January 26, 2012 at 21:58

Introducing PayPal Standard Checkout

Connect PayPal Standard Checkout

This guide sequentially describes my experience with implementing PayPal Standard Checkout using the Java language on the Google App Engine platform. This article is intended for people who already have experience with the GAE cloud platform.

Task

It took me to integrate the PayPal payment system on my own project website which will provide a subscription service. Having started working with the PayPal Express Checkout API, after a while it came to the realization that the payment acceptance system is becoming too cumbersome, while the ready-made Standard Checkout buttons lack the necessary flexibility that is required when integrating the site with other payment systems.
The solution was found in using the Standard Checkout tools that PayPal provides to developers of third-party “baskets” for the site.



Change Account Type

In order to start accepting payments using the PayPal payment system, the first thing we need to do is change the type of account. When you first register with PayPal, we are given a standard type of account - “Personal”, you can only pay for goods and services with it. To automate the acceptance of payments, the type of account is “Premier” or “Business”. The difference between account types can be seen in the comparison table . In general, the difference is that the “Business” account provides the use of the account by different users. Since this feature is needed only in large enterprises, we select the “Premier” type. The type of account is indicated in the upper left corner under the words “Welcome ...”

Payment Notification

There are two methods of notification of payment - Payment Data Transfer (PDT) and Instant Payment Notification (IPN). Since IPN has such advantages as asynchronous operation, we choose this method. See the Order Management Integration Guide for more information.

Disabling PDT:

“PayPal” - “Profile” - “My sales tools” - “Website settings” - “Transfer of payment information (optional)” - Off

IPN Activation:

“PayPal” - “Profile” - “My sales tools” - “Instant payment notifications” - “Change settings” - ““ Receive IPN messages (Enabled) ”and add“ Notification URL ””

Buyer return to seller’s website

After paying for the purchase in the PayPal merchant, the buyer is recommended to automatically send to the notification page of the successful payment or to the seller’s website. “PayPal” - “Profile” - “My sales tools” - “Website settings”.
“Auto Return” - On and specify the “return url”.

Creating accounts in the PayPal sandbox

To test the process of accepting payments, there is a so-called sandbox - sandbox. Real money is not behind the operations in the sandbox; we simply operate with numbers on the created virtual test accounts. After registering for PayPal Sandboxgo to the “Test accounts” section and create two “Preconfigured” accounts - one represents the buyer (Buyer), the other represents the seller (Seller). When creating a Seller account, its default type is “Business”. In testing, there is no difference between Premier and Business. When creating an account, it is recommended to enter any amount in the currency of the opened account. This amount will be spent or added depending on the operations between the created accounts. It is recommended that you write down the automatically generated email and password since these details are access to the accounts in the sandbox at www.sandbox.paypal.com

Specify Encoding Type

We work with data in UTF-8 encoding. To change the dodging, go to https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_profile-language-encoding Next, select the website language, save it, go back and after clicking the "Advanced Features" ( “More Options”) select the desired encoding.

Getting documentation

There are two ways to work with the PayPal merchant:
Using the PayPal Express Checkout API and using Standard Checkout.
The latter is simpler and best suited to receive payments for a small set of fixed goods or services. and select it. For a more detailed acquaintance with this method, it is advisable to download the Standard Checkout Integration Guide.

In addition, absolutely all documentation in PDF and HTML format can be found here.

Receipt of payment

The principle of operation of PayPal Standard Chechout is illustrated in the image.


  1. On the JSP page there is a POST request form indicating at least four parameters:
    • amount_1 - price of one unit of goods
    • business - email address of the seller's PayPal account (Seller account in the sandbox)
    • item_name_1 - product name
    • upload - notification that this “basket” was created by a third-party supplier

  2. After clicking on the form button, the buyer goes to the PayPal sandbox website at https://www.sandbox.paypal.com/cgi-bin/webscr where he needs to familiarize himself with the invoice and log in (Buyer account in the sandbox)
  3. The buyer is invited to pay the bill by clicking on the appropriate button.
  4. The buyer automatically goes to the seller’s website at the url specified in the seller’s profile or at the url specified in the return parameter of the POST form
  5. PayPal merchant sends an IPN POST request to the url specified in the profile


Payment Receive Notification (IPN)

The principle of operation of IPN is illustrated in the image.

