerce would not be accessible from COINBASE even if it the same user/profile on the platform.
Please does anyone have a solution to this problem...even if it does not use coinbase commerce, the only requirement is that it uses a crypto payment gateway
I'm in the same stage with you, I think there is no such thing in commerce Coinbase but if you take a look at the Coinbase developer api you can see transfer money endpoint under the transactions title: https://developers.coinbase.com/api/v2#send-money But I couldn't understand why we need to have account_id, I just want to transfer money from my own account to users. You can also take a look at Coinbase Pro api, there may be something helpful for us.
I am trying to make my own payment gateway django application.I went through many payment gateway websites like paypal, razorpay. But I'm facing issues like how the processing should be and how the workflow should be.
I just need to integrate this with my other website, so this is secondary preference.so i need help that how can I create payment gateway django application.Any resources for the same or any online prebuild Github/Gitlab etc repository available.
I have some experience in django but i need to do this project within 10 hours.
I need to implement very basic functionality of what payment gateways does. No need to api. Just locally I will connect my payment gateway app to my other website.
I just want to show how payment gateway work locally means creating my own very basic payment gateway app. Credit card details etc will be fake. No real money transaction.
Remember: fake payments and I just want to develop and show how payment gateway work. A basic local app. Without real payment thing but virtual and fake.
Paypal are hounding me to change my current payment gateway that uses their API, and hand it over to a third party (that presumably will charge for the service) because of the PDS2 (Payment Service Directive - revised) which demands Strong Customer Authentication (SCA) unless a transaction is exempt. The extra info can be a password, fingerprint or phone, but details on how to use their API for this are missing.
Paypal's documentation is close to useless, but Stripe's documentation have information as to what constitutes an exempt transaction, and in fact that the PDS2 only applies if the business AND the customer's bank is in the European Economic Area (ref: https://stripe.com/en-nl/guides/strong-customer-authentication) and that the bank deems the transaction as risky.
The definition of a risky transaction is subjective and decided by the banks, so the implication is that we MUST enable SCA. I use django-paypal which provides helper functions and data structures for using paypal's API.
Paypal are not too good at supporting developers, and communication with their technical staff is impossible. So I emailed the developer of django-paypal, but I have not received a response (https://github.com/appsumo/django-paypal-1).
The deadline for this is September 2019, after which paypal warn of declined transactions and general pestilence if there is non-compliance with PDS2. The odd thing is, SCA was also introduced as a version 1 (PDS) back in 2015, and there were warnings of declined transactions then too.
For credit card, I currently use django-paypal doDirectPayment which uses paypal's DoDirectPayment which uses SOAP. I don't see anything in the doc about supplying credentials for SCA with these methods. I assume that I don't need to do anything extra for redirected paypal payments, as paypal control this payment process.
UPDATE
Paypal have consigned Cardinal Commerce to provide some kind of API, BUT this is client side only using Songbird.js. They indicate there is a serverside solution though...
Because Songbird is a client side JavaScript library it can only
interact with payment brands client side. Any interactions that
require server side implementations, such as our Cardinal Cruise
Hybrid integration, are out of scope for Songbird.js and the merchant
may need to integrate directly to the Cardinal Centinel platform
directly.
How to Signup and get LoginID and password to access RedBus Api?
From what it looks like, Redbus has not yet opened up the web service to the public. Aparently the web service exposed is for only Bus operators with their own credentials.
The API is open only to registered merchant or integrator. I got one and they will give based on your operation country. As in my case, I registered only for Malaysia, paid about 300 usd for the registration and given the api key. Although I would say their technical support is not the best as I've implemented in PHP and they didn't really have the expertise to support integration using PHP. The most problematic part is the seat selection process. The rest was quite straightforward.
I suggest that you take a look at their website and see what if there is any merchant registration link. As in my case, we came to their regional office and registered there.
I work for a company that develops a software product that processes bank transactions and gives the user insight into his/her spending. Our customers (usually banks) integrate the product into their online banks.
I have a question about securing the communication between the online bank, and our system. Before I ask the question, I want to give you some background.
The bank will usually install our system on a set of servers in their hosting environment.
We offer a number of ways to integrate:
Web services - In this case the bank will make calls to a set of REST services on the server, and then generate a webpage with the results (on the server side).
Iframes - In this case the bank will embed iframes in their online bank webpages. The iframes contain webpages rendered directly from our web application.
Inline widgets - In this case the bank will embed JavaScript references on their pages. When the document loads, the JavaScript widgets will render themselves, using AJAX calls. They communicate with a proxy on the bank server, which in turn communicates with our webapp.
We currently have a custom solution where we generate and sign security tokens for the users, and pass these with the requests.
But as banks have very strict security policies, they would feel better with us using a known and trusted security protocol for the communication. It is a big concern, which we want to address.
So the question is, which protocol is best suited for the integration use cases I listed above? There is a plethora of single-sign-on standards out there, and solutions like SAML, oauth, etc. I get the feeling that these solutions might be an overkill for my situation.
I want to find a solution that is simple. As the servers will run side by side in the same hosting environment, and trust each other completely, there is no need for the end user to authorize one or the other (or being redirected between, clicking buttons to give access to the app).
That is, the security protocol should not require any intervention from the end user. The end user simply logs into his/her online bank, and via secure communication has access to the data from our web server.
So...any suggestions?
Thanks a lot!
OGG
After some deliberation, we decided to use 2-legged OAuth (online bank uses consumer key and consumer secret to sign requests to our app).
OAuth signature can either be put in a request header, or request parameters. It nicely solves our problem, as the REST requests can be signed, and the IFRAME src URL-s can also be signed (all communication is over HTTPS).
For those interested, a couple of references:
This article shows using OAuth with IFRAMEs: http://developer.tradeshift.com/blog/cross-site-user-verification/
This article mentiones some security issues with OAuth, and how threats can countered: http://software-security.sans.org/blog/2011/03/07/oauth-authorization-attacks-secure-implementation