paypal chained payment (or adaptive) inside iOS app + server integration

Question

I want to implement paypal chained payment (is't one of the adaptive payment methods) within a marketplace iphone app and I want my server to be able to track all the payment steps to avoid multiple concurrent purchases on the same product (it's a physical product and it can't be purchased twice).

I read this docs from paypal about adaptive payment flow , this about mobile integration and this about IPN server side implementation.

Now the only way to achieve this seems doing the following:

1. when the user clicks on the pay button, the client calls our server to create a "pending" transaction for that product.
2. the client calls the native paypal sdk to present the payment view to the user with all information returned by our server.
3. paypal calls our server to notify about the completed payment and here the server completes the pending transaction previously created.
4. paypal calls the client to notify about the completed payment and here is shown the "thank-you" screen.

I wouldn't make this kind of things for these reasons:

• I have to put a "lock" on the product to avoid duplicate purchase: the only place I can put this lock is right before calling the paypal UI and then unlock it in case the user cancels the operation. What about if the user stays on the paypal confirmation for long time? I could put a timeout on the server (for 1 hour for example) but this wouldn't avoid the user to complete the purchase after that period!
• I have to set the payment details (like the amount and the receiver email) from the client. As I wrote, I could use the data provided by the server but this would lead me in several security and complexity issues.
• Using the native sdk the user can choose from one of their existing shipping addresses, but he can't create or edit a new one. I have to ask for the shipping address outside paypal and pass this data to my own server.

Any suggestions?

Answer 1

At the end the working approach for us was using paypal preapproval. if you don't know what a preapproval is, imagine a bank rid: you ask the user the permission to charge him at anytime, in our case we charge the seller for a fee commission when he sells an item.

keeping the seller outside of the transaction flow, permitted us to let the buyer completes the checkout using the express checkout implementation, from within an embedded webview.

with this technique, you are basically asking the buyer to pre-authorize a payment. after he grants the permission you pass a secret token back to your webserver where the real payment is performed (along with any other secure validation).

after moving the money from the buyer to the seller, we charge the seller for the transaction using the preapproval.

please let me note that at the end we are not using the real paypal chained payment, but for us this approach was good and everything seems to work fine by now.