  1. Waiting for a POST request from PayPal merchant
  2. We create a request to PayPal that contains exactly the same IPN variables with the received values, adding the header cmd = _notify-validate to the request
  3. We send a request to sandbox.paypal.com
  4. PayPal merchant must send a VERIFIED or INVALID message in response
  5. Check the status of the response, which should be a code of 200
  6. If the answer is the word VERIFIED, we do the following checks:
  7. If the verified response from the merchant PayPal has passed all the checks, we process the action based on the value of the txn_type variable if it exists. Otherwise, we process the action based on the value of the reason_code variable. The values ​​that these variables can take are specified in the Order Management Integration Guide
  8. If the answer is INVALID or the response code is not 200, we save the message for further proceedings


Work with GAE

JSP code of order.jsp page:

<%@ page contentType="text/html; charset=UTF-8" language="java" %>
// information about values of parameters please see at url
// https://www.paypal.com/en_US/pdf/PP_WebsitePaymentsStandard_IntegrationGuide.pdf
<%	
//	final String strMerchantUrl = "https://www.paypal.com/cgi-bin/webscr";
	final String strMerchantUrl = "https://www.sandbox.paypal.com/cgi-bin/webscr";
	final String strEmail = "email_of_seller";
	final String strDescription = "my item description";
	final String strAmount = "1.3";
	final String strCurrencyCode = "USD";
//	your counter of invoice
	String strInvoice = "234234234";
	final String returnUrl = "site_of_seller";
%>

 method="post" accept-charset="UTF-8">


The IPN code of the handler package payment.paypal.Ipn.java

package payment.paypal;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.util.logging.Logger;
import java.util.Enumeration;
import java.net.URLEncoder;
import java.net.URL;
import java.net.URLConnection;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@SuppressWarnings("serial")
public class Ipn extends HttpServlet {
	private static final Logger log = Logger.getLogger(Ipn.class.getName());
	public void doPost(HttpServletRequest req, HttpServletResponse resp)
			throws IOException {
		try {
			// read post from PayPal system and add 'cmd'
			Enumeration en = req.getParameterNames();
			String str = "cmd=_notify-validate";
			while (en.hasMoreElements()) {
				String paramName = (String) en.nextElement();
				String paramValue = req.getParameter(paramName);
				str = str + "&" + paramName + "=" + URLEncoder.encode(paramValue, "UTF-8");
			}
			// test log IPN string
			log.info("[Paypal IPN string] " + str);
			// post back to PayPal system to validate
			// URL url = new URL("https://www.paypal.com/cgi-bin/webscr");
			URL url = new URL("https://www.sandbox.paypal.com/cgi-bin/webscr");
			URLConnection conn = url.openConnection();
			conn.setDoOutput(true);
			conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
			OutputStreamWriter wr = new OutputStreamWriter(
					conn.getOutputStream());
			wr.write(str);
			wr.flush();
			// response from PayPal - VERIFIED or INVALID
			BufferedReader br = new BufferedReader(new InputStreamReader(
					conn.getInputStream()));
			String line = br.readLine();
			// test log check string
			log.info("[PayPal check string] " + line);
			wr.close();
			br.close();
			// assign posted variables to local variables
			String itemName = req.getParameter("item_name");
			String itemNumber = req.getParameter("item_number");
			String paymentStatus = req.getParameter("payment_status");
			String paymentAmount = req.getParameter("mc_gross");
			String paymentCurrency = req.getParameter("mc_currency");
			String txnId = req.getParameter("txn_id");
			String receiverEmail = req.getParameter("receiver_email");
			String payerEmail = req.getParameter("payer_email");
			// check notification validation
			if (line.equals("VERIFIED")) {
				// check that txnId has not been previously processed
				// check that receiverEmail is your Primary PayPal email
				// check that paymentAmount/paymentCurrency are correct
				// process payment
			} else if (line.equals("INVALID")) {
				// log for investigation
				log.warning(line);
			} else {
				// error
			}
		} catch (Exception e) {
			log.warning("[ipn] " + e);
		}
	}
}


Map paths in /war/WEB-INF/web.xml

Ipnpayment.paypal.IpnIpn/payment/paypal/ipn


Create the log configuration in the file /war/WEB-INF/appengine-web.xml



The article was written based on the topic http://habrahabr.ru/blogs/php/128198/ , and also after a long search on the Internet for a simple and convenient way to receive payment using PayPal. Of course, not all information is covered, for example, in the code there is no verification of the amount of payment. Without this check, a malicious user can save the html page of the form, edit the price downward and get, say, a digital product or a subscription at a price lower than the purchase price. Checks depend on the implementation of the service and require an individual approach when integrating a payment system on the seller’s website.
We used a sample Java / JSP code provided by PayPal.

This method can be used to pay for services, sell subscriptions to the service, goods, as well as replenish the balance of the user account on the site.

upd: specifying the encoding, thanks for the thought winbackgo
Tags:

Also popular now: