duanmibei1929 2012-02-03 15:04
浏览 88
已采纳

正确的PayPal适应性支付流程在众筹网站中流动。 我被卡住了

I am developing a crowd-funding site (similar to Kickstarter) using the CodeIgniter framework.

I "successfully" implemented PayPal's adaptive payments using this library.

But, I'm just not sure how to correctly and securely check for succesfull/failed payments and witch data is important to save to database.

Note: it's a chained delayed payment, I am the primary receiver, and the secondary receiver is the crowd-funding project creator. The money is transferred to the secondary receiver after a predetermined period of time.

The flow I have right now goes like this:

  1. User click to buy a reward.
  2. I use the 'Pay' API operation to request payment (unique TrackingID included) and save the request in the database.
  3. If the request is succesfull, I save some response data in the session (TrackingID, PayKey, amount, ...) and redirect to PayPal..
  4. In this step the user can: accept payment, cancel, or just close the browser, so I dont really know what happens here... (recommendations?)
  5. If the user accepts the payment, he is redirected back to my site and I use data I saved in the session to request a 'PaymentDetails' API operation to obtain information about the payment.
  6. I save the result in database and check to see if the response 'amount' is equal to the request 'amount' (for security).
  7. If everything went OK I update the database and connect the payment TrackingID with the user and the reward he bought.
  8. Later (can be months later), the 'ExecutePayment' API operation is requested by an admin, and the money is transferred from us to the project creator, and we take a small fee (thats how crowd-funding works...)

Now, I'm sure I'm missing lot of things but I have no idea what:

  1. What about the IPN API? I need it? Where it comes to play inside the flow and checks?
  2. What I do if the user closes the browser window when he is in PayPay (out of my site).
  3. I heard that the PayKey is valid for 3 hours, how can I 'ExecutePayment' after months?
  4. How I handle the enormous amount of error types in the PayPal API?
  5. Any tips or examples of others things I need to take care of? Security? Errors? Others?

Thank you very much, I really need your answer!

  • 写回答

1条回答 默认 最新

  • dongtang1997 2012-02-04 03:29
    关注

    1. IPN will automatically POST data to your "listener" (which you'd need to develop) in order to automate post-payment procedures. For example, you could update a database, hit 3rd party web services, generate email receipts, etc. within IPN so that those events happen automatically any time you receive money in your PayPal account. You can also set it up to handle refunds, disputes, and other events. It's not required, but often very useful.

    2. This is one reason IPN can be useful. IPN will be triggered whether the user makes it back to your site or not. If you're doing post-payment processing procedures within your thank you page or something like that, I'd recommend you move it into an IPN solution.

    3. The PayKey is indeed valid for 3 hours when being used as a token. When you call Pay with an ActionType of CREATE, though, it sets up a delayed payment and the PayKey is then valid for up to 90 days.

    4. The error information will always come back in the same format in the response. You can just log or display errors accordingly based on this standard response.

    5. Sounds like you're pretty much on top of everything for the most part.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂
  • ¥15 wordpress 产品图片 GIF 没法显示
  • ¥15 求三国群英传pl国战时间的修改方法
  • ¥15 matlab代码代写,需写出详细代码,代价私
  • ¥15 ROS系统搭建请教(跨境电商用途)
  • ¥15 AIC3204的示例代码有吗,想用AIC3204测量血氧,找不到相关的代码。