PayPal PHP SDK executes billing agreement even if setup fee fails

Question

My problem is that billing agreements are successfully executed even if the setup fee is not paid. Looking at the logs, the IPN event notifiying that the setup fee failed and the agreement is cancelled typically takes 5-10 minutes to arrive, which is an insane amount of delay.

I am using the official PayPal PHP SDK at https://github.com/paypal/PayPal-PHP-SDK . It was deprecated a month ago, but its replacement is marked "not ready for production".

Billing plan details, with the intent to charge a $29.99/yr subscription. Setup fee is used to guarantee initial payment.

Per the 2 step process documented in https://paypal.github.io/PayPal-PHP-SDK/sample/ , with the wrapping try/catch blocks removed for legibility:

// Step 1: https://paypal.github.io/PayPal-PHP-SDK/sample/doc/billing/CreateBillingAgreementWithPayPal.html

use PayPal\Api\Agreement;
use PayPal\Api\MerchantPreferences;
use PayPal\Api\Payer;
use PayPal\Api\Plan;

/**
 * @var \PayPal\Rest\ApiContext $apiContext
 */
$plan = Plan::get('EXAMPLE-PLAN-ID', $apiContext);

$agreement = new Agreement();

date_default_timezone_set('America/Los_Angeles');
$agreement->setName($plan->getName())
    ->setDescription($plan->getDescription())
    // I'm not sure why +1 hour is used here, but that's how it is in the codebase.
    ->setStartDate(date('c', strtotime("+1 hour", time())));

$agreement->setPlan($plan);

/**
 * ------------------------------------------------------------------------------------------
 * I think overriding should be optional since they currently precisely match the given 
 * plan's data.  So for this particular plan, if I deleted everything between these comment
 * blocks, nothing bad should happen.
 * ------------------------------------------------------------------------------------------
 */
$preferences = new MerchantPreferences();
$preferences->setReturnUrl("https://www.example.com/actually-a-valid-site")
    ->setCancelUrl("https://www.example.com/actually-a-valid-site")
    ->setAutoBillAmount('no')
    ->setInitialFailAmountAction('CANCEL');

$agreement->setOverrideMerchantPreferences($preferences);
/**
 * ------------------------------------------------------------------------------------------
 * ------------------------------------------------------------------------------------------
 */

$payer = new Payer();
$payer->setPaymentMethod('paypal');
$agreement->setPayer($payer);

$agreement = $agreement->create($apiContext);
$approvalUrl = $agreement->getApprovalLink();

// This takes us to PayPal to login and confirm payment.
header("Location: ".$approvalUrl);

// Step 2: https://paypal.github.io/PayPal-PHP-SDK/sample/doc/billing/ExecuteAgreement.html

use PayPal\Api\Agreement;

/**
 * @var \PayPal\Rest\ApiContext $apiContext
 */
try {
    $agreement = new Agreement();
    $agreement->execute($_GET['token'], $apiContext);

    $agreement = Agreement::get($agreement->getId(), $apiContext);

    /**
     * I assume at this point the agreement is executed successfully.  Yet, the setup fee does not
     * have to be paid for us to get here.  This behavior is verified on live.
     */
} catch (\Exception $e) {
    // Do something.
}

I'm at a loss for what I'm doing wrong that would cause the billing agreement to execute even without the setup fee being paid. Help would be appreciated!

Here's how to create the Plan that was used:

use PayPal\Api\Currency;
use PayPal\Api\MerchantPreferences;
use PayPal\Api\Patch;
use PayPal\Api\PatchRequest;
use PayPal\Api\PaymentDefinition;
use PayPal\Api\Plan;
use PayPal\Common\PayPalModel;

$plan = new Plan();

$plan->setName('Test Name')
    ->setDescription('Test Description')
    ->setType('INFINITE');

$payment_definition = new PaymentDefinition();

$payment_definition->setName('Regular Payments')
    ->setType('REGULAR')
    ->setFrequency('YEAR')
    ->setFrequencyInterval(1)
    ->setCycles('0')
    ->setAmount(new Currency(['value' => '29.99', 'currency' => 'USD']));

$merchant_preferences = new MerchantPreferences();
$merchant_preferences->setReturnUrl'https://insert.actual.url.here')
    ->setCancelUrl('https://insert.actual.url.here')
    ->setAutoBillAmount('NO')
    ->setInitialFailAmountAction('CANCEL')
    ->setMaxFailAttempts('1')
    ->setSetupFee(new Currency(['value' => '29.99', 'currency' => 'USD']));

$plan->setPaymentDefinitions([$payment_definition]);
$plan->setMerchantPreferences($merchant_preferences);

$request = clone $plan;

try {
    /**
     * @var \Paypal\Rest\ApiContext $apiContext
     */
    $plan->create($apiContext);

    $patch = new Patch();
    $value = new PayPalModel(['state' => 'ACTIVE']);

    $patch->setOp('replace')
        ->setPath('/')
        ->setValue($value);

    $patchRequest = new PatchRequest();
    $patchRequest->addPatch($patch);

    if (!$plan->update($patchRequest, $apiContext)) {
        throw new \Exception("Failed to apply patch to plan.");
    }
    // Done.
} catch (\Exception $e) {
    // Some error handling.
    exit;
}

Answer 1

The replacement SDK is https://github.com/paypal/Checkout-PHP-SDK , which does not include any billing agreement or subscription use cases. For use cases not covered by that SDK, you should use a direct HTTPS integration. This is documented here: https://developer.paypal.com/docs/api/rest-sdks/

The code you are trying to use is for an obsolete SDK for an obsolete API (old version of billing agreements, not compatible with new subscriptions).

Here is the API you should integrate, with no SDK: https://developer.paypal.com/docs/subscriptions/

Answer 2

Turns out an exception is not supposed to be thrown for usual agreement execution. To check whether the setup was paid, check the value of $agreement->getState() after executing the agreement.