PayPal recurring payments misuse
Question
I have used PayPal REST api to implement subscriptions(recurring payment) in my website. I have to set one notify url to be notified of the payment made(eg monthly plan) by subscriptions plan through PayPal. PayPal call it as Instant Payment Notification.
My question is, can developer misuse that call to simulate call from PayPal? Because developer is aware of the notify url and parameters being passed to that method. Developer just needs to know the recurring_payment_id.
If it can be misused then what are the steps should I follow to prevent it. Please guide me.
1 answers
solution1
1 2015-07-29 18:40:45
Instant Payment Notifications does not work with Rest API, however, Rest API does have its own notifications that are sent back.
In order to use the Notifications for Rest API a developer is required to create Webhooks.
WebHooks and Notifications with PayPal Rest API
With the billing agreement Profile ID a developer can cancel an agreement, or suspend an agreement. A developer cannot obtain credit card data from PayPal.
Here is some of the information from the PayPal Developer site about recurring payments and billing agreement creation:
Even if someone were able to get a response back from the server it would simply be the status of the billing agreement. No account holder information is returned.
This is a sample response from the PayPal Developer Site: Retrieve an Agreement Rest API
{
"id": "I-0LN988D3JACS",
"state": "Pending",
"description": "New Description",
"plan": {
"payment_definitions": [
{
"type": "REGULAR",
"frequency": "Month",
"amount": {
"currency": "USD",
"value": "100.00"
},
"charge_models": [
{
"type": "TAX",
"amount": {
"currency": "USD",
"value": "12.00"
}
},
{
"type": "SHIPPING",
"amount": {
"currency": "USD",
"value": "10.00"
}
}
],
"cycles": "12",
"frequency_interval": "2"
}
],
"merchant_preferences": {
"setup_fee": {
"currency": "USD",
"value": "0.00"
},
"max_fail_attempts": "0",
"auto_bill_amount": "YES"
}
},
"links": [
{
"href": "https://api.sandbox.paypal.com/v1/payments/billing-agreements /I-0LN988D3JACS/suspend",
"rel": "suspend",
"method": "POST"
},
{
"href": "https://api.sandbox.paypal.com/v1/payments/billing-agreements/I-0LN988D3JACS/re-activate",
"rel": "re_activate",
"method": "POST"
},
{
"href": "https://api.sandbox.paypal.com/v1/payments/billing-agreements/I-0LN988D3JACS/cancel",
"rel": "cancel",
"method": "POST"
},
{
"href": "https://api.sandbox.paypal.com/v1/payments/billing-agreements/I-0LN988D3JACS/bill-balance",
"rel": "self",
"method": "POST"
},
{
"href": "https://api.sandbox.paypal.com/v1/payments/billing-agreements/I-0LN988D3JACS/set-balance",
"rel": "self",
"method": "POST"
}
],
"start_date": "2015-02-19T08:00:00Z",
"agreement_details": {
"outstanding_balance": {
"currency": "USD",
"value": "0.00"
},
"cycles_remaining": "12",
"cycles_completed": "0",
"final_payment_date": "2016-12-19T10:00:00Z",
"failed_payment_count": "0"
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.