stackoom
  简体   繁体   中英

How to verify PayPal Express Checkout details on the server?

 原文  2017-10-12 22:06:12       php/ paypal

Question

I'm just now trying to get up to speed with PayPal Express Checkout (ie checkout.js), using the client-side REST integration described here . I see that when payment is complete, my onAuthorize function is invoked with a "payment" object.

I can't find any documentation on this object, but some poking at it reveals the following properties (at least today):

  • paymentToken
  • payerID
  • paymentID
  • intent
  • returnUrl

Now I need to redirect the user to the next step on my website, where I show a receipt confirming they've paid, etc. I guess I send the above data to the server, but since that step could be easily spoofed by a malicious user, I will need to verify those details in the PHP code, server side.

How do I do that?

2 answers

solution1
 4 ACCPTED  2017-10-13 05:50:31

You can make a GET call on your server side to /v1/payments/payment/PAY-XXXXXX with the paymentID and the payerID to get the payment details, and verify those details there.

https://developer.paypal.com/docs/integration/direct/express-checkout/integration-jsv4/advanced-payments-api/show-payment-details/

See https://developer.paypal.com/docs/api/overview/#make-your-first-call for some basics on calling the REST api from your server

solution2
 2  2017-10-12 22:22:46

Assuming you are using PayPal Encrypted Buttons , you don't actually need to verify the amounts sent through server-side. Although a user could indeed manipulate the $_POST data, PayPal's got you covered, and won't allow the transaction to go through. This is because PayPal Encrypted Buttons are generated with your variables such as price built-in to the ID. If the variables don't align with those used to create the button, the transaction is denied.

Alternatively, if you are simply using your own code to make the request, you can secure the payments with PayPal's Instant Payment Notification . Again, this allows any $_POST data to be sent through for the payment. Afterwards, PayPal makes a call to your IPN page in order to validate that the parameters are correct. This is demonstrated in the following workflow:

IPN流量

When communicating with your IPN, if PayPal finds that the values don't match up, the order is cancelled. Assuming that the values match up, you can safely redirect them to your confirmation page.

Hope this helps! :)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to show Product details in paypal express checkout Customize Prestashop Paypal Express Checkout Order Details How to integrate PayPal express checkout? How do I use omnipay to send a payment without credit card details using Paypal express checkout? Paypal - PHP - Express Checkout Server Side Rest Paypal Express Checkout Broken after Server migration Paypal Checkout Express doesn't show the order details How does SagePay work with PayPal Express Checkout? How to config IPN for PayPal Express Checkout? How to implement the Paypal Mobile Express Checkout..?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM